diff --git a/configs/filesystem.nix b/configs/filesystem.nix new file mode 100644 index 0000000..ec5b9be --- /dev/null +++ b/configs/filesystem.nix @@ -0,0 +1,65 @@ +{ + fileSystems = { + "/" = { + fsType = "btrfs"; + options = [ + "subvol=root" + "discard=async" + "compress=zstd" + "nodiratime" + "noatime" + ]; + }; + + "/home" = { + fsType = "btrfs"; + options = [ + "subvol=home" + "discard=async" + "compress=zstd" + "nodiratime" + "noatime" + ]; + }; + + "/nix" = { + fsType = "btrfs"; + options = [ + "subvol=nix" + "discard=async" + "compress=zstd" + "nodiratime" + "noatime" + ]; + }; + + "/persist" = { + fsType = "btrfs"; + options = [ + "subvol=persist" + "discard=async" + "compress=zstd" + "nodiratime" + "noatime" + ]; + neededForBoot = true; + }; + + "/var/log" = { + fsType = "btrfs"; + options = [ + "subvol=log" + "discard=async" + "compress=zstd" + "nodiratime" + "noatime" + ]; + neededForBoot = true; + }; + + "/boot" = { + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; + }; +}; \ No newline at end of file diff --git a/flake.nix b/flake.nix index 855d139..05b1af7 100644 --- a/flake.nix +++ b/flake.nix @@ -137,12 +137,22 @@ ./machine/nixos-vm/configuration.nix ]; }; + + nixos-virtualbox = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = {inherit inputs outputs;}; + modules = [ + inputs.sops-nix.nixosModules.sops + impermanence.nixosModules.impermanence + ./machine/nixos-virtualbox/configuration.nix + ]; + }; }; darwinConfigurations."MacBook" = nix-darwin.lib.darwinSystem { system = "aarch64-darwin"; modules = [ - ./machine/macbook/configuration.nix + ./machine/macbook/configuration.nix # home-manager.darwinModules.home-manager # { # home-manager.useGlobalPkgs = true; diff --git a/machine/desktop/hardware-configuration.nix b/machine/desktop/hardware-configuration.nix index e098121..d220656 100644 --- a/machine/desktop/hardware-configuration.nix +++ b/machine/desktop/hardware-configuration.nix @@ -7,75 +7,32 @@ }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") + ../../configs/filesystem.nix ]; fileSystems = { "/" = { device = "/dev/disk/by-uuid/87c6b0fb-b921-47d5-a3a1-4b4c0a4f02ad"; - fsType = "btrfs"; - options = [ - "subvol=root" - "discard=async" - "compress=zstd" - "nodiratime" - "noatime" - ]; }; "/home" = { device = "/dev/disk/by-uuid/87c6b0fb-b921-47d5-a3a1-4b4c0a4f02ad"; - fsType = "btrfs"; - options = [ - "subvol=home" - "discard=async" - "compress=zstd" - "nodiratime" - "noatime" - ]; }; "/nix" = { device = "/dev/disk/by-uuid/87c6b0fb-b921-47d5-a3a1-4b4c0a4f02ad"; - fsType = "btrfs"; - options = [ - "subvol=nix" - "discard=async" - "compress=zstd" - "nodiratime" - "noatime" - ]; }; "/persist" = { device = "/dev/disk/by-uuid/87c6b0fb-b921-47d5-a3a1-4b4c0a4f02ad"; - fsType = "btrfs"; - options = [ - "subvol=persist" - "discard=async" - "compress=zstd" - "nodiratime" - "noatime" - ]; - neededForBoot = true; }; "/var/log" = { device = "/dev/disk/by-uuid/87c6b0fb-b921-47d5-a3a1-4b4c0a4f02ad"; - fsType = "btrfs"; - options = [ - "subvol=log" - "discard=async" - "compress=zstd" - "nodiratime" - "noatime" - ]; - neededForBoot = true; }; "/boot" = { device = "/dev/disk/by-uuid/4339-5A4C"; - fsType = "vfat"; - options = ["fmask=0022" "dmask=0022"]; }; }; diff --git a/machine/framework/hardware-configuration.nix b/machine/framework/hardware-configuration.nix index 6cea8db..307e5f9 100644 --- a/machine/framework/hardware-configuration.nix +++ b/machine/framework/hardware-configuration.nix @@ -29,11 +29,6 @@ "noatime" ]; }; - # "/" = { - # device = "none"; - # fsType = "tmpfs"; - # options = ["defaults" "size=16G" "mode=755"]; - # }; "/home" = { device = "/dev/disk/by-uuid/20780bfe-5714-4c2f-bf53-7296b76cfbdc"; fsType = "btrfs"; diff --git a/machine/mini/hardware-configuration.nix b/machine/mini/hardware-configuration.nix index d88bc7f..f98ea94 100644 --- a/machine/mini/hardware-configuration.nix +++ b/machine/mini/hardware-configuration.nix @@ -1,10 +1,5 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. { - config, lib, - pkgs, modulesPath, ... }: { @@ -12,10 +7,14 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sr_mod"]; - boot.initrd.kernelModules = ["dm-snapshot"]; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; + boot = { + initrd = { + availableKernelModules = ["ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sr_mod"]; + kernelModules = ["dm-snapshot"]; + }; + + kernelModules = ["kvm-intel"]; + }; fileSystems = { "/" = { diff --git a/machine/nixos-virtualbox/configuration.nix b/machine/nixos-virtualbox/configuration.nix index ad2f1d0..b4c3771 100644 --- a/machine/nixos-virtualbox/configuration.nix +++ b/machine/nixos-virtualbox/configuration.nix @@ -17,7 +17,6 @@ validateSopsFiles = true; age = { sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"]; - keyFile = "/var/lib/sops-nix/key.txt"; generateKey = true; }; }; @@ -27,7 +26,43 @@ boot = { initrd = { enable = true; - supportedFilesystems = ["btrfs"]; + postResumeCommands = lib.mkAfter '' + mkdir -p /mnt + # We first mount the btrfs root to /mnt + # so we can manipulate btrfs subvolumes. + mount -o subvol=/ /dev/sda2 /mnt + + # While we're tempted to just delete /root and create + # a new snapshot from /root-blank, /root is already + # populated at this point with a number of subvolumes, + # which makes `btrfs subvolume delete` fail. + # So, we remove them first. + # + # /root contains subvolumes: + # - /root/var/lib/portables + # - /root/var/lib/machines + # + # I suspect these are related to systemd-nspawn, but + # since I don't use it I'm not 100% sure. + # Anyhow, deleting these subvolumes hasn't resulted + # in any issues so far, except for fairly + # benign-looking errors from systemd-tmpfiles. + btrfs subvolume list -o /mnt/root | + cut -f9 -d' ' | + while read subvolume; do + echo "deleting /$subvolume subvolume..." + btrfs subvolume delete "/mnt/$subvolume" + done && + echo "deleting /root subvolume..." && + btrfs subvolume delete /mnt/root + + echo "restoring blank /root subvolume..." + btrfs subvolume snapshot /mnt/root-blank /mnt/root + + # Once we're done rolling back to a blank snapshot, + # we can unmount /mnt and continue on the boot process. + umount /mnt + ''; }; }; @@ -36,14 +71,31 @@ hostName = "nixos-virtualbox"; # Define your hostname. }; + nix.settings = { + system-features = [ + "nixos-test" + "benchmark" + "big-parallel" + "gccarch-znver3" + ]; + trusted-substituters = ["https://ai.cachix.org"]; + trusted-public-keys = ["ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc="]; + }; + + # nixpkgs.localSystem = { + # gcc.arch = "znver3"; + # gcc.tune = "znver3"; + # system = "x86_64-linux"; + # }; + programs.nix-ld.enable = true; - # services = { - # k3s = { - # enable = true; - # role = "server"; - # }; - # }; + services = { + # k3s = { + # enable = true; + # role = "server"; + # }; + }; system.stateVersion = "24.11"; } diff --git a/machine/nixos-virtualbox/hardware-configuration.nix b/machine/nixos-virtualbox/hardware-configuration.nix index 7a8a4e8..ea6c364 100644 --- a/machine/nixos-virtualbox/hardware-configuration.nix +++ b/machine/nixos-virtualbox/hardware-configuration.nix @@ -1,56 +1,48 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. { - config, lib, - pkgs, modulesPath, ... }: { - imports = []; - boot.initrd.availableKernelModules = ["ata_piix" "ohci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = []; - boot.extraModulePackages = []; - fileSystems."/" = { - device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964"; - fsType = "btrfs"; - options = ["subvol=root" "compress=zstd" "noatime"]; - }; + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964"; + fsType = "btrfs"; + options = ["subvol=root" "compress=zstd" "noatime"]; + }; - fileSystems."/home" = { - device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964"; - fsType = "btrfs"; - options = ["subvol=home" "compress=zstd" "noatime"]; - }; + "/home" = { + device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964"; + fsType = "btrfs"; + options = ["subvol=home" "compress=zstd" "noatime"]; + }; - fileSystems."/nix" = { - device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964"; - fsType = "btrfs"; - options = ["subvol=nix" "compress=zstd" "noatime"]; - }; + "/nix" = { + device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964"; + fsType = "btrfs"; + options = ["subvol=nix" "compress=zstd" "noatime"]; + }; - fileSystems."