From 8bad6194bcacc6a72f5c4d11cae25ac82cae9091 Mon Sep 17 00:00:00 2001 From: Jimbo Date: Thu, 14 Nov 2024 02:29:05 -0500 Subject: [PATCH] Add back the PineBook for later and make etc immutable --- flake.lock | 42 ++++---- flake.nix | 1 + hosts/axolotl/boot/default.nix | 40 ++++++++ hosts/axolotl/default.nix | 29 ++++++ hosts/axolotl/disko/default.nix | 96 +++++++++++++++++++ hosts/axolotl/hardware/default.nix | 29 ++++++ hosts/axolotl/id_ed25519.pub | 1 + modules/home/files/default.nix | 2 +- modules/system/devices/boot/default.nix | 1 - .../system/devices/boot/extlinux/default.nix | 18 ---- modules/system/devices/disks/default.nix | 1 + .../devices/disks/immutable/default.nix | 4 + modules/system/services/general/default.nix | 1 + .../system/services/general/keyd/default.nix | 2 +- .../services/general/userborn/default.nix | 5 + modules/system/settings/default.nix | 1 + .../system/settings/documentation/default.nix | 5 +- modules/system/settings/minimal/default.nix | 10 ++ 18 files changed, 245 insertions(+), 43 deletions(-) create mode 100644 hosts/axolotl/boot/default.nix create mode 100644 hosts/axolotl/default.nix create mode 100644 hosts/axolotl/disko/default.nix create mode 100644 hosts/axolotl/hardware/default.nix create mode 100644 hosts/axolotl/id_ed25519.pub delete mode 100644 modules/system/devices/boot/extlinux/default.nix create mode 100644 modules/system/devices/disks/immutable/default.nix create mode 100644 modules/system/services/general/userborn/default.nix create mode 100644 modules/system/settings/minimal/default.nix diff --git a/flake.lock b/flake.lock index f14edd2..4635dbe 100644 --- a/flake.lock +++ b/flake.lock @@ -61,11 +61,11 @@ ] }, "locked": { - "lastModified": 1731060864, - "narHash": "sha256-aYE7oAYZ+gPU1mPNhM0JwLAQNgjf0/JK1BF1ln2KBgk=", + "lastModified": 1731274291, + "narHash": "sha256-cZ0QMpv5p2a6WEE+o9uu0a4ma6RzQDOQTbm7PbixWz8=", "owner": "nix-community", "repo": "disko", - "rev": "5e40e02978e3bd63c2a6a9fa6fa8ba0e310e747f", + "rev": "486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc", "type": "github" }, "original": { @@ -203,11 +203,11 @@ }, "hardware": { "locked": { - "lastModified": 1730919458, - "narHash": "sha256-yMO0T0QJlmT/x4HEyvrCyigGrdYfIXX3e5gWqB64wLg=", + "lastModified": 1731403644, + "narHash": "sha256-T9V7CTucjRZ4Qc6pUEV/kpgNGzQbHWfGcfK6JJLfUeI=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "e1cc1f6483393634aee94514186d21a4871e78d7", + "rev": "f6581f1c3b137086e42a08a906bdada63045f991", "type": "github" }, "original": { @@ -240,11 +240,11 @@ }, "impermanence": { "locked": { - "lastModified": 1730403150, - "narHash": "sha256-W1FH5aJ/GpRCOA7DXT/sJHFpa5r8sq2qAUncWwRZ3Gg=", + "lastModified": 1731242966, + "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=", "owner": "nix-community", "repo": "impermanence", - "rev": "0d09341beeaa2367bac5d718df1404bf2ce45e6f", + "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a", "type": "github" }, "original": { @@ -310,11 +310,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1731030299, - "narHash": "sha256-PwtzMWPJhz9Rn/0rzQfMb6icSA6DtJZKCuK88IwFSos=", + "lastModified": 1731375802, + "narHash": "sha256-CvWPEzrl2EA3xrtg9X6K8aqV7T5r0SaDz6PLpGA0yIY=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "11ca743d2e4602d5b8bfc8d65303f969d58ec338", + "rev": "b873a123366b9a62f9262414ada8d83b03f1f0bf", "type": "github" }, "original": { @@ -401,11 +401,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1730883749, - "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=", + "lastModified": 1731239293, + "narHash": "sha256-q2yjIWFFcTzp5REWQUOU9L6kHdCDmFDpqeix86SOvDc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede", + "rev": "9256f7c71a195ebe7a218043d9f93390d49e6884", "type": "github" }, "original": { @@ -416,11 +416,11 @@ }, "nur": { "locked": { - "lastModified": 1731065793, - "narHash": "sha256-BzqzhXtRif4sY3C88yTyuNxKA0UgR97iA7JVhWd+Sog=", + "lastModified": 1731508175, + "narHash": "sha256-CvW2AqSvTwjSB2nyR/8Ab9ZCzShDkaZkwlUUgw1EJ4M=", "owner": "nix-community", "repo": "NUR", - "rev": "11b502b497b58f04eb7acd9463d72a6aab9bbc5a", + "rev": "ce861b4f99968fd26b93534f5d86c4f9df99964f", "type": "github" }, "original": { @@ -543,11 +543,11 @@ }, "unstable": { "locked": { - "lastModified": 1730785428, - "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", + "lastModified": 