framework-2024-12-03-15-01-23

configs/common-linux.nix

@@ -31,44 +31,44 @@
     supportedFilesystems = ["ntfs" "btrfs"];
 
     initrd = {
-      postDeviceCommands = pkgs.lib.mkBefore ''
+      # postDeviceCommands = pkgs.lib.mkBefore ''
-        mkdir -p /mnt
+      #   mkdir -p /mnt
 
-        # We first mount the btrfs root to /mnt
+      #   # We first mount the btrfs root to /mnt
-        # so we can manipulate btrfs subvolumes.
+      #   # so we can manipulate btrfs subvolumes.
-        mount -o subvol=/ /dev/mapper/lvm-root /mnt
+      #   mount -o subvol=/ /dev/mapper/lvm-root /mnt
 
-        # While we're tempted to just delete /root and create
+      #   # While we're tempted to just delete /root and create
-        # a new snapshot from /root-blank, /root is already
+      #   # a new snapshot from /root-blank, /root is already
-        # populated at this point with a number of subvolumes,
+      #   # populated at this point with a number of subvolumes,
-        # which makes `btrfs subvolume delete` fail.
+      #   # which makes `btrfs subvolume delete` fail.
-        # So, we remove them first.
+      #   # So, we remove them first.
-        #
+      #   #
-        # /root contains subvolumes:
+      #   # /root contains subvolumes:
-        # - /root/var/lib/portables
+      #   # - /root/var/lib/portables
-        # - /root/var/lib/machines
+      #   # - /root/var/lib/machines
-        #
+      #   #
-        # I suspect these are related to systemd-nspawn, but
+      #   # I suspect these are related to systemd-nspawn, but
-        # since I don't use it I'm not 100% sure.
+      #   # since I don't use it I'm not 100% sure.
-        # Anyhow, deleting these subvolumes hasn't resulted
+      #   # Anyhow, deleting these subvolumes hasn't resulted
-        # in any issues so far, except for fairly
+      #   # in any issues so far, except for fairly
-        # benign-looking errors from systemd-tmpfiles.
+      #   # benign-looking errors from systemd-tmpfiles.
-        btrfs subvolume list -o /mnt/root |
+      #   btrfs subvolume list -o /mnt/root |
-        cut -f9 -d' ' |
+      #   cut -f9 -d' ' |
-        while read subvolume; do
+      #   while read subvolume; do
-          echo "deleting /$subvolume subvolume..."
+      #     echo "deleting /$subvolume subvolume..."
-          btrfs subvolume delete "/mnt/$subvolume"
+      #     btrfs subvolume delete "/mnt/$subvolume"
-        done &&
+      #   done &&
-        echo "deleting /root subvolume..." &&
+      #   echo "deleting /root subvolume..." &&
-        btrfs subvolume delete /mnt/root
+      #   btrfs subvolume delete /mnt/root
 
-        echo "restoring blank /root subvolume..."
+      #   echo "restoring blank /root subvolume..."
-        btrfs subvolume snapshot /mnt/root-blank /mnt/root
+      #   btrfs subvolume snapshot /mnt/root-blank /mnt/root
 
-        # Once we're done rolling back to a blank snapshot,
+      #   # Once we're done rolling back to a blank snapshot,
-        # we can unmount /mnt and continue on the boot process.
+      #   # we can unmount /mnt and continue on the boot process.
-        umount /mnt
+      #   umount /mnt
-      '';
+      # '';
     };
   };
 

machine/framework/configuration.nix

@@ -21,24 +21,13 @@ in {
   ];
 
   sops = {
-    defaultSopsFile = ../../secrets/secrets.yaml;
+    defaultSopsFile = ../../secrets-framework.yaml;
-    validateSopsFiles = true;
-    age = {
-      sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];
-      keyFile = "/var/lib/sops-nix/key.txt";
-      generateKey = true;
-    };
 
     secrets = {
       borg-key = {
-        sopsFile = ../../secrets/secrets-framework.yaml;
         owner = config.users.users.alex.name;
         group = config.users.users.alex.group;
       };
-
-      hashedPassword = {
-        neededForUsers = true;
-      };
     };
   };
 
@@ -224,11 +213,6 @@ in {
       # fahviewer
       # fahcontrol
     ];
-    # persistence."/persist" = {
-    #   directories = [
-    #     # "/var/lib/samba"
-    #   ];
-    # };
   };
 
   # Partition swapfile is on (after LUKS decryption)

machine/framework/hardware-configuration.nix

@@ -1,6 +1,3 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
 {
   config,
   lib,
@@ -19,21 +16,23 @@
     "usb_storage"
     "sd_mod"
   ];
-  # boot.initrd.kernelModules = [];
-  # boot.kernelModules = ["kvm-intel"];
-  # boot.extraModulePackages = [];
 
   fileSystems = {
+    # "/" = {
+    #   device = "/dev/disk/by-uuid/20780bfe-5714-4c2f-bf53-7296b76cfbdc";
+    #   fsType = "btrfs";
+    #   options = [
+    #     "subvol=root"
+    #     "discard=async"
+    #     "compress=zstd"
+    #     "nodiratime"
+    #     "noatime"
+    #   ];
+    # };
     "/" = {
-      device = "/dev/disk/by-uuid/20780bfe-5714-4c2f-bf53-7296b76cfbdc";
+      device = "none";
-      fsType = "btrfs";
+      fsType = "tmpfs";
-      options = [
+      options = ["defaults" "size=16G" "mode=755"];
-        "subvol=root"
-        "discard=async"
-        "compress=zstd"
-        "nodiratime"
-        "noatime"
-      ];
     };
     "/home" = {
       device = "/dev/disk/by-uuid/20780bfe-5714-4c2f-bf53-7296b76cfbdc";
@@ -86,24 +85,24 @@
       fsType = "vfat";
       options = ["fmask=0022" "dmask=0022"];
     };
-    #    "/home/alex/shared/storage" = {
+    "/home/alex/shared/storage" = {
-    #      device = "/dev/disk/by-uuid/58259976-4f63-4f60-a755-7870b08286e7";
+      device = "/dev/disk/by-uuid/58259976-4f63-4f60-a755-7870b08286e7";
-    #      fsType = "btrfs";
+      fsType = "btrfs";
-    #      options = [
+      options = [
-    #        "subvol=@data"
+        "subvol=@data"
-    #        "discard=async"
+        "discard=async"
-    #        "compress=zstd"
+        "compress=zstd"
-    #        "nodiratime"
+        "nodiratime"
-    #        "noatime"
+        "noatime"
-    #        "nofail"
+        "nofail"
-    #        "x-systemd.automount"
+        "x-systemd.automount"
-    #      ];
+      ];
-    #    };
+    };
   };
 
-  # environment.etc.crypttab.text = ''
+  environment.etc.crypttab.text = ''
-  #   luks-e36ec189-2211-4bcc-bb9d-46650443d76b UUID=e36ec189-2211-4bcc-bb9d-46650443d76b /persist/luks-key01
+    luks-e36ec189-2211-4bcc-bb9d-46650443d76b UUID=e36ec189-2211-4bcc-bb9d-46650443d76b /persist/luks-key01
-  # '';
+  '';
 
   swapDevices = [
     {
@@ -111,10 +110,6 @@
     }
   ];
 
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
   networking.useDHCP = lib.mkDefault true;
   # networking.interfaces.wlp166s0.useDHCP = lib.mkDefault true;