/persist" = { - device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964"; - fsType = "btrfs"; - options = ["subvol=persist" "compress=zstd" "noatime"]; - neededForBoot = true; - }; + "/persist" = { + device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964"; + fsType = "btrfs"; + options = ["subvol=persist" "compress=zstd" "noatime"]; + neededForBoot = true; + }; - fileSystems."/var/log" = { - device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964"; - fsType = "btrfs"; - options = ["subvol=log" "compress=zstd" "noatime"]; - neededForBoot = true; - }; + "/var/log" = { + device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964"; + fsType = "btrfs"; + options = ["subvol=log" "compress=zstd" "noatime"]; + neededForBoot = true; + }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/6F47-35E9"; - fsType = "vfat"; - options = ["fmask=0022" "dmask=0022"]; + "/boot" = { + device = "/dev/disk/by-uuid/6F47-35E9"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; }; swapDevices = []; @@ -62,6 +54,6 @@ networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp0s3.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + # nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; virtualisation.virtualbox.guest.enable = true; } diff --git a/machine/thinkpad/hardware-configuration.nix b/machine/thinkpad/hardware-configuration.nix index 9b596df..b2f0662 100644 --- a/machine/thinkpad/hardware-configuration.nix +++ b/machine/thinkpad/hardware-configuration.nix @@ -15,7 +15,6 @@ boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"]; boot.initrd.kernelModules = ["dm-snapshot"]; boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; fileSystems."/" = { device = "/dev/disk/by-uuid/6de51510-623b-4ae4-b0ba-a319057eb6ea"; diff --git a/machine/vps-arm/hardware-configuration.nix b/machine/vps-arm/hardware-configuration.nix index 8a38058..6fb6fda 100644 --- a/machine/vps-arm/hardware-configuration.nix +++ b/machine/vps-arm/hardware-configuration.nix @@ -1,8 +1,4 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. { - config, lib, pkgs, modulesPath, @@ -12,57 +8,54 @@ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.initrd.availableKernelModules = ["xhci_pci" "virtio_scsi" "sr_mod"]; - boot.initrd.kernelModules = ["dm-snapshot"]; - boot.kernelModules = []; - boot.extraModulePackages = []; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/224bc309-572c-4771-b66e-25d5e13c4917"; - fsType = "btrfs"; - options = ["subvol=root"]; + boot.initrd = { + availableKernelModules = ["xhci_pci" "virtio_scsi" "sr_mod"]; + kernelModules = ["dm-snapshot"]; }; - fileSystems."/home" = { - device = "/dev/disk/by-uuid/224bc309-572c-4771-b66e-25d5e13c4917"; - fsType = "btrfs"; - options = ["subvol=home"]; - }; + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/224bc309-572c-4771-b66e-25d5e13c4917"; + fsType = "btrfs"; + options = ["subvol=root"]; + }; - fileSystems."/nix" = { - device = "/dev/disk/by-uuid/224bc309-572c-4771-b66e-25d5e13c4917"; - fsType = "btrfs"; - options = ["subvol=nix"]; - }; + "/home" = { + device = "/dev/disk/by-uuid/224bc309-572c-4771-b66e-25d5e13c4917"; + fsType = "btrfs"; + options = ["subvol=home"]; + }; - fileSystems."/persist" = { - device = "/dev/disk/by-uuid/224bc309-572c-4771-b66e-25d5e13c4917"; - fsType = "btrfs"; - options = ["subvol=persist"]; - neededForBoot = true; - }; + "/nix" = { + device = "/dev/disk/by-uuid/224bc309-572c-4771-b66e-25d5e13c4917"; + fsType = "btrfs"; + options = ["subvol=nix"]; + }; - fileSystems."/var/log" = { - device = "/dev/disk/by-uuid/224bc309-572c-4771-b66e-25d5e13c4917"; - fsType = "btrfs"; - options = ["subvol=log"]; - neededForBoot = true; - }; + "/persist" = { + device = "/dev/disk/by-uuid/224bc309-572c-4771-b66e-25d5e13c4917"; + fsType = "btrfs"; + options = ["subvol=persist"]; + neededForBoot = true; + }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/DE94-E9C1"; - fsType = "vfat"; - options = ["fmask=0022" "dmask=0022"]; - }; + "/var/log" = { + device = "/dev/disk/by-uuid/224bc309-572c-4771-b66e-25d5e13c4917"; + fsType = "btrfs"; + options = ["subvol=log"]; + neededForBoot = true; + }; + "/boot" = { + device = "/dev/disk/by-uuid/DE94-E9C1"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; + }; swapDevices = [ {device = "/dev/disk/by-uuid/3c63b075-76ca-403f-bf75-53269b6bf4fa";} ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp7s0.useDHCP = lib.mkDefault true;