start modularising NixOS config for several hosts

First step in modularising the NixOS config, with a focus on separation of host-specific and common configs. Common modules still need to be split up and refined, several TODOs and FIXUPs remain in code. But the config builds fine on thinknix. Roughly based on/ inspired by https://johns.codes/blog/organizing-system-configs-with-nixos#using-nixos
2024-01-09 23:48:38 +01:00 · 2024-01-09 23:48:38 +01:00 · 993308a2d3
commit 993308a2d3
parent 0639633b0d
11 changed files with 239 additions and 159 deletions
--- a/hosts/thinknix/default.nix
+++ b/hosts/thinknix/default.nix
@ -0,0 +1,28 @@
+{ config, lib, pkgs, inputs, ...}:
+{
+  imports = [
+    ../../common
+
+    ./hardware-configuration.nix
+    ./storage.nix
+    ./swap.nix
+    # FIXME: move this to common, conditional enabling
+    ./secureboot.nix
+  ];
+
+
+  hardware.trackpoint = {
+    enable = true;
+    sensitivity = 180;
+    speed = 180;
+  };
+
+  networking.hostName = "thinknix";
+
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "18.09"; # Did you read the comment?
+}
--- a/hosts/thinknix/hardware-configuration.nix
+++ b/hosts/thinknix/hardware-configuration.nix
@ -0,0 +1,20 @@
+{ config, lib, pkgs, modulesPath, inputs, ... }:
+
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [];
+
+  nix.settings.max-jobs = lib.mkDefault 4;
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+
+  # modesetting is always better than intel (legacy)
+  services.xserver.videoDrivers = [ "modesetting" ];
+
+}
--- a/hosts/thinknix/secureboot.nix
+++ b/hosts/thinknix/secureboot.nix
@ -0,0 +1,20 @@
+{ config, lib, pkgs, inputs, ...}:
+{  
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # UEFI secure boot
+  environment.systemPackages = [
+    pkgs.sbctl
+  ];
+  # Lanzaboote currently replaces the systemd-boot module.
+  # This setting is usually set to true in configuration.nix
+  # generated at installation time. So we force it to false
+  # for now.
+  boot.loader.systemd-boot.enable = lib.mkForce false;
+
+  boot.lanzaboote = {
+    enable = true;
+    pkiBundle = "/etc/secureboot";
+  };
+
+}
--- a/hosts/thinknix/storage.nix
+++ b/hosts/thinknix/storage.nix
@ -0,0 +1,67 @@
+{ config, lib, pkgs, inputs, ...}:
+let
+  fsOptions = [ "noatime" "ssd" "space_cache" "compress=zstd" ];
+in
+{
+  # encrypted partitions
+  boot.initrd.luks = {
+    devices =
+      # allow discards on all devices
+      builtins.mapAttrs (name: val: val // {allowDiscards = true;})
+      {
+        "system".device = "/dev/disk/by-uuid/85154131-b2a8-4ef5-9d74-47429cb267ef";
+        "cryptswap".device = "/dev/disk/by-uuid/ac586df6-6332-4809-beb1-f51906a2adaa";
+        "ssd2".device = "/dev/disk/by-uuid/cadd4e1f-3642-4faa-8d4e-37dd85465df1";
+      };
+      reusePassphrases = true;
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/cb5998ae-cfc9-447f-8756-1ceaec6ca4c4";
+      fsType = "btrfs";
+      options = fsOptions ++ [ "subvol=nixos_root" ];
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-uuid/DED9-661B";
+      fsType = "vfat";
+      options = [ "discard" ];
+    };
+
+    "/home" = {
+      device = "/dev/disk/by-uuid/cb5998ae-cfc9-447f-8756-1ceaec6ca4c4";
+      fsType = "btrfs";
+      options = fsOptions ++ [ "subvol=home" ];
+    };
+
+    "/var/tmp" = {
+      device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15";
+      fsType = "btrfs";
+      options = fsOptions ++ [ "subvol=vartmp" ];
+    };
+
+    "/var/log" = {
+      device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15";
+      fsType = "btrfs";
+      options = fsOptions ++ [ "subvol=varlog" ];
+    };
+
+    "/var/cache" = {
+      device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15";
+      fsType = "btrfs";
+      options = fsOptions ++ [ "subvol=varcache" ];
+    };
+  };
+
+  services.fstrim.enable = true;
+  services.btrfs.autoScrub = {
+    enable = true;
+    fileSystems = [ "/" "/home" ];
+  };
+
+
+  boot.tmp.useTmpfs = true;
+  fileSystems."/tmp".fsType = "tmpfs";
+
+}
--- a/hosts/thinknix/swap.nix
+++ b/hosts/thinknix/swap.nix
@ -0,0 +1,12 @@
+{
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/bf928178-4e92-4e7e-8df2-18fbd658eecf"; }
+  ];
+
+  zramSwap = {
+    enable = true;
+    memoryPercent = 20;
+  };
+
+  boot.kernel.sysctl."vm.swappiness" = 9;
+}