Compare commits
No commits in common. "6dc3782fe29d83c08db50b15534508b01d29279d" and "3b214d46df42fb62da97064a33783089f6b545a0" have entirely different histories.
6dc3782fe2
...
3b214d46df
12
flake.lock
12
flake.lock
|
@ -25,11 +25,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1702056258,
|
"lastModified": 1701020120,
|
||||||
"narHash": "sha256-Fjhxm6GYq6Tos+Za5slrLRlc+UicOxgzGIxLNtoJpEA=",
|
"narHash": "sha256-rXzIkoYnSHpX12MWzVyWzFdQDQ0puZXTrnyuqt8Xci4=",
|
||||||
"owner": "chayleaf",
|
"owner": "chayleaf",
|
||||||
"repo": "coop-ofd",
|
"repo": "coop-ofd",
|
||||||
"rev": "a96a20b176da515ec090a783de39aa8d9e573be1",
|
"rev": "4ac9b827b50f4131ccf7b9e2f3281e9d6fc991ac",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -319,11 +319,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1701951621,
|
"lastModified": 1700647334,
|
||||||
"narHash": "sha256-97wdVG/CHlHkWqd8Y+1PvLrNBp91tf0esBURFVT8KSA=",
|
"narHash": "sha256-0F5B7oJAAJ4u4sq97nIhcH/pVFkFjYY5JFxXXHOBJQ4=",
|
||||||
"owner": "chayleaf",
|
"owner": "chayleaf",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "b4ba55d440f4eb00379307b7c2f0279b5d24b68b",
|
"rev": "e70edbbc30bca7d90c4a1e8c653ceb1607cc2858",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -49,6 +49,7 @@
|
||||||
format = "{value}{icon}";
|
format = "{value}{icon}";
|
||||||
format-icons = {
|
format-icons = {
|
||||||
default = "";
|
default = "";
|
||||||
|
focused = "";
|
||||||
urgent = " ";
|
urgent = " ";
|
||||||
"2" = " ";
|
"2" = " ";
|
||||||
"3" = " ";
|
"3" = " ";
|
||||||
|
@ -56,7 +57,7 @@
|
||||||
"5" = " ";
|
"5" = " ";
|
||||||
};
|
};
|
||||||
persistent-workspaces = {
|
persistent-workspaces = {
|
||||||
"1" = [ ]; "2" = [ ]; "3" = [ ];
|
"1" = []; "2" = []; "3" = []; "4" = []; "5" = [];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
"sway/mode" = {
|
"sway/mode" = {
|
||||||
|
|
|
@ -1,59 +1,91 @@
|
||||||
# device-specific non-portable config
|
# device-specific non-portable config
|
||||||
{ pkgs
|
|
||||||
, ...
