kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity
nixfiles/systems/koishi.nix

224 lines
5.3 KiB
Nix
Raw Blame History

_: let
hostConfig = {
tree,
pkgs,
utils,
lib,
...
}: let
inherit (lib.attrsets) nameValuePair listToAttrs;
datasets = [
"root"
"nix"
"games"
"home"
"var"
];
datasetEntry = dataset:
nameValuePair (
if dataset == "root"
then "/"
else "/${dataset}"
) {
neededForBoot =
if builtins.elem dataset ["home"]
then true
else false;
device = "zpool/${dataset}";
fsType = "zfs";
options = ["zfsutil"];
};
datasetEntries = listToAttrs (map datasetEntry datasets);
drives = {
boot = rec {
raw = "/dev/disk/by-uuid/BEDB-489E";
result = {
device = raw;
fsType = "vfat";
};
};
swap = rec {
result = {
device = "/dev/mapper/cryptswap";
options = ["x-systemd.device-timeout=15s" "nofail" "x-systemd.wants=systemd-cryptsetup@cryptswap.service"];
randomEncryption = false; # fix hibernation
};
};
};
in {
imports =
(with tree.nixos.hardware; [
framework
])
++ (with tree.nixos.profiles; [
graphical
quiet-boot
wireless
laptop
performance
secureboot
tiling
])
++ (with tree.nixos.environments; [
#niri
hyprland
]);
config = {
home-manager.users.kat = {
programs = {
konawall-py.settings = {
source = "konachan";
tags = [
"rating:s"
];
};
# niri.settings = {
# outputs = {
# "eDP-1".scale = 1.00;
# };
# };
};
wayland.windowManager.hyprland.settings.monitor = [
"eDP-1, 2256x1504, 0x0, 1"
];
imports =
(with tree.home.profiles; [
graphical
tiling
])
++ (with tree.home.environments; [
#niri
hyprland
]);
};
fileSystems =
datasetEntries
// {
"/boot" = drives.boot.result;
"/boot-keystore" = {
#neededForBoot = true;
device = "/dev/mapper/boot-keystore";
fsType = "ext4";
noCheck = true;
options = ["ro"];
};
};
systemd.enableEmergencyMode = true;
boot.initrd = {
systemd = {
emergencyAccess = true;
mounts = let
inherit (utils) escapeSystemdPath;
# maybe add a require for the /dev/mapper
sysrooty = escapeSystemdPath "/sysroot";
requiredBy = [
"${sysrooty}.mount"
]; #"systemd-cryptsetup@cryptswap.service" ];
requires = ["systemd-cryptsetup@boot-keystore.service"];
in [
{
where = "/boot-keystore";
what = "/dev/mapper/boot-keystore";
type = "ext4";
options = "ro";
unitConfig = {
};
before = requiredBy;
wantedBy = requiredBy;
inherit requires;
after = requires;
}
{
where = "/sysroot/boot-keystore";
what = "/boot-keystore";
type = "none";
options = "bind";
unitConfig = {
RequiresMountsFor = [
"/boot-keystore"
"/sysroot"
];
};
}
];
};
luks.devices = {
"boot-keystore".device = "/dev/disk/by-uuid/d80f77bb-fd82-43dd-9aa4-05da8d2b6154";
"cryptswap" = {
device = "/dev/disk/by-uuid/94948ee7-8c89-4b60-bd8c-68171b488d19";
keyFile = "/boot-keystore/swapkey";
};
};
};
environment.etc.crypttab = let
raw = "/dev/disk/by-uuid/94948ee7-8c89-4b60-bd8c-68171b488d19";
in {
mode = "0600";
text = ''
cryptswap ${raw} /boot-keystore/swapkey keyfile-timeout=5s
'';
};
#boot.resumeDevice = "/dev/mapper/cryptswap";
swapDevices = [
drives.swap.result
];
environment.systemPackages = [
pkgs.e2fsprogs
];
powerManagement.enable = true;
boot = {
loader = {
#systemd-boot.enable = lib.mkForce false;
};
zfs = {
forceImportRoot = false;
allowHibernation = true;
};
kernelModules = ["cros_ec" "cros_ec_lpcs"];
};
# optional, useful when the builder has a faster internet connection than yours
services = {
printing.enable = true;
syncthing = {
enable = true;
openDefaultPorts = true;
user = "kat";
dataDir = "/home/kat";
};
hardware.bolt.enable = true;
};
boot = {
supportedFilesystems = ["ntfs" "xfs"];
};
networking = {
hostId = "9ef75c48";
useDHCP = false;
};
system.stateVersion = "24.05";
};
};
in {
arch = "x86_64";
deploy.hostname = "10.1.1.171";
colmena.tags = [
"personal"
];
ci.enable = false; # Closure too large
type = "NixOS";
modules = [
hostConfig
];
}
Reference in a new issue View git blame Copy permalink