modularise out filesystem configuration, put /var/{tmp,cache,log} onto spare SSD

2020-04-10 14:53:21 +02:00 · 2020-04-10 14:53:21 +02:00 · 3734b2d852
parent 28d1fe6bbc
commit 3734b2d852
3 changed files with 52 additions and 36 deletions
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@ -5,7 +5,6 @@
 { config, pkgs, ... }:

 let
-  fsOptions = [ "noatime" "ssd" "space_cache" "compress=zstd" ];
  unstable = import <nixos-unstable> {};

 in
@ -19,22 +18,6 @@ in
      <home-manager/nixos>
    ];

-  # encrypted partitions
-  boot.initrd.luks =
-    {
-      devices =
-        {
-          "system".device = "/dev/disk/by-uuid/85154131-b2a8-4ef5-9d74-47429cb267ef";
-          "cryptswap".device = "/dev/disk/by-uuid/ac586df6-6332-4809-beb1-f51906a2adaa";
-        };
-      reusePassphrases = true;
-    };
-
-  fileSystems."/".options = fsOptions ++ [ "subvol=nixos_root" "noatime" ];
-  fileSystems."/home".options = fsOptions ++ [ "subvol=home" "relatime" ];
-  boot.tmpOnTmpfs = true;
-  fileSystems."/tmp".fsType = "tmpfs";
-
  services.davfs2.enable = true;

  # try newer kernels
@ -71,8 +54,6 @@ in
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

-  boot.kernelParams = [ "iwlwifi.fw_monitor=1" ]; # enable iwlwifi debugging
-
  networking.hostName = "thinknix";
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.

@ -93,6 +74,11 @@ in
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  programs.bash.enableCompletion = true;
+  programs.wireshark =
+    {
+      enable = true;
+      package = pkgs.wireshark-qt;
+    };
  # programs.mtr.enable = true;
  # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };

@ -101,7 +87,7 @@ in
  # Enable the OpenSSH daemon.
  # services.openssh.enable = true;

-  programs.ssh.startAgent = true;
+  #programs.ssh.startAgent = true;

  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
@ -127,10 +113,6 @@ in
      enable = true;
      extraBackends = [ pkgs.hplip ];
    };
-  #  nixpkgs.config.allowUnfreePredicate = (
-  #    pkg:
-  #      pkg.name == pkgs.hplipWithPlugin.name
-  #  );

  # Enable sound.
  sound.enable = true;
@ -164,7 +146,7 @@ in
  xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-kde ];

  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.extraUsers.spiollinux = {
+  users.users.spiollinux = {
    isNormalUser = true;
    uid = 1000;
    extraGroups = [ "vboxusers" "wheel" "networkmanager" "scanner" "lp" "wireshark" "dialout" "cdrom" "input" ];
@ -176,21 +158,13 @@ in
  virtualisation.virtualbox.host.enable = true;
  users.extraGroups.vboxusers.members = [ "spiollinux" ];

-  # wireshark noroot gropu
-  users.groups.wireshark.gid = 500;
-  security.wrappers.dumpcap = {
-    source = "${pkgs.wireshark}/bin/dumpcap";
-    permissions = "u+xs,g+x";
-    owner = "root";
-    group = "wireshark";
-  };
-
  programs.zsh =
    {
      enable = true;
      autosuggestions.enable = true;
    };

+  # profile sync daemon
  services.psd.enable = true;

  services.smartd =
--- a/nixos/hardware-configuration.nix
+++ b/nixos/hardware-configuration.nix
@ -1,5 +1,9 @@
 { config, lib, pkgs, ... }:

+
+let
+  fsOptions = [ "noatime" "ssd" "space_cache" "compress=zstd" ];
+in
 {
  imports =
    [
@ -16,10 +20,23 @@
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [];

+  # encrypted partitions
+  boot.initrd.luks =
+    {
+      devices =
+        {
+          "system".device = "/dev/disk/by-uuid/85154131-b2a8-4ef5-9d74-47429cb267ef";
+          "cryptswap".device = "/dev/disk/by-uuid/ac586df6-6332-4809-beb1-f51906a2adaa";
+          "ssd2".device = "/dev/disk/by-uuid/cadd4e1f-3642-4faa-8d4e-37dd85465df1";
+        };
+      reusePassphrases = true;
+    };
+
  fileSystems."/" =
    {
      device = "/dev/disk/by-uuid/cb5998ae-cfc9-447f-8756-1ceaec6ca4c4";
      fsType = "btrfs";
+      options = fsOptions ++ [ "subvol=nixos_root" ];
    };

  fileSystems."/boot" =
@ -33,8 +50,33 @@
    {
      device = "/dev/disk/by-uuid/cb5998ae-cfc9-447f-8756-1ceaec6ca4c4";
      fsType = "btrfs";
+      options = fsOptions ++ [ "subvol=home" ];
    };

+    fileSystems."/var/tmp" =
+      {
+        device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15";
+        fsType = "btrfs";
+        options = fsOptions ++ [ "subvol=vartmp" ];
+      };
+
+    fileSystems."/var/log" =
+      {
+        device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15";
+        fsType = "btrfs";
+        options = fsOptions ++ [ "subvol=varlog" ];
+      };
+
+    fileSystems."/var/cache" =
+      {
+        device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15";
+        fsType = "btrfs";
+        options = fsOptions ++ [ "subvol=varcache" ];
+      };
+
+    boot.tmpOnTmpfs = true;
+    fileSystems."/tmp".fsType = "tmpfs";
+
  swapDevices =
    [
      { device = "/dev/disk/by-uuid/bf928178-4e92-4e7e-8df2-18fbd658eecf"; }
--- a/nixos/packages.nix
+++ b/nixos/packages.nix
@ -71,8 +71,8 @@
    #kmailtransport
    #kmbox
    #kmime
-    kontact
-    kontactinterface
+    #kontact
+    #kontactinterface
    #korganizer
    #kpimtextedit
    #libkdepim