kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

feat: fuuuck

Browse source
This commit is contained in:
Kat Inskip 2025-12-04 03:40:39 -08:00
parent 4c6f2aa34a
commit 077753652f
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
5 changed files with 92 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

14
TODO.md Normal file
View file

@ -0,0 +1,14 @@
# To-dos
## New service deployments
- [ ] Fauna
- [ ] Immich
## Migrations
- [ ] Move away from flakes to either npins or lon (not that they replied; https://github.com/nikstur/lon/issues/57#issue-3652308987)
- [ ] Move to a setup similar to https://notashelf.dev/posts/impermanence - investigate encrypted swap WITH hibernation support
- [ ] Move away from gmail fully
- [ ] Move away from Discord primarily
- [ ] Move away from Spotify fully

1
nixos/hardware/amd.nix
View file

@ -3,6 +3,7 @@
blacklistedKernelModules = ["k10temp"];
extraModulePackages = [config.boot.kernelPackages.zenpower];
kernelModules = ["zenpower"];
kernelParams = ["microcode.amd_sha_check=off"];
};
services.ucodenix.enable = true;
}

1
nixos/profiles/bootable/loader-config-limit.nix
View file

@ -4,5 +4,6 @@ _: {
grub.configurationLimit = 8;
systemd-boot.configurationLimit = 8;
};
lanzaboote.configurationLimit = 5;
};
}

79
systems/koishi.nix
View file

@ -1,6 +1,8 @@
_: let
hostConfig = {
tree,
pkgs,
utils,
lib,
...
}: let
@ -37,9 +39,9 @@ _: let
};
};
swap = rec {
raw = "/dev/disk/by-id/nvme-CT1000P5PSSD8_22343AC9A481-part2";
result = {
device = raw;
device = "/dev/mapper/cryptswap";
options = ["x-systemd.device-timeout=15s" "nofail" "x-systemd.wants=systemd-cryptsetup@cryptswap.service"];
randomEncryption = false; # fix hibernation
};
};
@ -56,6 +58,7 @@ _: let
laptop
gaming
performance
secureboot
])
++ (with tree.nixos.environments; [
niri
@ -88,19 +91,87 @@ _: let
datasetEntries
// {
"/boot" = drives.boot.result;
"/boot-keystore" = {
#neededForBoot = true;
device = "/dev/mapper/boot-keystore";
fsType = "ext4";
noCheck = true;
options = ["ro"];
};
};
systemd.enableEmergencyMode = true;
boot.initrd = {
systemd = {
emergencyAccess = true;
mounts = let
inherit (utils) escapeSystemdPath;
# maybe add a require for the /dev/mapper
sysrooty = escapeSystemdPath "/sysroot";
requiredBy = [
"${sysrooty}.mount"
]; #"systemd-cryptsetup@cryptswap.service" ];
requires = ["systemd-cryptsetup@boot-keystore.service"];
in [
{
where = "/boot-keystore";
what = "/dev/mapper/boot-keystore";
type = "ext4";
options = "ro";
unitConfig = {
};
before = requiredBy;
wantedBy = requiredBy;
inherit requires;
after = requires;
}
{
where = "/sysroot/boot-keystore";
what = "/boot-keystore";
type = "none";
options = "bind";
unitConfig = {
RequiresMountsFor = [
"/boot-keystore"
"/sysroot"
];
};
}
];
};
luks.devices = {
"boot-keystore".device = "/dev/disk/by-uuid/d80f77bb-fd82-43dd-9aa4-05da8d2b6154";
"cryptswap" = {
device = "/dev/disk/by-uuid/94948ee7-8c89-4b60-bd8c-68171b488d19";
keyFile = "/boot-keystore/swapkey";
};
};
};
environment.etc.crypttab = let
raw = "/dev/disk/by-uuid/94948ee7-8c89-4b60-bd8c-68171b488d19";
in {
mode = "0600";
text = ''
cryptswap ${raw} /boot-keystore/swapkey keyfile-timeout=5s
'';
};
#boot.resumeDevice = "/dev/mapper/cryptswap";
swapDevices = [
drives.swap.result
];
environment.systemPackages = [
pkgs.e2fsprogs
];
powerManagement.enable = true;
boot = {
loader = {
grub.useOSProber = true;
#systemd-boot.enable = lib.mkForce false;
systemd-boot.enable = true;
};
zfs = {
forceImportRoot = false;

2
tf/services.tf
View file

@ -93,7 +93,7 @@ resource "cloudflare_record" "webmail" {
proxied = false
ttl = 3600
type = "CNAME"
value = "rinnosukeinskip.me"
value = "rinnosuke.inskip.me"
zone_id = local.zone_ids.kittywitch
}