diff --git a/flake.lock b/flake.lock index 923378c..5523caf 100644 --- a/flake.lock +++ b/flake.lock @@ -74,22 +74,6 @@ "inputs": { "systems": "systems" }, - "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", - "path": "/nix/store/pgid9c9xfcrbqx2giry0an0bi0df7s5c-source", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", - "type": "path" - }, - "original": { - "id": "flake-utils", - "type": "indirect" - } - }, - "flake-utils_2": { - "inputs": { - "systems": "systems_2" - }, "locked": { "lastModified": 1681202837, "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", @@ -133,11 +117,11 @@ ] }, "locked": { - "lastModified": 1705476964, - "narHash": "sha256-W5OK1fnj4qdn1HWOlxV2S3YiUvfaVjQM5ldWVpGV1fs=", + "lastModified": 1703113038, + "narHash": "sha256-oxkyzjpD+mNT7arzU/zHrkNHLuY9tKwmnD2MNaZiSDw=", "owner": "nix-community", "repo": "home-manager", - "rev": "85c3b600f660abd86e94cbcd1c46733943197a07", + "rev": "0c2353d5d930c3d93724df6858aef064a31b3c00", "type": "github" }, "original": { @@ -152,7 +136,7 @@ "crane": "crane", "flake-compat": "flake-compat", "flake-parts": "flake-parts", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "nixpkgs": "nixpkgs", "pre-commit-hooks-nix": "pre-commit-hooks-nix", "rust-overlay": "rust-overlay" @@ -206,11 +190,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1705312285, - "narHash": "sha256-rd+dY+v61Y8w3u9bukO/hB55Xl4wXv4/yC8rCGVnK5U=", + "lastModified": 1702453208, + "narHash": "sha256-0wRi9SposfE2wHqjuKt8WO2izKB/ASDOV91URunIqgo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "bee2202bec57e521e3bd8acd526884b9767d7fa0", + "rev": "7763c6fd1f299cb9361ff2abf755ed9619ef01d6", "type": "github" }, "original": { @@ -222,11 +206,11 @@ }, "nixos-unstable": { "locked": { - "lastModified": 1705496572, - "narHash": "sha256-rPIe9G5EBLXdBdn9ilGc0nq082lzQd0xGGe092R/5QE=", + "lastModified": 1703013332, + "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "842d9d80cfd4560648c785f8a4e6f3b096790e19", + "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", "type": "github" }, "original": { @@ -270,11 +254,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1705458851, - "narHash": "sha256-uQvEhiv33Zj/Pv364dTvnpPwFSptRZgVedDzoM+HqVg=", + "lastModified": 1703068421, + "narHash": "sha256-WSw5Faqlw75McIflnl5v7qVD/B3S2sLh+968bpOGrWA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8bf65f17d8070a0a490daf5f1c784b87ee73982c", + "rev": "d65bceaee0fb1e64363f7871bc43dc1c6ecad99f", "type": "github" }, "original": { @@ -286,11 +270,11 @@ }, "nur": { "locked": { - "lastModified": 1705602701, - "narHash": "sha256-FkR40ElbG1pW3f/mpSzbRON9Tjx5pkT2IBWNtd3YKDQ=", + "lastModified": 1703159048, + "narHash": "sha256-TcW0kf7nd/OEZwwxPs1y07YU4oZe18ezolScRbXXWZA=", "owner": "nix-community", "repo": "NUR", - "rev": "66c3aec51e9d40381a053798de41b5e477d4b665", + "rev": "9ef37017837733a76fe18680264fcd815df1eea6", "type": "github" }, "original": { @@ -332,7 +316,6 @@ }, "root": { "inputs": { - "flake-utils": "flake-utils", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "logseq-fix-nixpkgs": "logseq-fix-nixpkgs", @@ -340,8 +323,7 @@ "nixos-hardware": "nixos-hardware", "nixos-unstable": "nixos-unstable", "nixpkgs": "nixpkgs_2", - "nur": "nur", - "utils": "utils" + "nur": "nur" } }, "rust-overlay": { @@ -383,54 +365,6 @@ "repo": "default", "type": "github" } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "utils": { - "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 21a0317..b03bfc7 100644 --- a/flake.nix +++ b/flake.nix @@ -14,7 +14,6 @@ url = "github:nix-community/lanzaboote/v0.3.0"; # deliberately do _not_ follow the nixpkgs input here, because paranoia and test coverage }; - utils.url = "github:numtide/flake-utils"; nur.url = "github:nix-community/NUR"; # TODO: possible make this a flake as well @@ -26,47 +25,42 @@ }; outputs = - { self, nixpkgs, nur, lanzaboote, flake-utils, home-manager, ... }@inputs: + { self, nixpkgs, nur, lanzaboote, ... }@inputs: let - # FIXME: allow different systems - systems = flake-utils.lib.system; - # necessary to make the top-level inputs available to system configuration - defaultModules = [ - { _module.args = { inherit inputs; }; } - ]; - mkSystem = system: extraModules: - nixpkgs.lib.nixosSystem rec { - modules = defaultModules ++ extraModules; - inherit system; + system = "x86_64-linux"; + pkgs = nixpkgs.legacyPackages.