chayleaf/dotfiles
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

devices/{workstation,server}: change drive configuration

Browse source
This commit is contained in:
chayleaf 2023-12-09 00:38:25 +07:00
parent 82eb631fd1
commit 863599b614
Signed by: chayleaf
GPG key ID: 78171AD46227E68E
5 changed files with 56 additions and 100 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
flake.lock
View file

@ -25,11 +25,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1701020120, "lastModified": 1702056258,
"narHash": "sha256-rXzIkoYnSHpX12MWzVyWzFdQDQ0puZXTrnyuqt8Xci4=", "narHash": "sha256-Fjhxm6GYq6Tos+Za5slrLRlc+UicOxgzGIxLNtoJpEA=",
"owner": "chayleaf", "owner": "chayleaf",
"repo": "coop-ofd", "repo": "coop-ofd",
"rev": "4ac9b827b50f4131ccf7b9e2f3281e9d6fc991ac", "rev": "a96a20b176da515ec090a783de39aa8d9e573be1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -319,11 +319,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1700647334, "lastModified": 1701951621,
"narHash": "sha256-0F5B7oJAAJ4u4sq97nIhcH/pVFkFjYY5JFxXXHOBJQ4=", "narHash": "sha256-97wdVG/CHlHkWqd8Y+1PvLrNBp91tf0esBURFVT8KSA=",
"owner": "chayleaf", "owner": "chayleaf",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e70edbbc30bca7d90c4a1e8c653ceb1607cc2858", "rev": "b4ba55d440f4eb00379307b7c2f0279b5d24b68b",
"type": "github" "type": "github"
}, },
"original": { "original": {

118
system/devices/msi-delta-15-workstation.nix
View file

@ -1,91 +1,58 @@
# device-specific non-portable config # device-specific non-portable config
{ pkgs
, ...
}:
let let
efiPart = "/dev/disk/by-uuid/D77D-8CE0"; uuids.efi = "D97E-A4D5";
uuids.encroot = "a2c3c9ea-2c73-4786-bff7-5f0aa7097912";
uuids.root = "dc669123-d6d3-447f-9ce3-c22587e5fa6a";
uuids.encdata = "f1447692-fa7c-4bd6-9cb5-e44c13fddfe3";
uuids.data = "fa754b1e-ac83-4851-bf16-88efcd40b657";
uuids.swap = "01c21ed8-0f40-4892-825d-81f5ddb9a0a2";
parts = builtins.mapAttrs (k: v: "/dev/disk/by-uuid/${v}") uuids;
in
encPart = "/dev/disk/by-uuid/ce6ccdf0-7b6a-43ae-bfdf-10009a55041a"; {
cryptrootUuid = "f4edc0df-b50b-42f6-94ed-1c8f88d6cdbb";
cryptroot = "/dev/disk/by-uuid/${cryptrootUuid}";
dataPart = "/dev/disk/by-uuid/f1447692-fa7c-4bd6-9cb5-e44c13fddfe3";
datarootUuid = "fa754b1e-ac83-4851-bf16-88efcd40b657";
dataroot = "/dev/disk/by-uuid/${datarootUuid}";
in {
imports = [ imports = [
../hardware/msi-delta-15 ../hardware/msi-delta-15
../hosts/nixmsi.nix ../hosts/nixmsi.nix
]; ];
boot.initrd.systemd.enable = false;
boot.initrd = { boot.initrd = {
# insert crypto_keyfile into initrd so that grub can tell the kernel the luks.devices.cryptroot = {
# encryption key once I unlock the /boot partition device = parts.encroot;
secrets."/crypto_keyfile.bin" = "/boot/initrd/crypto_keyfile.bin";
luks.devices."cryptroot" = {
device = encPart;
# idk whether this is needed but it works
preLVM = true;
# see https://asalor.blogspot.de/2011/08/trim-dm-crypt-problems.html before enabling # see https://asalor.blogspot.de/2011/08/trim-dm-crypt-problems.html before enabling
allowDiscards = true; allowDiscards = true;
# improve SSD performance
bypassWorkqueues = true;
keyFile = "/crypto_keyfile.bin";
}; };
luks.devices."dataroot" = { luks.devices.dataroot = {
device = dataPart; device = parts.encdata;
preLVM = true;
allowDiscards = true; allowDiscards = true;
bypassWorkqueues = true;
keyFile = "/crypto_keyfile.bin";
}; };
}; };
boot.loader = {
grub = { boot.loader.systemd-boot.enable = true;
enable = true; boot.loader.efi.canTouchEfiVariables = true;
enableCryptodisk = true;
efiSupport = true; boot.kernelPackages = pkgs.linuxPackages_testing;
# nodev = disable bios support boot.kernelParams = [ "boot.shell_on_fail" ];
device = "nodev";
}; fileSystems = {
efi.canTouchEfiVariables = true; "/" = { device = "none"; fsType = "tmpfs"; neededForBoot = true;
efi.efiSysMountPoint = "/boot/efi";
};
boot.resumeDevice = cryptroot;
boot.kernelParams = [
"resume=/@swap/swapfile"
# resume_offset = $(btrfs inspect-internal map-swapfile -r path/to/swapfile)
"resume_offset=533760"
];
fileSystems = let
device = cryptroot;
fsType = "btrfs";
# max compression! my cpu is pretty good anyway
compress = "compress=zstd:15";
discard = "discard=async";
neededForBoot = true;
in {
# mount root on tmpfs
"/" = { device = "none"; fsType = "tmpfs"; inherit neededForBoot;
options = [ "defaults" "size=2G" "mode=755" ]; }; options = [ "defaults" "size=2G" "mode=755" ]; };
"/persist" = "/persist" =
{ inherit device fsType neededForBoot; { device = parts.root; fsType = "bcachefs"; neededForBoot = true;
options = [ discard compress "subvol=@" ]; }; options = [ "discard=1" ]; };
"/nix" = { inherit device fsType neededForBoot; "/boot" = { device = parts.efi; fsType = "vfat"; neededForBoot = true; };
options = [ discard compress "subvol=@nix" "noatime" ]; }; "/data" = { device = parts.data; fsType = "btrfs";
"/swap" = { inherit device fsType neededForBoot; options = [ "discard=async" "compress=zstd:15" ]; };
options = [ discard "subvol=@swap" "noatime" ]; };
"/home" = { inherit device fsType;
options = [ discard compress "subvol=@home" ]; };
# why am I even bothering with creating this subvolume every time if I don't use snapshots anyway?
"/.snapshots" =
{ inherit device fsType;
options = [ discard compress "subvol=@snapshots" ]; };
"/boot" = { inherit device fsType neededForBoot;
options = [ discard compress "subvol=@boot" ]; };
"/boot/efi" =
{ device = efiPart; fsType = "vfat"; inherit neededForBoot; };
"/data" =
{ device = dataroot; fsType = "btrfs";
options = [ discard compress ]; };
}; };
impermanence.directories = [
/root
/home
/nix
];
impermanence = { impermanence = {
enable = true; enable = true;
@ -95,18 +62,13 @@ in {
# fix for my realtek usb ethernet adapter # fix for my realtek usb ethernet adapter
services.tlp.settings.USB_DENYLIST = "0bda:8156"; services.tlp.settings.USB_DENYLIST = "0bda:8156";
swapDevices = [ { device = "/swap/swapfile"; } ]; swapDevices = [ { device = parts.swap; } ];
boot.resumeDevice = parts.swap;
# dedupe # dedupe
services.beesd = { services.beesd = {
# i have a lot of ram :tonystark:
filesystems.cryptroot = {
spec = "UUID=${cryptrootUuid}";
hashTableSizeMB = 128;
extraOptions = [ "--loadavg-target" "8.0" ];
};
filesystems.dataroot = { filesystems.dataroot = {
spec = "UUID=${datarootUuid}"; spec = "UUID=${uuids.data}";
hashTableSizeMB = 256; hashTableSizeMB = 256;
extraOptions = [ "--loadavg-target" "8.0" ]; extraOptions = [ "--loadavg-target" "8.0" ];
}; };

