diff --git a/configs/hardware.nix b/configs/hardware.nix index c0a1f99..3f4b6a1 100644 --- a/configs/hardware.nix +++ b/configs/hardware.nix @@ -1,9 +1,9 @@ { - config, - pkgs, - lib, - ... -}: { + hardware = { + bluetooth.enable = true; + sane.enable = true; + }; + services = { fwupd.enable = true; }; diff --git a/configs/user-gui.nix b/configs/user-gui.nix index 858c846..e657f99 100755 --- a/configs/user-gui.nix +++ b/configs/user-gui.nix @@ -26,20 +26,12 @@ noto-fonts-cjk-sans noto-fonts-emoji noto-fonts-extra - - # inputs.apple-fonts.packages.${pkgs.system}.sf-pro-nerd - open-sans stix-two twemoji-color-font ]; }; - hardware = { - bluetooth.enable = true; - sane.enable = true; - }; - # services = { # gvfs.enable = true; # mullvad-vpn.enable = true; diff --git a/flake.nix b/flake.nix index 3705697..fbe4362 100644 --- a/flake.nix +++ b/flake.nix @@ -88,10 +88,11 @@ specialArgs = {inherit inputs outputs;}; modules = [ fw-fanctrl.nixosModules.default + impermanence.nixosModules.impermanence + chaotic.nixosModules.default # OUR DEFAULT MODULE inputs.nixos-hardware.nixosModules.framework-12th-gen-intel inputs.sops-nix.nixosModules.sops ./machine/framework/configuration.nix - chaotic.nixosModules.default # OUR DEFAULT MODULE ]; }; diff --git a/machine/desktop/configuration.nix b/machine/desktop/configuration.nix index 53ddba3..391b465 100755 --- a/machine/desktop/configuration.nix +++ b/machine/desktop/configuration.nix @@ -24,6 +24,7 @@ in { ../../configs/docker.nix ../../configs/games.nix ../../configs/develop.nix + ../../configs/hardware.nix ../../configs/virtualisation.nix ../../configs/plasma.nix ../../configs/user-gui.nix @@ -69,8 +70,6 @@ in { trusted-public-keys = ["ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc="]; }; - # chaotic.nyx.cache.enable = false; - # nixpkgs.localSystem = { # gcc.arch = "znver3"; # gcc.tune = "znver3"; @@ -235,7 +234,6 @@ in { power-profiles-daemon.enable = true; # netdata.enable = true; # printing.enable = true; - fwupd.enable = true; pipewire = { enable = true; diff --git a/machine/desktop/hardware-configuration.nix b/machine/desktop/hardware-configuration.nix index 3abef23..cbf7287 100644 --- a/machine/desktop/hardware-configuration.nix +++ b/machine/desktop/hardware-configuration.nix @@ -21,32 +21,62 @@ "/" = { device = "/dev/disk/by-uuid/87c6b0fb-b921-47d5-a3a1-4b4c0a4f02ad"; fsType = "btrfs"; - options = ["subvol=root" "discard=async" "compress=zstd" "noatime"]; + options = [ + "subvol=root" + "discard=async" + "compress=zstd" + "nodiratime" + "noatime" + ]; }; "/home" = { device = "/dev/disk/by-uuid/87c6b0fb-b921-47d5-a3a1-4b4c0a4f02ad"; fsType = "btrfs"; - options = ["subvol=home" "discard=async" "compress=zstd" "noatime"]; + options = [ + "subvol=home" + "discard=async" + "compress=zstd" + "nodiratime" + "noatime" + ]; }; "/nix" = { device = "/dev/disk/by-uuid/87c6b0fb-b921-47d5-a3a1-4b4c0a4f02ad"; fsType = "btrfs"; - options = ["subvol=nix" "discard=async" "compress=zstd" "noatime"]; + options = [ + "subvol=nix" + "discard=async" + "compress=zstd" + "nodiratime" + "noatime" + ]; }; "/persist" = { device = "/dev/disk/by-uuid/87c6b0fb-b921-47d5-a3a1-4b4c0a4f02ad"; fsType = "btrfs"; - options = ["subvol=persist" "discard=async" "compress=zstd" "noatime"]; + options = [ + "subvol=persist" + "discard=async" + "compress=zstd" + "nodiratime" + "noatime" + ]; neededForBoot = true; }; "/var/log" = { device = "/dev/disk/by-uuid/87c6b0fb-b921-47d5-a3a1-4b4c0a4f02ad"; fsType = "btrfs"; - options = ["subvol=log" "discard=async" "compress=zstd" "noatime"]; + options = [ + "subvol=log" + "discard=async" + "compress=zstd" + "nodiratime" + "noatime" + ]; neededForBoot = true; }; diff --git a/machine/framework/configuration.nix b/machine/framework/configuration.nix index 21f3c1d..ff5b2b0 100755 --- a/machine/framework/configuration.nix +++ b/machine/framework/configuration.nix @@ -37,7 +37,7 @@ in { defaultSopsFile = ../../secrets.yaml; validateSopsFiles = true; age = { - sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"]; keyFile = "/var/lib/sops-nix/key.txt"; generateKey = true; }; @@ -57,7 +57,7 @@ in { boot = { kernelPackages = pkgs.linuxPackages_latest; - initrd.systemd.enable = true; + # initrd.systemd.enable = true; loader = { grub = { enable = true; @@ -70,6 +70,55 @@ in { }; supportedFilesystems = ["btrfs"]; + initrd = { + luks.devices = { + root = { + device = "/dev/disk/by-uuid/eddab069-d369-4b26-8b4e-f3b907ba6f6c"; + allowDiscards = true; + preLVM = true; + }; + }; + + postDeviceCommands = pkgs.lib.mkBefore '' + mkdir -p /mnt + + # We first mount the btrfs root to /mnt + # so we can manipulate btrfs subvolumes. + mount -o subvol=/ /dev/mapper/lvm-root /mnt + + # While we're tempted to just delete /root and create + # a new snapshot from /root-blank, /root is already + # populated at this point with a number of subvolumes, + # which makes `btrfs subvolume delete` fail. + # So, we remove them first. + # + # /root contains subvolumes: + # - /root/var/lib/portables + # - /root/var/lib/machines + # + # I suspect these are related to systemd-nspawn, but + # since I don't use it I'm not 100% sure. + # Anyhow, deleting these subvolumes hasn't resulted + # in any issues so far, except for fairly + # benign-looking errors from systemd-tmpfiles. + btrfs subvolume list -o /mnt/root | + cut -f9 -d' ' | + while read subvolume; do + echo "deleting /$subvolume subvolume..." + btrfs subvolume delete "/mnt/$subvolume" + done && + echo "deleting /root subvolume..." && + btrfs subvolume delete /mnt/root + + echo "restoring blank /root subvolume..." + btrfs subvolume snapshot /mnt/root-blank /mnt/root + + # Once we're done rolling back to a blank snapshot, + # we can unmount /mnt and continue on the boot process. + umount /mnt + ''; + }; + tmp.useTmpfs = false; }; @@ -94,7 +143,7 @@ in { time.timeZone = "Europe/Berlin"; programs.fw-fanctrl = { - enable = false; + enable = true; config = { defaultStrategy = "lazy"; strategies = { @@ -162,8 +211,6 @@ in { power-profiles-daemon.enable = true; colord.enable = true; - fwupd.enable = true; - btrfs.autoScrub = { enable = true; interval = "monthly"; @@ -236,6 +283,28 @@ in { # fahviewer # fahcontrol ]; + persistence."/persist" = { + directories = [ + "/etc/NetworkManager/system-connections" + # "/var/lib/bluetooth" + "/var/lib/docker" + "/var/lib/nixos" + # "/var/lib/samba" + "/var/lib/sddm" + # "/var/lib/systemd/rfkill" + "/var/lib/tailscale" + "/var/lib/tuptime" + "/var/lib/vnstat" + ]; + files = [ + "/etc/machine-id" + "/etc/NIXOS" + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ]; + }; }; # Set up deep sleep + hibernation diff --git a/machine/framework/hardware-configuration.nix b/machine/framework/hardware-configuration.nix index 813b508..1fd4742 100644 --- a/machine/framework/hardware-configuration.nix +++ b/machine/framework/hardware-configuration.nix @@ -28,45 +28,58 @@ device = "/dev/disk/by-uuid/20780bfe-5714-4c2f-bf53-7296b76cfbdc"; fsType = "btrfs"; options = [ - "subvol=@root" + "subvol=root" + "discard=async" "compress=zstd" - "noatime" "nodiratime" - "discard" + "noatime" ]; }; "/home" = { device = "/dev/disk/by-uuid/20780bfe-5714-4c2f-bf53-7296b76cfbdc"; fsType = "btrfs"; options = [ - "subvol=@home" + "subvol=home" + "discard=async" "compress=zstd" - "noatime" "nodiratime" - "discard" + "noatime" ]; }; "/nix" = { device = "/dev/disk/by-uuid/20780bfe-5714-4c2f-bf53-7296b76cfbdc"; fsType = "btrfs"; options = [ - "subvol=@nix" + "subvol=nix" + "discard=async" "compress=zstd" - "noatime" "nodiratime" - "discard" + "noatime" ]; }; "/var/log" = { device = "/dev/disk/by-uuid/20780bfe-5714-4c2f-bf53-7296b76cfbdc"; fsType = "btrfs"; options = [ - "subvol=@log" + "subvol=log" + "discard=async" "compress=zstd" - "noatime" "nodiratime" - "discard" + "noatime" ]; + neededForBoot = true; + }; + "/persist" = { + device = "/dev/disk/by-uuid/20780bfe-5714-4c2f-bf53-7296b76cfbdc"; + fsType = "btrfs"; + options = [ + "subvol=persist" + "discard=async" + "compress=zstd" + "nodiratime" + "noatime" + ]; + neededForBoot = true; }; "/boot" = { device = "/dev/disk/by-uuid/427A-97BA"; @@ -77,21 +90,17 @@ device = "/dev/disk/by-uuid/58259976-4f63-4f60-a755-7870b08286e7"; fsType = "btrfs"; options = [ - "noatime" - "nodiratime" - "discard" "subvol=@data" + "discard=async" + "compress=zstd" + "nodiratime" + "noatime" "nofail" "x-systemd.automount" ]; }; }; - boot.initrd.luks.devices.root = { - device = "/dev/disk/by-uuid/eddab069-d369-4b26-8b4e-f3b907ba6f6c"; - preLVM = true; - }; - environment.etc.crypttab.text = '' luks-e36ec189-2211-4bcc-bb9d-46650443d76b UUID=e36ec189-2211-4bcc-bb9d-46650443d76b /etc/luks-key01 '';