${system}; + in + { + + nixosConfigurations.thinknix = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ ./nixos/configuration.nix lanzaboote.nixosModules.lanzaboote ]; + # necessary to make the top-level inputs available to system configuration + specialArgs = { + #TODO: for system, consider moving to flake-utils + inherit inputs system; + }; }; - mkHomeManager = confName: user: system: # unfortunately, home-manager configs are still system-specific - # FIXME: this is thus still linux-x86_64 specific - home-manager.lib.homeManagerConfiguration { - pkgs = nixpkgs.legacyPackages.${system}; + homeConfigurations.spiollinux = inputs.home-manager.lib.homeManagerConfiguration { + inherit pkgs; + modules = [ { imports = [ nur.hmModules.nur - # TODO: $name can be utilised to conditionally load other config files ./home/home.nix ]; # extends the home config - home.username = user; - home.homeDirectory = "/home/${user}"; + home.username = "spiollinux"; + home.homeDirectory = "/home/spiollinux"; } ]; # Optionally use extraSpecialArgs # to pass through arguments to home.nix extraSpecialArgs = { + #TODO: for system, consider moving to flake-utils inherit inputs system; }; }; - in - { - nixosConfigurations = { - thinknix = mkSystem systems.x86_64-linux [ ./hosts/thinknix inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t440s lanzaboote.nixosModules.lanzaboote ]; - framenix = mkSystem systems.x86_64-linux [ ./hosts/framenix inputs.nixos-hardware.nixosModules.framework-13-7040-amd lanzaboote.nixosModules.lanzaboote ]; - }; - homeConfigurations.spiollinux = mkHomeManager "spiollinux" "spiollinux" systems.x86_64-linux; }; } diff --git a/hosts/framenix/default.nix b/hosts/framenix/default.nix deleted file mode 100644 index d3d828c..0000000 --- a/hosts/framenix/default.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ config, lib, pkgs, inputs, ...}: -{ - imports = [ - ../../common - - ./hardware-configuration.nix - ./storage.nix - ./swap.nix - ]; - - networking.hostName = "framenix"; # Define your hostname. - - # try newer kernels - boot.kernelPackages = pkgs.linuxPackages_latest; - - boot.loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system. - # - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "23.11"; # Did you read the comment? - - hardware.enableRedistributableFirmware = true; - - services.fwupd.enable = true; - - # I do not need fingerprint reading - services.fprintd.enable = false; - - environment.systemPackages = [ pkgs.radeontop ]; -} - diff --git a/hosts/framenix/hardware-configuration.nix b/hosts/framenix/hardware-configuration.nix deleted file mode 100644 index a731402..0000000 --- a/hosts/framenix/hardware-configuration.nix +++ /dev/null @@ -1,26 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp193s0f3u1c2.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/framenix/storage.nix b/hosts/framenix/storage.nix deleted file mode 100644 index 3efa655..0000000 --- a/hosts/framenix/storage.