|
|
||||||
}:
|
|
||||||
|
|
||||||
let
|
let
|
||||||
uuids.efi = "D97E-A4D5";
|
efiPart = "/dev/disk/by-uuid/D77D-8CE0";
|
||||||
uuids.encroot = "a2c3c9ea-2c73-4786-bff7-5f0aa7097912";
|
|
||||||
uuids.root = "dc669123-d6d3-447f-9ce3-c22587e5fa6a";
|
|
||||||
uuids.encdata = "f1447692-fa7c-4bd6-9cb5-e44c13fddfe3";
|
|
||||||
uuids.data = "fa754b1e-ac83-4851-bf16-88efcd40b657";
|
|
||||||
uuids.swap = "01c21ed8-0f40-4892-825d-81f5ddb9a0a2";
|
|
||||||
parts = builtins.mapAttrs (k: v: "/dev/disk/by-uuid/${v}") uuids;
|
|
||||||
in
|
|
||||||
|
|
||||||
{
|
encPart = "/dev/disk/by-uuid/ce6ccdf0-7b6a-43ae-bfdf-10009a55041a";
|
||||||
|
cryptrootUuid = "f4edc0df-b50b-42f6-94ed-1c8f88d6cdbb";
|
||||||
|
cryptroot = "/dev/disk/by-uuid/${cryptrootUuid}";
|
||||||
|
|
||||||
|
dataPart = "/dev/disk/by-uuid/f1447692-fa7c-4bd6-9cb5-e44c13fddfe3";
|
||||||
|
datarootUuid = "fa754b1e-ac83-4851-bf16-88efcd40b657";
|
||||||
|
dataroot = "/dev/disk/by-uuid/${datarootUuid}";
|
||||||
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
../hardware/msi-delta-15
|
../hardware/msi-delta-15
|
||||||
../hosts/nixmsi.nix
|
../hosts/nixmsi.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.initrd.systemd.enable = false;
|
|
||||||
boot.initrd = {
|
boot.initrd = {
|
||||||
luks.devices.cryptroot = {
|
# insert crypto_keyfile into initrd so that grub can tell the kernel the
|
||||||
device = parts.encroot;
|
# encryption key once I unlock the /boot partition
|
||||||
|
secrets."/crypto_keyfile.bin" = "/boot/initrd/crypto_keyfile.bin";
|
||||||
|
luks.devices."cryptroot" = {
|
||||||
|
device = encPart;
|
||||||
|
# idk whether this is needed but it works
|
||||||
|
preLVM = true;
|
||||||
# see https://asalor.blogspot.de/2011/08/trim-dm-crypt-problems.html before enabling
|
# see https://asalor.blogspot.de/2011/08/trim-dm-crypt-problems.html before enabling
|
||||||
allowDiscards = true;
|
allowDiscards = true;
|
||||||
|
# improve SSD performance
|
||||||
|
bypassWorkqueues = true;
|
||||||
|
keyFile = "/crypto_keyfile.bin";
|
||||||
};
|
};
|
||||||
luks.devices.dataroot = {
|
luks.devices."dataroot" = {
|
||||||
device = parts.encdata;
|
device = dataPart;
|
||||||
|
preLVM = true;
|
||||||
allowDiscards = true;
|
allowDiscards = true;
|
||||||
|
bypassWorkqueues = true;
|
||||||
|
keyFile = "/crypto_keyfile.bin";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
boot.loader = {
|
||||||
boot.loader.systemd-boot.enable = true;
|
grub = {
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
enable = true;
|
||||||
|
enableCryptodisk = true;
|
||||||
boot.kernelPackages = pkgs.linuxPackages_testing;
|
efiSupport = true;
|
||||||
boot.kernelParams = [ "boot.shell_on_fail" ];
|
# nodev = disable bios support
|
||||||
|
device = "nodev";
|
||||||
fileSystems = {
|
};
|
||||||
"/" = { device = "none"; fsType = "tmpfs"; neededForBoot = true;
|
efi.canTouchEfiVariables = true;
|
||||||
|
efi.efiSysMountPoint = "/boot/efi";
|
||||||
|
};
|
||||||
|
boot.resumeDevice = cryptroot;
|
||||||
|
boot.kernelParams = [
|
||||||
|
"resume=/@swap/swapfile"
|
||||||
|
# resume_offset = $(btrfs inspect-internal map-swapfile -r path/to/swapfile)
|
||||||
|
"resume_offset=533760"
|
||||||
|
];
|
||||||
|
fileSystems = let
|
||||||
|
device = cryptroot;
|
||||||
|
fsType = "btrfs";
|
||||||
|
# max compression! my cpu is pretty good anyway
|
||||||
|
compress = "compress=zstd:15";
|
||||||
|
discard = "discard=async";
|
||||||
|
neededForBoot = true;
|
||||||
|
in {
|
||||||
|
# mount root on tmpfs
|
||||||
|
"/" = { device = "none"; fsType = "tmpfs"; inherit neededForBoot;
|
||||||
options = [ "defaults" "size=2G" "mode=755" ]; };
|
options = [ "defaults" "size=2G" "mode=755" ]; };
|
||||||
"/persist" =
|
"/persist" =
|
||||||
{ device = parts.root; fsType = "bcachefs"; neededForBoot = true;
|
{ inherit device fsType neededForBoot;
|
||||||
options = [ "discard=1" ]; };
|
options = [ discard compress "subvol=@" ]; };
|
||||||
"/boot" = { device = parts.efi; fsType = "vfat"; neededForBoot = true; };
|
"/nix" = { inherit device fsType neededForBoot;
|
||||||
|
options = [ discard compress "subvol=@nix" "noatime" ]; };
|
||||||
|
"/swap" = { inherit device fsType neededForBoot;
|
||||||
|
options = [ discard "subvol=@swap" "noatime" ]; };
|
||||||
|
"/home" = { inherit device fsType;
|
||||||
|
options = [ discard compress "subvol=@home" ]; };
