diff --git a/flake.lock b/flake.lock index 4d548a1..51bc4f7 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1701020120, - "narHash": "sha256-rXzIkoYnSHpX12MWzVyWzFdQDQ0puZXTrnyuqt8Xci4=", + "lastModified": 1702056258, + "narHash": "sha256-Fjhxm6GYq6Tos+Za5slrLRlc+UicOxgzGIxLNtoJpEA=", "owner": "chayleaf", "repo": "coop-ofd", - "rev": "4ac9b827b50f4131ccf7b9e2f3281e9d6fc991ac", + "rev": "a96a20b176da515ec090a783de39aa8d9e573be1", "type": "github" }, "original": { @@ -319,11 +319,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1700647334, - "narHash": "sha256-0F5B7oJAAJ4u4sq97nIhcH/pVFkFjYY5JFxXXHOBJQ4=", + "lastModified": 1701951621, + "narHash": "sha256-97wdVG/CHlHkWqd8Y+1PvLrNBp91tf0esBURFVT8KSA=", "owner": "chayleaf", "repo": "nixpkgs", - "rev": "e70edbbc30bca7d90c4a1e8c653ceb1607cc2858", + "rev": "b4ba55d440f4eb00379307b7c2f0279b5d24b68b", "type": "github" }, "original": { diff --git a/system/devices/msi-delta-15-workstation.nix b/system/devices/msi-delta-15-workstation.nix index 3647511..7bc9a21 100644 --- a/system/devices/msi-delta-15-workstation.nix +++ b/system/devices/msi-delta-15-workstation.nix @@ -1,91 +1,59 @@ # device-specific non-portable config +{ pkgs +, ... +}: + let - efiPart = "/dev/disk/by-uuid/D77D-8CE0"; + uuids.efi = "D97E-A4D5"; + uuids.encroot = "a2c3c9ea-2c73-4786-bff7-5f0aa7097912"; + uuids.root = "dc669123-d6d3-447f-9ce3-c22587e5fa6a"; + uuids.encdata = "f1447692-fa7c-4bd6-9cb5-e44c13fddfe3"; + uuids.data = "fa754b1e-ac83-4851-bf16-88efcd40b657"; + uuids.swap = "01c21ed8-0f40-4892-825d-81f5ddb9a0a2"; + parts = builtins.mapAttrs (k: v: "/dev/disk/by-uuid/${v}") uuids; +in - encPart = "/dev/disk/by-uuid/ce6ccdf0-7b6a-43ae-bfdf-10009a55041a"; - cryptrootUuid = "f4edc0df-b50b-42f6-94ed-1c8f88d6cdbb"; - cryptroot = "/dev/disk/by-uuid/${cryptrootUuid}"; - - dataPart = "/dev/disk/by-uuid/f1447692-fa7c-4bd6-9cb5-e44c13fddfe3"; - datarootUuid = "fa754b1e-ac83-4851-bf16-88efcd40b657"; - dataroot = "/dev/disk/by-uuid/${datarootUuid}"; -in { +{ imports = [ ../hardware/msi-delta-15 ../hosts/nixmsi.nix ]; + boot.initrd.systemd.enable = false; boot.initrd = { - # insert crypto_keyfile into initrd so that grub can tell the kernel the - # encryption key once I unlock the /boot partition - secrets."/crypto_keyfile.bin" = "/boot/initrd/crypto_keyfile.bin"; - luks.devices."cryptroot" = { - device = encPart; - # idk whether this is needed but it works - preLVM = true; + luks.devices.cryptroot = { + device = parts.encroot; # see https://asalor.blogspot.de/2011/08/trim-dm-crypt-problems.html before enabling allowDiscards = true; - # improve SSD performance - bypassWorkqueues = true; - keyFile = "/crypto_keyfile.bin"; }; - luks.devices."dataroot" = { - device = dataPart; - preLVM = true; + luks.devices.dataroot = { + device = parts.encdata; allowDiscards = true; - bypassWorkqueues = true; - keyFile = "/crypto_keyfile.bin"; }; }; - boot.loader = { - grub = { - enable = true; - enableCryptodisk = true; - efiSupport = true; - # nodev = disable bios support - device = "nodev"; - }; - efi.canTouchEfiVariables = true; - efi.efiSysMountPoint = "/boot/efi"; - }; - boot.resumeDevice = cryptroot; - boot.kernelParams = [ - "resume=/@swap/swapfile" - # resume_offset = $(btrfs inspect-internal map-swapfile -r path/to/swapfile) - "resume_offset=533760" - ]; - fileSystems = let - device = cryptroot; - fsType = "btrfs"; - # max compression! my cpu is pretty good anyway - compress = "compress=zstd:15"; - discard = "discard=async"; - neededForBoot = true; - in { - # mount root on tmpfs - "/" = { device = "none"; fsType = "tmpfs"; inherit neededForBoot; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.kernelPackages = pkgs.linuxPackages_testing; + boot.kernelParams = [ "boot.shell_on_fail" ]; + + fileSystems = { + "/" = { device = "none"; fsType = "tmpfs"; neededForBoot = true; options = [ "defaults" "size=2G" "mode=755" ]; }; "/persist" = - { inherit device fsType neededForBoot; - options = [ discard compress "subvol=@" ]; }; - "/nix" = { inherit device fsType neededForBoot; - options = [ discard compress "subvol=@nix" "noatime" ]; }; - "/swap" = { inherit device fsType neededForBoot; - options = [ discard "subvol=@swap" "noatime" ]; }; - "/home" = { inherit device fsType; - options = [ discard compress "subvol=@home" ]; }; - # why am I even bothering with creating this subvolume every time if I don't use snapshots anyway? - "/.snapshots" = - { inherit device fsType; - options = [ discard compress "subvol=@snapshots" ]; }; - "/boot" = { inherit device fsType neededForBoot; - options = [ discard compress "subvol=@boot" ]; }; - "/boot/efi" = - { device = efiPart; fsType = "vfat"; inherit neededForBoot; }; + { device = parts.root; fsType = "bcachefs"; neededForBoot = true; + options = [ "discard=1" ]; }; + "/boot" = { device = parts.efi; fsType = "vfat"; neededForBoot = true; }; "/data" = - { device = dataroot; fsType = "btrfs"; - options = [ discard compress ]; }; + { device = parts.data; fsType = "btrfs"; + options = [ "discard=async" "compress=zstd:15" ]; }; }; + impermanence.directories = [ + /root + /home + /nix + ]; impermanence = { enable = true; @@ -95,18 +63,13 @@ in { # fix for my realtek usb ethernet adapter services.tlp.settings.USB_DENYLIST = "0bda:8156"; - swapDevices = [ { device = "/swap/swapfile"; } ]; + swapDevices = [ { device = parts.swap; } ]; + boot.resumeDevice = parts.swap; # dedupe services.beesd = { - # i have a lot of ram :tonystark: - filesystems.cryptroot = { - spec = "UUID=${cryptrootUuid}"; - hashTableSizeMB = 128; - extraOptions = [ "--loadavg-target" "8.0" ]; - }; filesystems.dataroot = { - spec = "UUID=${datarootUuid}"; + spec = "UUID=${uuids.data}"; hashTableSizeMB = 256; extraOptions = [ "--loadavg-target" "8.0" ]; }; diff --git a/system/devices/radxa-rock5a-server.nix b/system/devices/radxa-rock5a-server.nix index c378585..feb19ab 100644 --- a/system/devices/radxa-rock5a-server.nix +++ b/system/devices/radxa-rock5a-server.nix @@ -6,7 +6,7 @@ let uuids.enc = "15945050-df48-418b-b736-827749b9262a"; - uuids.oldroot = "de454394-8cc1-4267-b62b-1e25062f7cf4"; + uuids.swap = "5c7f9e4e-c245-4ccb-98a2-1211ea7008e8"; uuids.boot = "0603-5955"; uuids.bch0 = "9f10b9ac-3102-4816-8f2c-e0526c2aa65b"; uuids.bch1 = "4ffed814-057c-4f9f-9a12-9d8ac6331e62"; @@ -109,21 +109,14 @@ in "/persist" = { device = "UUID=${uuids.bch}"; fsType = "bcachefs"; inherit neededForBoot; options = [ "errors=ro" ]; }; - #"/persist" = - # { device = parts.oldroot; fsType = "btrfs"; inherit neededForBoot; - # options = [ "discard=async" "compress=zstd" "subvol=@" ]; }; - "/swap" = { device = parts.oldroot; fsType = "btrfs"; inherit neededForBoot; - options = [ "discard=async" "subvol=@swap" "noatime" ]; }; "/boot" = { device = parts.boot; fsType = "vfat"; inherit neededForBoot; }; }; - swapDevices = [ { device = "/swap/swapfile"; } ]; + swapDevices = [ { device = parts.swap; } ]; - boot.kernelParams = [ - "resume=/@swap/swapfile" - # resume_offset = $(btrfs inspect-internal map-swapfile -r path/to/swapfile) - "resume_offset=26001976" - ]; + boot.kernel.sysctl = { + "vm.swappiness" = 10; + }; impermanence = { enable = true; diff --git a/system/hardware/msi-delta-15/default.nix b/system/hardware/msi-delta-15/default.nix index cd5977c..be56853 100644 --- a/system/hardware/msi-delta-15/default.nix +++ b/system/hardware/msi-delta-15/default.nix @@ -1,5 +1,6 @@ { hardware , pkgs +, lib , ... }: { @@ -13,7 +14,7 @@ common.resolution = "1920x1080"; vfio.pciIDs = [ "1002:73df" "1002:ab28" ]; boot = { - kernelPackages = pkgs.linuxPackagesFor pkgs.linux_latest; + kernelPackages = lib.mkDefault (pkgs.linuxPackagesFor pkgs.linux_latest); initrd.availableKernelModules = [ "nvme" "xhci_pci" ]; kernelParams = [ # disable PSR to *hopefully* avoid random hangs diff --git a/system/modules/impermanence.nix b/system/modules/impermanence.nix index f736eab..9c805e4 100644 --- a/system/modules/impermanence.nix +++ b/system/modules/impermanence.nix @@ -74,7 +74,7 @@ in { ] ++ lib.optionals config.programs.ccache.enable [ { directory = config.programs.ccache.cacheDir; user = "root"; group = "nixbld"; mode = "0770"; } { directory = /var/cache/sccache; user = "root"; group = "nixbld"; mode = "0770"; } - ] ++ lib.optionals config.services.coop-ofd.enable [ + ] ++ lib.optionals (config.services.coop-ofd.enable or false) [ { directory = /var/lib/coop-ofd; mode = "0750"; } ] ++ lib.optionals config.services.dovecot2.enable [ { directory = /var/lib/dhparams; user = "root"; group = "root"; mode = "0755"; } @@ -95,7 +95,7 @@ in { { directory = /var/lib/jellyfin; user = "jellyfin"; group = "jellyfin"; mode = "0750"; } ] ++ lib.optionals config.services.matrix-synapse.enable [ { directory = /var/lib/matrix-synapse; user = "matrix-synapse"; group = "matrix-synapse"; mode = "0700"; } - ] ++ lib.optionals config.services.maubot.enable [ + ] ++ lib.optionals (config.services.maubot.enable or false) [ { directory = /var/lib/maubot; user = "maubot"; group = "maubot"; mode = "0750"; } ] ++ lib.optionals config.services.monero.enable [ { directory = config.services.monero.dataDir; user = "monero"; group = "monero"; mode = "0750"; } @@ -121,7 +121,7 @@ in { { directory = /var/cache/cups; user = "root"; group = "lp"; mode = "0770"; } ] ++ lib.optionals config.services.prometheus.enable [ { directory = /var/lib/${config.services.prometheus.stateDir}; user = "prometheus"; group = "prometheus"; mode = "0755"; } - ] ++ lib.optionals config.services.qbittorrent-nox.enable [ + ] ++ lib.optionals (config.services.qbittorrent-nox.enable or false) [ { directory = /var/lib/qbittorrent-nox; mode = "0755"; } ] ++ lib.optionals (config.services.redis.servers.rspamd.enable or false) [ { directory = /var/lib/redis-rspamd; user = "redis-rspamd"; group = "redis-rspamd"; mode = "0700"; }