From 189c0fd3b789fdfb304c2afc3b18edda5075082b Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Tue, 5 Sep 2023 15:33:20 -0500 Subject: [PATCH] Disko --- disko.nix | 115 ++++++++++++++++++++++++++++++++++++ flake.nix | 55 ++++++----------- machines/musicbox-disks.nix | 52 ---------------- machines/thinker-disks.nix | 60 ------------------- modules/fish.nix | 11 ---- 5 files changed, 132 insertions(+), 161 deletions(-) create mode 100644 disko.nix delete mode 100644 machines/musicbox-disks.nix delete mode 100644 machines/thinker-disks.nix delete mode 100644 modules/fish.nix diff --git a/disko.nix b/disko.nix new file mode 100644 index 0000000..ef1144e --- /dev/null +++ b/disko.nix @@ -0,0 +1,115 @@ +{}: { + standard = { disks ? [ "/dev/vda" ], ... }: { + # this is my standard partitioning scheme for my machines: an LUKS-encrypted + # btrfs volume + disko.devices = { + disk = { + primary = { + type = "disk"; + device = builtins.elemAt disks 0; + content = { + type = "gpt"; + partitions = { + ESP = { + label = "EFI"; + name = "ESP"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + extraOpenArgs = [ "--allow-discards" ]; + # if you want to use the key for interactive login be sure there is no trailing newline + # for example use `echo -n "password" > /tmp/secret.key` + keyFile = "/tmp/secret.key"; # Interactive + # settings.keyFile = "/tmp/password.key"; + # additionalKeyFiles = ["/tmp/additionalSecret.key"]; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; + unencrypted = { disks ? [ "/dev/vda" ], ... }: { + disko.devices = { + disk = { + primary = { + type = "disk"; + device = builtins.elemAt disks 0; + content = { + type = "gpt"; + partitions = { + ESP = { + label = "EFI"; + name = "ESP"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ ]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = [ "compress=zstd" ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} + diff --git a/flake.nix b/flake.nix index e67f748..00219cf 100644 --- a/flake.nix +++ b/flake.nix @@ -1,46 +1,25 @@ -# Welcome to my nix config! I'm just getting started with flakes, so please -# forgive the mess. - -# TODO: declarative disks with https://github.com/nix-community/disko -# TODO: home-manager? - { - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; + inputs = + let + followedInput = url: { + url = url; + inputs.nixpkgs.follows = "nixpkgs"; + }; + in + { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; - # TODO: this could be a release tarball? fully recompiling this on every change suuuucks - api-lyte-dev.url = "git+ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git"; + # TODO: this could be a release tarball? fully recompiling this on every change suuuucks + api-lyte-dev = followedInput "git+ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git"; - home-manager = { - url = "github:nix-community/home-manager/release-23.05"; - - # use the version of nixpkgs we specified above rather than the one HM would ordinarily use - inputs.nixpkgs.follows = "nixpkgs"; + home-manager = followedInput "github:nix-community/home-manager/release-23.05"; + disko = followedInput "github:nix-community/disko/master"; # NOTE: lock update! + sops-nix = followedInput "github:Mic92/sops-nix"; + helix = followedInput "github:helix-editor/helix"; }; - disko = { - url = "github:nix-community/disko/master"; # NOTE: lock update! - - # use the version of nixpkgs we specified above rather than the one HM would ordinarily use - inputs.nixpkgs.follows = "nixpkgs"; - }; - - sops-nix = { - url = "github:Mic92/sops-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - helix = { - url = "github:helix-editor/helix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - }; - - outputs = inputs: { - diskoConfigurations = { - encryptedUefiBtrfs = import ./machines/thinker-disks.nix; - normalUefiBtrfs = import ./machines/musicbox-disks.nix; - }; + outputs = { self, ... }@inputs: { + diskoConfigurations = import ./disko.nix; homeConfigurations = let system = "x86_64-linux"; diff --git a/machines/musicbox-disks.nix b/machines/musicbox-disks.nix deleted file mode 100644 index 885040d..0000000 --- a/machines/musicbox-disks.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ disks ? [ "/dev/vda" ], ... }: { - disko.devices = { - disk = { - # TODO: would be nice to give this a good name? - primary = { - type = "disk"; - device = builtins.elemAt disks 0; - content = { - type = "gpt"; - partitions = { - ESP = { - label = "EFI"; - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ - "defaults" - ]; - }; - }; - root = { - size = "100%"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ ]; - }; - "/home" = { - mountpoint = "/home"; - mountOptions = [ "compress=zstd" ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - }; - }; - }; - }; - }; - }; - }; - }; -} - diff --git a/machines/thinker-disks.nix b/machines/thinker-disks.nix deleted file mode 100644 index b0e7ef8..0000000 --- a/machines/thinker-disks.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ disks ? [ "/dev/vda" ], ... }: { - disko.devices = { - disk = { - vdb = { - type = "disk"; - device = builtins.elemAt disks 0; - content = { - type = "gpt"; - partitions = { - ESP = { - label = "EFI"; - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ - "defaults" - ]; - }; - }; - luks = { - size = "100%"; - content = { - type = "luks"; - name = "crypted"; - extraOpenArgs = [ "--allow-discards" ]; - # if you want to use the key for interactive login be sure there is no trailing newline - # for example use `echo -n "password" > /tmp/secret.key` - keyFile = "/tmp/secret.key"; # Interactive - # settings.keyFile = "/tmp/password.key"; - # additionalKeyFiles = ["/tmp/additionalSecret.key"]; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/home" = { - mountpoint = "/home"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - }; - }; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/modules/fish.nix b/modules/fish.nix deleted file mode 100644 index 5dc9b4e..0000000 --- a/modules/fish.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, pkgs, ... }: - -let - unstable = import { config = { allowUnfree = true; }; }; -in { - programs.fish = { - enable = true; - }; - environment.systemPackages = [ unstable.fish ]; -} -