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ config, lib, pkgs, ... }: -let - fsOptions = [ "noatime" "ssd" "compress=zstd" ]; -in -{ - boot.initrd.luks = { - devices = - # allow discards on all devices - builtins.mapAttrs (name: val: val // {allowDiscards = true;}) - { - "system".device = "/dev/disk/by-uuid/1838cdc5-9b0b-4c46-9f23-9465549eeb92"; - "cryptswap".device = "/dev/disk/by-uuid/ded7d649-ab3a-42ee-ae4a-f8c4ba029e9c"; - }; - reusePassphrases = true; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/22388786-4285-403b-9994-e9aae1f11172"; - fsType = "btrfs"; - options = fsOptions ++ [ "subvol=nixos_root" ]; - }; - - "/home" = { - device = "/dev/disk/by-uuid/22388786-4285-403b-9994-e9aae1f11172"; - fsType = "btrfs"; - options = fsOptions ++ [ "subvol=home" ]; - }; - - "/boot" = { - device = "/dev/disk/by-uuid/AF8E-E9E6"; - fsType = "vfat"; - options = [ "discard" ]; - }; - }; - - services.fstrim.enable = true; - services.btrfs.autoScrub = { - enable = true; - fileSystems = [ "/" "/home" ]; - }; - - boot.tmp.useTmpfs = true; -} diff --git a/hosts/framenix/swap.nix b/hosts/framenix/swap.nix deleted file mode 100644 index 262809c..0000000 --- a/hosts/framenix/swap.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - swapDevices = - [ { device = "/dev/disk/by-uuid/24c47f3d-0d3e-4575-92a2-174b5a6b6086"; } - ]; - - zramSwap = { - enable = true; - memoryPercent = 20; - }; - - boot.kernel.sysctl."vm.swappiness" = 9; -} diff --git a/hosts/thinknix/default.nix b/hosts/thinknix/default.nix deleted file mode 100644 index 8451bc0..0000000 --- a/hosts/thinknix/default.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, lib, pkgs, inputs, ...}: -{ - imports = [ - ../../common - - ./hardware-configuration.nix - ./storage.nix - ./swap.nix - # FIXME: move this to common, conditional enabling - ./secureboot.nix - ]; - - - hardware.trackpoint = { - enable = true; - sensitivity = 180; - speed = 180; - }; - - networking.hostName = "thinknix"; - - - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "18.09"; # Did you read the comment? -} diff --git a/hosts/thinknix/hardware-configuration.nix b/hosts/thinknix/hardware-configuration.nix deleted file mode 100644 index f3e821a..0000000 --- a/hosts/thinknix/hardware-configuration.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, lib, pkgs, modulesPath, inputs, ... }: - - -{ - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = []; - - nix.settings.max-jobs = lib.mkDefault 4; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - # modesetting is always better than intel (legacy) - services.xserver.videoDrivers = [ "modesetting" ]; - -} diff --git a/hosts/thinknix/secureboot.nix b/hosts/thinknix/secureboot.nix deleted file mode 100644 index 6e20c35..0000000 --- a/hosts/thinknix/secureboot.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, lib, pkgs, inputs, ...}: -{ - boot.loader.efi.canTouchEfiVariables = true; - - # UEFI secure boot - environment.systemPackages = [ - pkgs.sbctl - ]; - # Lanzaboote currently replaces the systemd-boot module. - # This setting is usually set to true in configuration.nix - # generated at installation time. So we force it to false - # for now. - boot.loader.systemd-boot.enable = lib.mkForce false; - - boot.lanzaboote = { - enable = true; - pkiBundle = "/etc/secureboot"; - }; - -} diff --git a/hosts/thinknix/storage.nix b/hosts/thinknix/storage.nix deleted file mode 100644 index 358370f..0000000 --- a/hosts/thinknix/storage.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ config, lib, pkgs, inputs, ...