17
system/devices/radxa-rock5a-server.nix
View file

@ -6,7 +6,7 @@
let let
uuids.enc = "15945050-df48-418b-b736-827749b9262a"; uuids.enc = "15945050-df48-418b-b736-827749b9262a";
uuids.oldroot = "de454394-8cc1-4267-b62b-1e25062f7cf4"; uuids.swap = "5c7f9e4e-c245-4ccb-98a2-1211ea7008e8";
uuids.boot = "0603-5955"; uuids.boot = "0603-5955";
uuids.bch0 = "9f10b9ac-3102-4816-8f2c-e0526c2aa65b"; uuids.bch0 = "9f10b9ac-3102-4816-8f2c-e0526c2aa65b";
uuids.bch1 = "4ffed814-057c-4f9f-9a12-9d8ac6331e62"; uuids.bch1 = "4ffed814-057c-4f9f-9a12-9d8ac6331e62";
@ -109,21 +109,14 @@ in
"/persist" = "/persist" =
{ device = "UUID=${uuids.bch}"; fsType = "bcachefs"; inherit neededForBoot; { device = "UUID=${uuids.bch}"; fsType = "bcachefs"; inherit neededForBoot;
options = [ "errors=ro" ]; }; options = [ "errors=ro" ]; };
#"/persist" =
# { device = parts.oldroot; fsType = "btrfs"; inherit neededForBoot;
# options = [ "discard=async" "compress=zstd" "subvol=@" ]; };
"/swap" = { device = parts.oldroot; fsType = "btrfs"; inherit neededForBoot;
options = [ "discard=async" "subvol=@swap" "noatime" ]; };
"/boot" = { device = parts.boot; fsType = "vfat"; inherit neededForBoot; }; "/boot" = { device = parts.boot; fsType = "vfat"; inherit neededForBoot; };
}; };
swapDevices = [ { device = "/swap/swapfile"; } ]; swapDevices = [ { device = parts.swap; } ];
boot.kernelParams = [ boot.kernel.sysctl = {
"resume=/@swap/swapfile" "vm.swappiness" = 10;
# resume_offset = $(btrfs inspect-internal map-swapfile -r path/to/swapfile) };
"resume_offset=26001976"
];
impermanence = { impermanence = {
enable = true; enable = true;