|
||||||
|
# why am I even bothering with creating this subvolume every time if I don't use snapshots anyway?
|
||||||
|
"/.snapshots" =
|
||||||
|
{ inherit device fsType;
|
||||||
|
options = [ discard compress "subvol=@snapshots" ]; };
|
||||||
|
"/boot" = { inherit device fsType neededForBoot;
|
||||||
|
options = [ discard compress "subvol=@boot" ]; };
|
||||||
|
"/boot/efi" =
|
||||||
|
{ device = efiPart; fsType = "vfat"; inherit neededForBoot; };
|
||||||
"/data" =
|
"/data" =
|
||||||
{ device = parts.data; fsType = "btrfs";
|
{ device = dataroot; fsType = "btrfs";
|
||||||
options = [ "discard=async" "compress=zstd:15" ]; };
|
options = [ discard compress ]; };
|
||||||
};
|
};
|
||||||
impermanence.directories = [
|
|
||||||
/root
|
|
||||||
/home
|
|
||||||
/nix
|
|
||||||
];
|
|
||||||
|
|
||||||
impermanence = {
|
impermanence = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -63,13 +95,18 @@ in
|
||||||
# fix for my realtek usb ethernet adapter
|
# fix for my realtek usb ethernet adapter
|
||||||
services.tlp.settings.USB_DENYLIST = "0bda:8156";
|
services.tlp.settings.USB_DENYLIST = "0bda:8156";
|
||||||
|
|
||||||
swapDevices = [ { device = parts.swap; } ];
|
swapDevices = [ { device = "/swap/swapfile"; } ];
|
||||||
boot.resumeDevice = parts.swap;
|
|
||||||
|
|
||||||
# dedupe
|
# dedupe
|
||||||
services.beesd = {
|
services.beesd = {
|
||||||
|
# i have a lot of ram :tonystark:
|
||||||
|
filesystems.cryptroot = {
|
||||||
|
spec = "UUID=${cryptrootUuid}";
|
||||||
|
hashTableSizeMB = 128;
|
||||||
|
extraOptions = [ "--loadavg-target" "8.0" ];
|
||||||
|
};
|
||||||
filesystems.dataroot = {
|
filesystems.dataroot = {
|
||||||
spec = "UUID=${uuids.data}";
|
spec = "UUID=${datarootUuid}";
|
||||||
hashTableSizeMB = 256;
|
hashTableSizeMB = 256;
|
||||||
extraOptions = [ "--loadavg-target" "8.0" ];
|
extraOptions = [ "--loadavg-target" "8.0" ];
|
||||||
};
|
};
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
|
|
||||||
let
|
let
|
||||||
uuids.enc = "15945050-df48-418b-b736-827749b9262a";
|
uuids.enc = "15945050-df48-418b-b736-827749b9262a";
|
||||||
uuids.swap = "5c7f9e4e-c245-4ccb-98a2-1211ea7008e8";
|
uuids.oldroot = "de454394-8cc1-4267-b62b-1e25062f7cf4";
|
||||||
uuids.boot = "0603-5955";
|
uuids.boot = "0603-5955";
|
||||||
uuids.bch0 = "9f10b9ac-3102-4816-8f2c-e0526c2aa65b";
|
uuids.bch0 = "9f10b9ac-3102-4816-8f2c-e0526c2aa65b";
|
||||||
uuids.bch1 = "4ffed814-057c-4f9f-9a12-9d8ac6331e62";
|
uuids.bch1 = "4ffed814-057c-4f9f-9a12-9d8ac6331e62";
|
||||||
|
@ -109,14 +109,21 @@ in
|
||||||
"/persist" =
|
"/persist" =
|
||||||
{ device = "UUID=${uuids.bch}"; fsType = "bcachefs"; inherit neededForBoot;
|