}: -let - fsOptions = [ "noatime" "ssd" "space_cache" "compress=zstd" ]; -in -{ - # encrypted partitions - boot.initrd.luks = { - devices = - # allow discards on all devices - builtins.mapAttrs (name: val: val // {allowDiscards = true;}) - { - "system".device = "/dev/disk/by-uuid/85154131-b2a8-4ef5-9d74-47429cb267ef"; - "cryptswap".device = "/dev/disk/by-uuid/ac586df6-6332-4809-beb1-f51906a2adaa"; - "ssd2".device = "/dev/disk/by-uuid/cadd4e1f-3642-4faa-8d4e-37dd85465df1"; - }; - reusePassphrases = true; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/cb5998ae-cfc9-447f-8756-1ceaec6ca4c4"; - fsType = "btrfs"; - options = fsOptions ++ [ "subvol=nixos_root" ]; - }; - - "/boot" = { - device = "/dev/disk/by-uuid/DED9-661B"; - fsType = "vfat"; - options = [ "discard" ]; - }; - - "/home" = { - device = "/dev/disk/by-uuid/cb5998ae-cfc9-447f-8756-1ceaec6ca4c4"; - fsType = "btrfs"; - options = fsOptions ++ [ "subvol=home" ]; - }; - - "/var/tmp" = { - device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15"; - fsType = "btrfs"; - options = fsOptions ++ [ "subvol=vartmp" ]; - }; - - "/var/log" = { - device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15"; - fsType = "btrfs"; - options = fsOptions ++ [ "subvol=varlog" ]; - }; - - "/var/cache" = { - device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15"; - fsType = "btrfs"; - options = fsOptions ++ [ "subvol=varcache" ]; - }; - }; - - services.fstrim.enable = true; - services.btrfs.autoScrub = { - enable = true; - fileSystems = [ "/" "/home" ]; - }; - - - boot.tmp.useTmpfs = true; - fileSystems."/tmp".fsType = "tmpfs"; - - services.smartd = - { - enable = true; - devices = [{ device = "/dev/sda"; } { device = "/dev/sdb"; }]; - }; -} diff --git a/hosts/thinknix/swap.nix b/hosts/thinknix/swap.nix deleted file mode 100644 index 5aeb2bc..0000000 --- a/hosts/thinknix/swap.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - swapDevices = [ - { device = "/dev/disk/by-uuid/bf928178-4e92-4e7e-8df2-18fbd658eecf"; } - ]; - - zramSwap = { - enable = true; - memoryPercent = 20; - }; - - boot.kernel.sysctl."vm.swappiness" = 9; -} diff --git a/common/default.nix b/nixos/configuration.nix similarity index 79% rename from common/default.nix rename to nixos/configuration.nix index a5a7119..999c472 100644 --- a/common/default.nix +++ b/nixos/configuration.nix @@ -1,25 +1,67 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running `nixos-help`). + { config, pkgs, lib, inputs, ... }: let unstable = inputs.nixos-unstable; + localfork = import /home/spiollinux/src/nixpkgs { }; in { imports = [ - ./packages.nix - ./nitrokey.nix + # Include the results of the hardware scan. + ./hardware-configuration.nix + ./modules/packages.nix + ./modules/nitrokey.nix ]; services.davfs2.enable = true; + # try newer kernels + #boot.kernelPackages = pkgs.linuxPackages_latest; + + services.fstrim.enable = true; + services.btrfs.autoScrub = + { + enable = true; + fileSystems = [ "/" "/home" ]; + }; # exfat support #boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; + zramSwap = + { + enable = true; + memoryPercent = 20; + }; + boot.kernel.sysctl."vm.swappiness" = 9; + + boot.loader.efi.canTouchEfiVariables = true; + + # UEFI secure boot + environment.systemPackages = [ + pkgs.sbctl + ]; + # Lanzaboote currently replaces the systemd-boot module. + # This setting is usually set to true in configuration.nix + # generated at installation time. So we force it to false + # for now. + boot.loader.systemd-boot.enable = lib.mkForce false; + + boot.lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + }; + # make the boot look good boot.plymouth.enable = true; + networking.hostName = "thinknix"; + # configure console console = { font = "Lat2-Terminus16"; @@ -45,7 +87,7 @@ in programs.adb.enable = true; - programs.mtr.enable = true; + # programs.mtr.enable = true; # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; # List services that you want to enable: @@ -60,7 +102,6 @@ in # networking.firewall.allowedUDPPorts = [ ... ]; networking.firewall.allowedTCPPortRanges = [{ from = 1714; to = 1764; }]; networking.firewall.allowedUDPPortRanges = [{ from = 1714; to = 1764; }]; # for KDE connect - # FIXME: kdeconnect module # Or disable the firewall altogether. # networking.firewall.enable = false; @@ -142,7 +183,6 @@ in }; - # FIXME: at some