1731139594, + "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7", + "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index f42e846..2c88776 100644 --- a/flake.nix +++ b/flake.nix @@ -76,6 +76,7 @@ nixosConfigurations = { tower = mkNix [ ./hosts/tower ]; # Main Desktop + axolotl = mkNix [ ./hosts/axolotl ]; # PineBook Pro lacros = mkNix [ ./hosts/lacros ]; # Dell Chromebook redmond = mkNix [ ./hosts/redmond ]; # Lenovo Dual-Boot Laptop pomme = mkNix [ ./hosts/treefruit ]; # Macbook Pro 14,1 diff --git a/hosts/axolotl/boot/default.nix b/hosts/axolotl/boot/default.nix new file mode 100644 index 0000000..3e8b22b --- /dev/null +++ b/hosts/axolotl/boot/default.nix @@ -0,0 +1,40 @@ +{ pkgs, ... }: +{ + boot = { + kernelPackages = pkgs.linuxPackages_latest; + kernel.sysctl."vm.max_map_count" = 2147483642; + + initrd = { + systemd = { + enable = true; + services.root-reset = { + description = "Reset BTRFS root and snapshot last boot"; + wantedBy = [ "initrd.target" ]; + after = [ "dev-nixos-root.device" ]; + before = [ "sysroot.mount" ]; + unitConfig.DefaultDependencies = "no"; + serviceConfig.Type = "oneshot"; + script = '' + mkdir -p /mnt + mount /dev/nixos/root /mnt + + if [[ -e /mnt/@prev ]]; then + btrfs subvolume delete /mnt/@prev + fi + + btrfs subvolume snapshot /mnt/@ /mnt/@prev + + btrfs subvolume list -o /mnt/@ | cut -f9 -d' ' | while read subvolume; do + btrfs subvolume delete "/mnt/$subvolume" + done + + btrfs subvolume delete /mnt/@ + btrfs subvolume create /mnt/@ + + umount /mnt + ''; + }; + }; + }; + }; +} diff --git a/hosts/axolotl/default.nix b/hosts/axolotl/default.nix new file mode 100644 index 0000000..ca454b1 --- /dev/null +++ b/hosts/axolotl/default.nix @@ -0,0 +1,29 @@ +{ config, ... }: +{ + imports = [ + ./boot + ./disko + ./hardware + + # Apps and programs + ../../modules/system + ../../modules/system/accounts + ../../modules/system/desktop + ../../modules/system/programs + ../../modules/system/services + + # Devices and hardware + ../../modules/system/devices + ../../modules/system/devices/boot/systemd + ../../modules/system/devices/networking/wireless + ../../modules/system/devices/networking/firewall/pc + ../../modules/system/devices/networking/wireguard/pc + + # Extras + ../../overlays + ../../variables + ]; + + networking.hostName = "redmond"; + networking.wireguard.interfaces."${config.ips.wgInt}".ips = [ "${config.ips.wgSpan}.20/24" ]; +} diff --git a/hosts/axolotl/disko/default.nix b/hosts/axolotl/disko/default.nix new file mode 100644 index 0000000..e52c45d --- /dev/null +++ b/hosts/axolotl/disko/default.nix @@ -0,0 +1,96 @@ +{ disko, config, ... }: +{ + imports = [ disko.nixosModules.disko ]; + + disko.devices = { + disk = { + "${config.networking.hostName}" = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "2G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "fmask=0022" "dmask=0022" ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypt-nvme"; + settings.allowDiscards = true; + passwordFile = "/tmp/secret.key"; + content = { + type = "lvm_pv"; + vg = "${config.networking.hostName}"; + }; + }; + }; + }; + }; + }; + }; + + lvm_vg = { + "${config.networking.hostName}" = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/prev" = { + mountpoint = "/prev"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + + # Impermanence + "/persist" = { + mountpoint = "/persist"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/persist/.snapshots" = { }; + + "/jimbo" = { + mountpoint = "/persist/home/jimbo"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/jimbo/.snapshots" = { }; + }; + }; + }; + swap = { + size = "8G"; + content = { + type = "swap"; + discardPolicy = "both"; + }; + }; + }; + }; + }; + }; + + # Needed for impermanence + fileSystems = { + "/persist".neededForBoot = true; + "/persist/home/jimbo".neededForBoot = true; + }; +} diff --git a/hosts/axolotl/hardware/default.nix b/hosts/axolotl/hardware/default.nix new file mode 100644 index 0000000..d064383 --- /dev/null +++ b/hosts/axolotl/hardware/default.nix @@ -0,0 +1,29 @@ +{ config, lib, pkgs, modulesPath, ... }: +{ + boot = { + kernelModules = [ "kvm-amd" ]; + initrd = { + availableKernelModules = [ + "xhci_pci" + "ahci" + "ehci_pci" + "sd_mod" + "sr_mod" + "sdhci_pci" + "rtsx_usb_sdmmc" + ]; + }; + }; + + fileSystems = { + "/home/jimbo/JimboNFS" = { + device = "${config.ips.wgSpan}.1:/export/JimboNFS"; + fsType = "nfs4"; + options = ["x-systemd.automount" "_netdev" "nofail" "noauto"]; + }; + }; + + networking.useDHCP = lib.mkDefault true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/axolotl/id_ed25519.pub b/hosts/axolotl/id_ed25519.pub new file mode 100644 index 0000000..4fd4ec5 --- /dev/null +++ b/hosts/axolotl/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG9uITpyw5WgxT7UnswueFtyWxAqQCZv4h9DfcDkr+kn diff --git a/modules/home/files/default.nix b/modules/home/files/default.nix index 02463b6..652029d 100644 --- a/modules/home/files/default.nix +++ b/modules/home/files/default.nix @@ -1,4 +1,4 @@ -{ pkgs, config, ... }: { +{ pkgs, ... }: { home.file = { ".face" = { source = ./assets/pfp.png; diff --git a/modules/system/devices/boot/default.nix b/modules/system/devices/boot/default.nix index 45b5587..2107873 100644 --- a/modules/system/devices/boot/default.nix +++ b/modules/system/devices/boot/default.nix @@ -1,7 +1,6 @@ { ... }: { imports = [ - ./extlinux ./lanzaboote ./systemd ]; diff --git a/modules/system/devices/boot/extlinux/default.nix b/modules/system/devices/boot/extlinux/default.nix deleted file mode 100644 index a6bb3c7..0000000 --- a/modules/system/devices/boot/extlinux/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ lib, config, ... }: -{ - options.system.extlinux = { - enable = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Enable Lanzaboote and force disable Systemd-boot"; - }; - }; - - config = lib.mkIf config.system.extlinux.enable { - boot.loader = { - generic-extlinux-compatible.enable = true; - systemd-boot.enable = lib.mkForce false; - grub.enable = lib.mkForce false; - }; - }; -} diff --git a/modules/system/devices/disks/default.nix b/modules/system/devices/disks/default.nix index 75fc04d..652aa03 100644 --- a/modules/system/devices/disks/default.nix +++ b/modules/system/devices/disks/default.nix @@ -3,6 +3,7 @@ imports = [ ./btrfs ./filesystems + ./immutable ./impermanence ./snapper ]; diff --git a/modules/system/devices/disks/immutable/default.nix b/modules/system/devices/disks/immutable/default.nix new file mode 100644 index 0000000..fa74dde --- /dev/null +++ b/modules/system/devices/disks/immutable/default.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + system.etc.overlay.mutable = false; +} diff --git a/modules/system/services/general/default.nix b/modules/system/services/general/default.nix index ddc173a..66b999b 100644 --- a/modules/system/services/general/default.nix +++ b/modules/system/services/general/default.nix @@ -10,5 +10,6 @@ ./ssh ./sunshine ./tlp + ./userborn ]; } diff --git a/modules/system/services/general/keyd/default.nix b/modules/system/services/general/keyd/default.nix index 08b0024..d501469 100644 --- a/modules/system/services/general/keyd/default.nix +++ b/modules/system/services/general/keyd/default.nix @@ -33,7 +33,7 @@ "9" = "f9"; "0" = "f10"; "-" = "f11"; - "=" = "f12"; + #"=" = "f12"; }; }; }; diff --git a/modules/system/services/general/userborn/default.nix b/modules/system/services/general/userborn/default.nix new file mode 100644 index 0000000..425bfbf --- /dev/null +++ b/modules/system/services/general/userborn/default.nix @@ -0,0 +1,5 @@ +{ ... }: +{ + # Enable this when 24.11 drops + #services.userborn.enable = true; +} diff --git a/modules/system/settings/default.nix b/modules/system/settings/default.nix index de2fbae..6544304 100644 --- a/modules/system/settings/default.nix +++ b/modules/system/settings/default.nix @@ -3,6 +3,7 @@ imports = [ ./documentation ./fonts + ./minimal ./nix ]; } diff --git a/modules/system/settings/documentation/default.nix b/modules/system/settings/documentation/default.nix index 209176c..13fb7e1 100644 --- a/modules/system/settings/documentation/default.nix +++ b/modules/system/settings/documentation/default.nix @@ -1,7 +1,10 @@ { ... }: { documentation = { - nixos.enable = false; + doc.enable = false; info.enable = false; + nixos.enable = false; }; + + programs.command-not-found.enable = true; } diff --git a/modules/system/settings/minimal/default.nix b/modules/system/settings/minimal/default.nix new file mode 100644 index 0000000..0b9712e --- /dev/null +++ b/modules/system/settings/minimal/default.nix @@ -0,0 +1,10 @@ +{ ... }: +{ + environment = { + defaultPackages = [ ]; + stub-ld.enable = false; + }; + + programs.less.lessopen = null; + services.logrotate.enable = false; +}