{ device = "UUID=${uuids.bch}"; fsType = "bcachefs"; inherit neededForBoot;
|
||||||
options = [ "errors=ro" ]; };
|
options = [ "errors=ro" ]; };
|
||||||
|
#"/persist" =
|
||||||
|
# { device = parts.oldroot; fsType = "btrfs"; inherit neededForBoot;
|
||||||
|
# options = [ "discard=async" "compress=zstd" "subvol=@" ]; };
|
||||||
|
"/swap" = { device = parts.oldroot; fsType = "btrfs"; inherit neededForBoot;
|
||||||
|
options = [ "discard=async" "subvol=@swap" "noatime" ]; };
|
||||||
"/boot" = { device = parts.boot; fsType = "vfat"; inherit neededForBoot; };
|
"/boot" = { device = parts.boot; fsType = "vfat"; inherit neededForBoot; };
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices = [ { device = parts.swap; } ];
|
swapDevices = [ { device = "/swap/swapfile"; } ];
|
||||||
|
|
||||||
boot.kernel.sysctl = {
|
boot.kernelParams = [
|
||||||
"vm.swappiness" = 10;
|
"resume=/@swap/swapfile"
|
||||||
};
|
# resume_offset = $(btrfs inspect-internal map-swapfile -r path/to/swapfile)
|
||||||
|
"resume_offset=26001976"
|
||||||
|
];
|
||||||
|
|
||||||
impermanence = {
|
impermanence = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
{ hardware
|
{ hardware
|
||||||
, pkgs
|
, pkgs
|
||||||
, lib
|
|
||||||
, ... }:
|
, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
@ -14,7 +13,7 @@
|
||||||
common.resolution = "1920x1080";
|
common.resolution = "1920x1080";
|
||||||
vfio.pciIDs = [ "1002:73df" "1002:ab28" ];
|
vfio.pciIDs = [ "1002:73df" "1002:ab28" ];
|
||||||
boot = {
|
boot = {
|
||||||
kernelPackages = lib.mkDefault (pkgs.linuxPackagesFor pkgs.linux_latest);
|
kernelPackages = pkgs.linuxPackagesFor pkgs.linux_latest;
|
||||||
initrd.availableKernelModules = [ "nvme" "xhci_pci" ];
|
initrd.availableKernelModules = [ "nvme" "xhci_pci" ];
|
||||||
kernelParams = [
|
kernelParams = [
|
||||||
# disable PSR to *hopefully* avoid random hangs
|
# disable PSR to *hopefully* avoid random hangs
|
||||||
|
|
|
@ -74,7 +74,7 @@ in {
|
||||||
] ++ lib.optionals config.programs.ccache.enable [
|
] ++ lib.optionals config.programs.ccache.enable [
|
||||||
{ directory = config.programs.ccache.cacheDir; user = "root"; group = "nixbld"; mode = "0770"; }
|
{ directory = config.programs.ccache.cacheDir; user = "root"; group = "nixbld"; mode = "0770"; }
|
||||||
{ directory = /var/cache/sccache; user = "root"; group = "nixbld"; mode = "0770"; }
|
{ directory = /var/cache/sccache; user = "root"; group = "nixbld"; mode = "0770"; }
|
||||||
] ++ lib.optionals (config.services.coop-ofd.enable or false) [
|
] ++ lib.optionals config.services.coop-ofd.enable [
|
||||||
{ directory = /var/lib/coop-ofd; mode = "0750"; }
|
{ directory = /var/lib/coop-ofd; mode = "0750"; }
|
||||||
] ++ lib.optionals config.services.dovecot2.enable [