point, hide GUI and sound (desktop vs. server) behind an option # Enable the X11 windowing system. services.xserver.enable = true; services.xserver.layout = "de"; @@ -158,7 +198,7 @@ in services.xserver.displayManager.sddm.enable = true; services.xserver.desktopManager.plasma5.enable = true; - # dconf required for several Gnome applications + # dconf required for several Gnome applications like Cawbird programs.dconf.enable = true; programs.firefox.enable = true; # enables support for automatically setting additionsl nativeMessagingHosts @@ -193,6 +233,12 @@ in # profile sync daemon services.psd.enable = true; + services.smartd = + { + enable = true; + devices = [{ device = "/dev/sda"; } { device = "/dev/sdb"; }]; + }; + fonts = { fontDir.enable = true; fontconfig.enable = true; @@ -255,5 +301,10 @@ in # stop NetworkManager from managing virtual interfaces networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "18.09"; # Did you read the comment? } diff --git a/nixos/hardware-configuration.nix b/nixos/hardware-configuration.nix new file mode 100644 index 0000000..5b903fc --- /dev/null +++ b/nixos/hardware-configuration.nix @@ -0,0 +1,95 @@ +{ config, lib, pkgs, modulesPath, inputs, ... }: + + +let + fsOptions = [ "noatime" "ssd" "space_cache" "compress=zstd" ]; +in +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + (inputs.nixos-hardware + "/lenovo/thinkpad/t440s") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = []; + + # encrypted partitions + boot.initrd.luks = + { + devices = + # allow discards on all devices + builtins.mapAttrs (name: val: val // {allowDiscards = true;}) + { + "system".device = "/dev/disk/by-uuid/85154131-b2a8-4ef5-9d74-47429cb267ef"; + "cryptswap".device = "/dev/disk/by-uuid/ac586df6-6332-4809-beb1-f51906a2adaa"; + "ssd2".device = "/dev/disk/by-uuid/cadd4e1f-3642-4faa-8d4e-37dd85465df1"; + }; + reusePassphrases = true; + }; + + fileSystems."/" = + { + device = "/dev/disk/by-uuid/cb5998ae-cfc9-447f-8756-1ceaec6ca4c4"; + fsType = "btrfs"; + options = fsOptions ++ [ "subvol=nixos_root" ]; + }; + + fileSystems."/boot" = + { + device = "/dev/disk/by-uuid/DED9-661B"; + fsType = "vfat"; + options = [ "discard" ]; + }; + + fileSystems."/home" = + { + device = "/dev/disk/by-uuid/cb5998ae-cfc9-447f-8756-1ceaec6ca4c4"; + fsType = "btrfs"; + options = fsOptions ++ [ "subvol=home" ]; + }; + + fileSystems."/var/tmp" = + { + device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15"; + fsType = "btrfs"; + options = fsOptions ++ [ "subvol=vartmp" ]; + }; + + fileSystems."/var/log" = + { + device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15"; + fsType = "btrfs"; + options = fsOptions ++ [ "subvol=varlog" ]; + }; + + fileSystems."/var/cache" = + { + device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15"; + fsType = "btrfs"; + options = fsOptions ++ [ "subvol=varcache" ]; + }; + + boot.tmp.useTmpfs = true; + fileSystems."/tmp".fsType = "tmpfs"; + + swapDevices = + [ + { device = "/dev/disk/by-uuid/bf928178-4e92-4e7e-8df2-18fbd658eecf"; } + ]; + + nix.settings.max-jobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + hardware.trackpoint = { + enable = true; + sensitivity = 180; + speed = 180; + }; + + + # modesetting is always better than intel (legacy) + services.xserver.videoDrivers = [ "modesetting" ]; + +} diff --git a/common/nitrokey.nix b/nixos/modules/nitrokey.nix similarity index 100% rename from common/nitrokey.nix rename to nixos/modules/nitrokey.nix diff --git a/common/packages.nix b/nixos/modules/packages.nix similarity index 98% rename from common/packages.nix rename to nixos/modules/packages.nix index 0a048cc..be11975 100644 --- a/common/packages.nix +++ b/nixos/modules/packages.nix @@ -15,7 +15,7 @@ python3 man-pages dnsutils - netcat-openbsd + netcat ntfs3g file multipath-tools