This commit is contained in:
Daniel Flanagan 2023-09-05 15:33:20 -05:00
parent c47019b66c
commit 189c0fd3b7
5 changed files with 132 additions and 161 deletions

115
disko.nix Normal file
View file

@ -0,0 +1,115 @@
{}: {
standard = { disks ? [ "/dev/vda" ], ... }: {
# this is my standard partitioning scheme for my machines: an LUKS-encrypted
# btrfs volume
disko.devices = {
disk = {
primary = {
type = "disk";
device = builtins.elemAt disks 0;
content = {
type = "gpt";
partitions = {
ESP = {
label = "EFI";
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
extraOpenArgs = [ "--allow-discards" ];
# if you want to use the key for interactive login be sure there is no trailing newline
# for example use `echo -n "password" > /tmp/secret.key`
keyFile = "/tmp/secret.key"; # Interactive
# settings.keyFile = "/tmp/password.key";
# additionalKeyFiles = ["/tmp/additionalSecret.key"];
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
};
};
};
};
};
};
};
};
};
};
unencrypted = { disks ? [ "/dev/vda" ], ... }: {
disko.devices = {
disk = {
primary = {
type = "disk";
device = builtins.elemAt disks 0;
content = {
type = "gpt";
partitions = {
ESP = {
label = "EFI";
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
};
};
};
};
};
};
};
};
};
}

View file

@ -1,46 +1,25 @@
# Welcome to my nix config! I'm just getting started with flakes, so please
# forgive the mess.
# TODO: declarative disks with https://github.com/nix-community/disko
# TODO: home-manager?
{ {
inputs = { inputs =
let
followedInput = url: {
url = url;
inputs.nixpkgs.follows = "nixpkgs";
};
in
{
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
# TODO: this could be a release tarball? fully recompiling this on every change suuuucks # TODO: this could be a release tarball? fully recompiling this on every change suuuucks
api-lyte-dev.url = "git+ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git"; api-lyte-dev = followedInput "git+ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git";
home-manager = { home-manager = followedInput "github:nix-community/home-manager/release-23.05";
url = "github:nix-community/home-manager/release-23.05"; disko = followedInput "github:nix-community/disko/master"; # NOTE: lock update!
sops-nix = followedInput "github:Mic92/sops-nix";
# use the version of nixpkgs we specified above rather than the one HM would ordinarily use helix = followedInput "github:helix-editor/helix";
inputs.nixpkgs.follows = "nixpkgs";
}; };
disko = { outputs = { self, ... }@inputs: {
url = "github:nix-community/disko/master"; # NOTE: lock update! diskoConfigurations = import ./disko.nix;
# use the version of nixpkgs we specified above rather than the one HM would ordinarily use
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
helix = {
url = "github:helix-editor/helix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs: {
diskoConfigurations = {
encryptedUefiBtrfs = import ./machines/thinker-disks.nix;
normalUefiBtrfs = import ./machines/musicbox-disks.nix;
};
homeConfigurations = homeConfigurations =
let let
system = "x86_64-linux"; system = "x86_64-linux";

View file

@ -1,52 +0,0 @@
{ disks ? [ "/dev/vda" ], ... }: {
disko.devices = {
disk = {
# TODO: would be nice to give this a good name?
primary = {
type = "disk";
device = builtins.elemAt disks 0;
content = {
type = "gpt";
partitions = {
ESP = {
label = "EFI";
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
};
};
};
};
};
};
};
};
}

View file

@ -1,60 +0,0 @@
{ disks ? [ "/dev/vda" ], ... }: {
disko.devices = {
disk = {
vdb = {
type = "disk";
device = builtins.elemAt disks 0;
content = {
type = "gpt";
partitions = {
ESP = {
label = "EFI";
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
extraOpenArgs = [ "--allow-discards" ];
# if you want to use the key for interactive login be sure there is no trailing newline
# for example use `echo -n "password" > /tmp/secret.key`
keyFile = "/tmp/secret.key"; # Interactive
# settings.keyFile = "/tmp/password.key";
# additionalKeyFiles = ["/tmp/additionalSecret.key"];
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
};
};
};
};
};
};
};
};
};
}

View file

@ -1,11 +0,0 @@
{ config, pkgs, ... }:
let
unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
in {
programs.fish = {
enable = true;
};
environment.systemPackages = [ unstable.fish ];
}