|
] ++ lib.optionals config.services.dovecot2.enable [
|
||||||
{ directory = /var/lib/dhparams; user = "root"; group = "root"; mode = "0755"; }
|
{ directory = /var/lib/dhparams; user = "root"; group = "root"; mode = "0755"; }
|
||||||
|
@ -95,7 +95,7 @@ in {
|
||||||
{ directory = /var/lib/jellyfin; user = "jellyfin"; group = "jellyfin"; mode = "0750"; }
|
{ directory = /var/lib/jellyfin; user = "jellyfin"; group = "jellyfin"; mode = "0750"; }
|
||||||
] ++ lib.optionals config.services.matrix-synapse.enable [
|
] ++ lib.optionals config.services.matrix-synapse.enable [
|
||||||
{ directory = /var/lib/matrix-synapse; user = "matrix-synapse"; group = "matrix-synapse"; mode = "0700"; }
|
{ directory = /var/lib/matrix-synapse; user = "matrix-synapse"; group = "matrix-synapse"; mode = "0700"; }
|
||||||
] ++ lib.optionals (config.services.maubot.enable or false) [
|
] ++ lib.optionals config.services.maubot.enable [
|
||||||
{ directory = /var/lib/maubot; user = "maubot"; group = "maubot"; mode = "0750"; }
|
{ directory = /var/lib/maubot; user = "maubot"; group = "maubot"; mode = "0750"; }
|
||||||
] ++ lib.optionals config.services.monero.enable [
|
] ++ lib.optionals config.services.monero.enable [
|
||||||
{ directory = config.services.monero.dataDir; user = "monero"; group = "monero"; mode = "0750"; }
|
{ directory = config.services.monero.dataDir; user = "monero"; group = "monero"; mode = "0750"; }
|
||||||
|
@ -121,7 +121,7 @@ in {
|
||||||
{ directory = /var/cache/cups; user = "root"; group = "lp"; mode = "0770"; }
|
{ directory = /var/cache/cups; user = "root"; group = "lp"; mode = "0770"; }
|
||||||
] ++ lib.optionals config.services.prometheus.enable [
|
] ++ lib.optionals config.services.prometheus.enable [
|
||||||
{ directory = /var/lib/${config.services.prometheus.stateDir}; user = "prometheus"; group = "prometheus"; mode = "0755"; }
|
{ directory = /var/lib/${config.services.prometheus.stateDir}; user = "prometheus"; group = "prometheus"; mode = "0755"; }
|
||||||
] ++ lib.optionals (config.services.qbittorrent-nox.enable or false) [
|
] ++ lib.optionals config.services.qbittorrent-nox.enable [
|
||||||
{ directory = /var/lib/qbittorrent-nox; mode = "0755"; }
|
{ directory = /var/lib/qbittorrent-nox; mode = "0755"; }
|
||||||
] ++ lib.optionals (config.services.redis.servers.rspamd.enable or false) [
|
] ++ lib.optionals (config.services.redis.servers.rspamd.enable or false) [
|
||||||
{ directory = /var/lib/redis-rspamd; user = "redis-rspamd"; group = "redis-rspamd"; mode = "0700"; }
|
{ directory = /var/lib/redis-rspamd; user = "redis-rspamd"; group = "redis-rspamd"; mode = "0700"; }
|
||||||
|
|
Loading…
Reference in a new issue