devices/{workstation,server}: change drive configuration
This commit is contained in:
parent
82eb631fd1
commit
6dc3782fe2
12
flake.lock
12
flake.lock
|
@ -25,11 +25,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1701020120,
|
||||
"narHash": "sha256-rXzIkoYnSHpX12MWzVyWzFdQDQ0puZXTrnyuqt8Xci4=",
|
||||
"lastModified": 1702056258,
|
||||
"narHash": "sha256-Fjhxm6GYq6Tos+Za5slrLRlc+UicOxgzGIxLNtoJpEA=",
|
||||
"owner": "chayleaf",
|
||||
"repo": "coop-ofd",
|
||||
"rev": "4ac9b827b50f4131ccf7b9e2f3281e9d6fc991ac",
|
||||
"rev": "a96a20b176da515ec090a783de39aa8d9e573be1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -319,11 +319,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1700647334,
|
||||
"narHash": "sha256-0F5B7oJAAJ4u4sq97nIhcH/pVFkFjYY5JFxXXHOBJQ4=",
|
||||
"lastModified": 1701951621,
|
||||
"narHash": "sha256-97wdVG/CHlHkWqd8Y+1PvLrNBp91tf0esBURFVT8KSA=",
|
||||
"owner": "chayleaf",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "e70edbbc30bca7d90c4a1e8c653ceb1607cc2858",
|
||||
"rev": "b4ba55d440f4eb00379307b7c2f0279b5d24b68b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -1,91 +1,59 @@
|
|||
# device-specific non-portable config
|
||||
{ pkgs
|
||||
, ...
|
||||
}:
|
||||
|
||||
let
|
||||
efiPart = "/dev/disk/by-uuid/D77D-8CE0";
|
||||
uuids.efi = "D97E-A4D5";
|
||||
uuids.encroot = "a2c3c9ea-2c73-4786-bff7-5f0aa7097912";
|
||||
uuids.root = "dc669123-d6d3-447f-9ce3-c22587e5fa6a";
|
||||
uuids.encdata = "f1447692-fa7c-4bd6-9cb5-e44c13fddfe3";
|
||||
uuids.data = "fa754b1e-ac83-4851-bf16-88efcd40b657";
|
||||
uuids.swap = "01c21ed8-0f40-4892-825d-81f5ddb9a0a2";
|
||||
parts = builtins.mapAttrs (k: v: "/dev/disk/by-uuid/${v}") uuids;
|
||||
in
|
||||
|
||||
encPart = "/dev/disk/by-uuid/ce6ccdf0-7b6a-43ae-bfdf-10009a55041a";
|
||||
cryptrootUuid = "f4edc0df-b50b-42f6-94ed-1c8f88d6cdbb";
|
||||
cryptroot = "/dev/disk/by-uuid/${cryptrootUuid}";
|
||||
|
||||
dataPart = "/dev/disk/by-uuid/f1447692-fa7c-4bd6-9cb5-e44c13fddfe3";
|
||||
datarootUuid = "fa754b1e-ac83-4851-bf16-88efcd40b657";
|
||||
dataroot = "/dev/disk/by-uuid/${datarootUuid}";
|
||||
in {
|
||||
{
|
||||
imports = [
|
||||
../hardware/msi-delta-15
|
||||
../hosts/nixmsi.nix
|
||||
];
|
||||
|
||||
boot.initrd.systemd.enable = false;
|
||||
boot.initrd = {
|
||||
# insert crypto_keyfile into initrd so that grub can tell the kernel the
|
||||
# encryption key once I unlock the /boot partition
|
||||
secrets."/crypto_keyfile.bin" = "/boot/initrd/crypto_keyfile.bin";
|
||||
luks.devices."cryptroot" = {
|
||||
device = encPart;
|
||||
# idk whether this is needed but it works
|
||||
preLVM = true;
|
||||
luks.devices.cryptroot = {
|
||||
device = parts.encroot;
|
||||
# see https://asalor.blogspot.de/2011/08/trim-dm-crypt-problems.html before enabling
|
||||
allowDiscards = true;
|
||||
# improve SSD performance
|
||||
bypassWorkqueues = true;
|
||||
keyFile = "/crypto_keyfile.bin";
|
||||
};
|
||||
luks.devices."dataroot" = {
|
||||
device = dataPart;
|
||||
preLVM = true;
|
||||
luks.devices.dataroot = {
|
||||
device = parts.encdata;
|
||||
allowDiscards = true;
|
||||
bypassWorkqueues = true;
|
||||
keyFile = "/crypto_keyfile.bin";
|
||||
};
|
||||
};
|
||||
boot.loader = {
|
||||
grub = {
|
||||
enable = true;
|
||||
enableCryptodisk = true;
|
||||
efiSupport = true;
|
||||
# nodev = disable bios support
|
||||
device = "nodev";
|
||||
};
|
||||
efi.canTouchEfiVariables = true;
|
||||
efi.efiSysMountPoint = "/boot/efi";
|
||||
};
|
||||
boot.resumeDevice = cryptroot;
