dotfiles/system/devices/radxa-rock5a-server.nix
2023-10-17 23:12:08 +07:00

99 lines
2.8 KiB
Nix

{ config
, lib
, router-config
, hardware
, ... }:
let
encUuid = "15945050-df48-418b-b736-827749b9262a";
encPart = "/dev/disk/by-uuid/${encUuid}";
rootUuid = "de454394-8cc1-4267-b62b-1e25062f7cf4";
rootPart = "/dev/disk/by-uuid/${rootUuid}";
bootUuid = "0603-5955";
bootPart = "/dev/disk/by-uuid/${bootUuid}";
in
{
imports = [
../hardware/radxa-rock5a
../hosts/server
hardware.common-pc-ssd
];
boot.initrd.availableKernelModules = [
# network in initrd
"dwmac-rk"
# fde unlock in initrd
"dm_mod" "dm_crypt" "encrypted_keys"
];
networking.useDHCP = true;
boot.initrd = {
preLVMCommands = lib.mkOrder 499 ''
ip link set eth0 address ${router-config.router-settings.serverInitrdMac} || true
'';
postMountCommands = ''
ip link set eth0 address ${router-config.router-settings.serverMac} || true
'';
network.enable = true;
network.udhcpc.extraArgs = [ "-t6" ];
network.ssh = {
enable = true;
port = 22;
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
hostKeys = [
"/secrets/initrd/ssh_host_rsa_key"
"/secrets/initrd/ssh_host_ed25519_key"
];
# shell = "/bin/cryptsetup-askpass";
};
luks.devices."cryptroot" = {
device = encPart;
# idk whether this is needed but it works
preLVM = true;
# see https://asalor.blogspot.de/2011/08/trim-dm-crypt-problems.html before enabling
allowDiscards = true;
# improve SSD performance
bypassWorkqueues = true;
};
};
fileSystems = let
device = rootPart;
fsType = "btrfs";
neededForBoot = true;
compress = "compress=zstd";
discard = "discard=async";
in {
"/" = { device = "none"; fsType = "tmpfs"; inherit neededForBoot;
options = [ "defaults" "size=2G" "mode=755" ]; };
# TODO: switch to bcachefs?
# I wanna do it some day, but maybe starting with the next disk I get for this server
"/persist" =
{ inherit device fsType neededForBoot;
options = [ discard compress "subvol=@" ]; };
"/swap" = { inherit device fsType neededForBoot;
options = [ discard "subvol=@swap" "noatime" ]; };
"/boot" = { device = bootPart; fsType = "vfat"; inherit neededForBoot; };
};
swapDevices = [ { device = "/swap/swapfile"; } ];
boot.kernelParams = [
"resume=/@swap/swapfile"
# resume_offset = $(btrfs inspect-internal map-swapfile -r path/to/swapfile)
"resume_offset=26001976"
];
impermanence = {
enable = true;
path = /persist;
directories = [
{ directory = /home/${config.common.mainUsername}; user = config.common.mainUsername; group = "users"; mode = "0700"; }
{ directory = /root; mode = "0700"; }
{ directory = /nix; }
];
};
}