3
system/hardware/msi-delta-15/default.nix
View file

@ -1,5 +1,6 @@
{ hardware { hardware
, pkgs , pkgs
, lib
, ... }: , ... }:
{ {
@ -13,7 +14,7 @@
common.resolution = "1920x1080"; common.resolution = "1920x1080";
vfio.pciIDs = [ "1002:73df" "1002:ab28" ]; vfio.pciIDs = [ "1002:73df" "1002:ab28" ];
boot = { boot = {
kernelPackages = pkgs.linuxPackagesFor pkgs.linux_latest; kernelPackages = lib.mkDefault (pkgs.linuxPackagesFor pkgs.linux_latest);
initrd.availableKernelModules = [ "nvme" "xhci_pci" ]; initrd.availableKernelModules = [ "nvme" "xhci_pci" ];
kernelParams = [ kernelParams = [
# disable PSR to *hopefully* avoid random hangs # disable PSR to *hopefully* avoid random hangs

6
system/modules/impermanence.nix
View file

@ -74,7 +74,7 @@ in {
] ++ lib.optionals config.programs.ccache.enable [ ] ++ lib.optionals config.programs.ccache.enable [
{ directory = config.programs.ccache.cacheDir; user = "root"; group = "nixbld"; mode = "0770"; } { directory = config.programs.ccache.cacheDir; user = "root"; group = "nixbld"; mode = "0770"; }
{ directory = /var/cache/sccache; user = "root"; group = "nixbld"; mode = "0770"; } { directory = /var/cache/sccache; user = "root"; group = "nixbld"; mode = "0770"; }
] ++ lib.optionals config.services.coop-ofd.enable [ ] ++ lib.optionals (config.services.coop-ofd.enable or false) [
{ directory = /var/lib/coop-ofd; mode = "0750"; } { directory = /var/lib/coop-ofd; mode = "0750"; }
] ++ lib.optionals config.services.dovecot2.enable [ ] ++ lib.optionals config.services.dovecot2.enable [
{ directory = /var/lib/dhparams; user = "root"; group = "root"; mode = "0755"; } { directory = /var/lib/dhparams; user = "root"; group = "root"; mode = "0755"; }
@ -95,7 +95,7 @@ in {
{ directory = /var/lib/jellyfin; user = "jellyfin"; group = "jellyfin"; mode = "0750"; } { directory = /var/lib/jellyfin; user = "jellyfin"; group = "jellyfin"; mode = "0750"; }
] ++ lib.optionals config.services.matrix-synapse.enable [ ] ++ lib.optionals config.services.matrix-synapse.enable [
{ directory = /var/lib/matrix-synapse; user = "matrix-synapse"; group = "matrix-synapse"; mode = "0700"; } { directory = /var/lib/matrix-synapse; user = "matrix-synapse"; group = "matrix-synapse"; mode = "0700"; }
] ++ lib.optionals config.services.maubot.enable [ ] ++ lib.optionals (config.services.maubot.enable or false) [
{ directory = /var/lib/maubot; user = "maubot"; group = "maubot"; mode = "0750"; } { directory = /var/lib/maubot; user = "maubot"; group = "maubot"; mode = "0750"; }
] ++ lib.optionals config.services.monero.enable [ ] ++ lib.optionals config.services.monero.enable [
{ directory = config.services.monero.dataDir; user = "monero"; group = "monero"; mode = "0750"; } { directory = config.services.monero.dataDir; user = "monero"; group = "monero"; mode = "0750"; }
@ -121,7 +121,7 @@ in {
{ directory = /var/cache/cups; user = "root"; group = "lp"; mode = "0770"; } { directory = /var/cache/cups; user = "root"; group = "lp"; mode = "0770"; }
] ++ lib.optionals config.services.prometheus.enable [ ] ++ lib.optionals config.services.prometheus.enable [
{ directory = /var/lib/${config.services.prometheus.stateDir}; user = "prometheus"; group = "prometheus"; mode = "0755"; } { directory = /var/lib/${config.services.prometheus.stateDir}; user = "prometheus"; group = "prometheus"; mode = "0755"; }
] ++ lib.optionals config.services.qbittorrent-nox.enable [ ] ++ lib.optionals (config.services.qbittorrent-nox.enable or false) [
{ directory = /var/lib/qbittorrent-nox; mode = "0755"; } { directory = /var/lib/qbittorrent-nox; mode = "0755"; }
] ++ lib.optionals (config.services.redis.servers.rspamd.enable or false) [ ] ++ lib.optionals (config.services.redis.servers.rspamd.enable or false) [
{ directory = /var/lib/redis-rspamd; user = "redis-rspamd"; group = "redis-rspamd"; mode = "0700"; } { directory = /var/lib/redis-rspamd; user = "redis-rspamd"; group = "redis-rspamd"; mode = "0700"; }