|
||||
boot.kernelParams = [
|
||||
"resume=/@swap/swapfile"
|
||||
# resume_offset = $(btrfs inspect-internal map-swapfile -r path/to/swapfile)
|
||||
"resume_offset=533760"
|
||||
];
|
||||
fileSystems = let
|
||||
device = cryptroot;
|
||||
fsType = "btrfs";
|
||||
# max compression! my cpu is pretty good anyway
|
||||
compress = "compress=zstd:15";
|
||||
discard = "discard=async";
|
||||
neededForBoot = true;
|
||||
in {
|
||||
# mount root on tmpfs
|
||||
"/" = { device = "none"; fsType = "tmpfs"; inherit neededForBoot;
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
boot.kernelPackages = pkgs.linuxPackages_testing;
|
||||
boot.kernelParams = [ "boot.shell_on_fail" ];
|
||||
|
||||
fileSystems = {
|
||||
"/" = { device = "none"; fsType = "tmpfs"; neededForBoot = true;
|
||||
options = [ "defaults" "size=2G" "mode=755" ]; };
|
||||
"/persist" =
|
||||
{ inherit device fsType neededForBoot;
|
||||
options = [ discard compress "subvol=@" ]; };
|
||||
"/nix" = { inherit device fsType neededForBoot;
|
||||
options = [ discard compress "subvol=@nix" "noatime" ]; };
|
||||
"/swap" = { inherit device fsType neededForBoot;
|
||||
options = [ discard "subvol=@swap" "noatime" ]; };
|
||||
"/home" = { inherit device fsType;
|
||||
options = [ discard compress "subvol=@home" ]; };
|
||||
# why am I even bothering with creating this subvolume every time if I don't use snapshots anyway?
|
||||
"/.snapshots" =
|
||||
{ inherit device fsType;
|
||||
options = [ discard compress "subvol=@snapshots" ]; };
|
||||
"/boot" = { inherit device fsType neededForBoot;
|
||||
options = [ discard compress "subvol=@boot" ]; };
|
||||
"/boot/efi" =
|
||||
{ device = efiPart; fsType = "vfat"; inherit neededForBoot; };
|
||||
{ device = parts.root; fsType = "bcachefs"; neededForBoot = true;
|
||||
options = [ "discard=1" ]; };
|
||||
"/boot" = { device = parts.efi; fsType = "vfat"; neededForBoot = true; };
|
||||
"/data" =
|
||||
{ device = dataroot; fsType = "btrfs";
|
||||
options = [ discard compress ]; };
|
||||
{ device = parts.data; fsType = "btrfs";
|
||||
options = [ "discard=async" "compress=zstd:15" ]; };
|
||||
};
|
||||
impermanence.directories = [
|
||||
/root
|
||||
/home
|
||||
/nix
|
||||
];
|
||||
|
||||
impermanence = {
|
||||
enable = true;
|
||||
|
@ -95,18 +63,13 @@ in {
|
|||
# fix for my realtek usb ethernet adapter
|
||||
services.tlp.settings.USB_DENYLIST = "0bda:8156";
|
||||
|
||||
swapDevices = [ { device = "/swap/swapfile"; } ];
|
||||
swapDevices = [ { device = parts.swap; } ];
|
||||
boot.resumeDevice = parts.swap;
|
||||
|
||||
# dedupe
|
||||
services.beesd = {
|
||||
# i have a lot of ram :tonystark:
|
||||
filesystems.cryptroot = {
|
||||
spec = "UUID=${cryptrootUuid}";
|
||||
hashTableSizeMB = 128;
|
||||
extraOptions = [ "--loadavg-target" "8.0" ];
|
||||
};
|
||||
filesystems.dataroot = {
|
||||
spec = "UUID=${datarootUuid}";
|
||||
spec = "UUID=${uuids.data}";
|
||||
hashTableSizeMB = 256;
|
||||
extraOptions = [ "--loadavg-target" "8.0" ];
|
||||
};
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
|
||||
let
|
||||
uuids.enc = "15945050-df48-418b-b736-827749b9262a";
|
||||
uuids.oldroot = "de454394-8cc1-4267-b62b-1e25062f7cf4";
|
||||
uuids.swap = "5c7f9e4e-c245-4ccb-98a2-1211ea7008e8";
|
||||
uuids.boot = "0603-5955";
|
||||
uuids.bch0 = "9f10b9ac-3102-4816-8f2c-e0526c2aa65b";
|
||||
uuids.bch1 = "4ffed814-057c-4f9f-9a12-9d8ac6331e62";
|
||||
|
@ -109,21 +109,14 @@ in
|
|||
"/persist" =
|
||||
{ device = "UUID=${uuids.bch}"; fsType = "bcachefs"; inherit neededForBoot;
|
||||
options = [ "errors=ro" ]; };
|
||||
#"/persist" =
|
||||
# { device = parts.oldroot; fsType = "btrfs"; inherit neededForBoot;
|
||||
# options = [ "discard=async" "compress=zstd" "subvol=@" ]; };
|
||||
"/swap" = { device = parts.oldroot; fsType = "btrfs"; inherit neededForBoot;
|
||||
options = [ "discard=async" "subvol=@swap" "noatime" ]; };
|
||||
"/boot" = { device = parts.boot; fsType = "vfat"; inherit neededForBoot; };
|
||||
};
|
||||
|
||||
swapDevices = [ { device = "/swap/swapfile"; } ];
|
||||
swapDevices = [ { device = parts.swap; } ];
|
||||
|
||||
boot.kernelParams = [
|
||||
"resume=/@swap/swapfile"
|
||||
# resume_offset = $(btrfs inspect-internal map-swapfile -r path/to/swapfile)
|
||||
"resume_offset=26001976"
|
||||
];
|
||||
boot.kernel.sysctl = {
|
||||
"vm.swappiness" = 10;
|
||||
};
|
||||
|
||||
impermanence = {
|
||||
enable = true;
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{ hardware
|
||||
, pkgs
|
||||
, lib
|
||||
, ... }:
|
||||
|
||||
{
|
||||
|
@ -13,7 +14,7 @@
|
|||
common.resolution = "1920x1080";
|
||||
vfio.pciIDs = [ "1002:73df" "1002:ab28" ];
|
||||
boot = {
|
||||
kernelPackages = pkgs.linuxPackagesFor pkgs.linux_latest;
|
||||
kernelPackages = lib.mkDefault (pkgs.linuxPackagesFor pkgs.linux_latest);
|
||||
initrd.availableKernelModules = [ "nvme" "xhci_pci" ];
|
||||
kernelParams = [
|
||||
# disable PSR to *hopefully* avoid random hangs
|
||||
|
|
|
@ -74,7 +74,7 @@ in {
|
|||
] ++ lib.optionals config.programs.ccache.enable [
|
||||
{ directory = config.programs.ccache.cacheDir; user = "root"; group = "nixbld"; mode = "0770"; }
|
||||
{ directory = /var/cache/sccache; user = "root"; group = "nixbld"; mode = "0770"; }
|
||||
] ++ lib.optionals config.services.coop-ofd.enable [
|
||||
] ++ lib.optionals (config.services.coop-ofd.enable or false) [
|
||||
{ directory = /var/lib/coop-ofd; mode = "0750"; }
|
||||
] ++ lib.optionals config.services.dovecot2.enable [
|
||||
{ directory = /var/lib/dhparams; user = "root"; group = "root"; mode = "0755"; }
|
||||
|
@ -95,7 +95,7 @@ in {
|
|||
{ directory = /var/lib/jellyfin; user = "jellyfin"; group = "jellyfin"; mode = "0750"; }
|
||||
] ++ lib.optionals config.services.matrix-synapse.enable [
|
||||
{ directory = /var/lib/matrix-synapse; user = "matrix-synapse"; group = "matrix-synapse"; mode = "0700"; }
|
||||
] ++ lib.optionals config.services.maubot.enable [
|
||||
] ++ lib.optionals (config.services.maubot.enable or false) [
|
||||
{ directory = /var/lib/maubot; user = "maubot"; group = "maubot"; mode = "0750"; }
|
||||
] ++ lib.optionals config.services.monero.enable [
|
||||
{ directory = config.services.monero.dataDir; user = "monero"; group = "monero"; mode = "0750"; }
|
||||
|
@ -121,7 +121,7 @@ in {
|
|||
{ directory = /var/cache/cups; user = "root"; group = "lp"; mode = "0770"; }
|
||||
] ++ lib.optionals config.services.prometheus.enable [
|
||||
{ directory = /var/lib/${config.services.prometheus.stateDir}; user = "prometheus"; group = "prometheus"; mode = "0755"; }
|
||||
] ++ lib.optionals config.services.qbittorrent-nox.enable [
|
||||
] ++ lib.optionals (config.services.qbittorrent-nox.enable or false) [
|
||||
{ directory = /var/lib/qbittorrent-nox; mode = "0755"; }
|
||||
] ++ lib.optionals (config.services.redis.servers.rspamd.enable or false) [
|
||||
{ directory = /var/lib/redis-rspamd; user = "redis-rspamd"; group = "redis-rspamd"; mode = "0700"; }
|
||||
|
|
Loading…
Reference in a new issue