chayleaf/dotfiles
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
dotfiles/system/devices/msi-delta-15-workstation.nix

115 lines
3.7 KiB
Nix
Raw Blame History

# device-specific non-portable config
let
efiPart = "/dev/disk/by-uuid/D77D-8CE0";
encPart = "/dev/disk/by-uuid/ce6ccdf0-7b6a-43ae-bfdf-10009a55041a";
cryptrootUuid = "f4edc0df-b50b-42f6-94ed-1c8f88d6cdbb";
cryptroot = "/dev/disk/by-uuid/${cryptrootUuid}";
dataPart = "/dev/disk/by-uuid/f1447692-fa7c-4bd6-9cb5-e44c13fddfe3";
datarootUuid = "fa754b1e-ac83-4851-bf16-88efcd40b657";
dataroot = "/dev/disk/by-uuid/${datarootUuid}";
in {
imports = [
../hardware/msi-delta-15.nix
../hosts/nixmsi.nix
];
boot.initrd = {
# insert crypto_keyfile into initrd so that grub can tell the kernel the
# encryption key once I unlock the /boot partition
secrets."/crypto_keyfile.bin" = "/boot/initrd/crypto_keyfile.bin";
luks.devices."cryptroot" = {
device = encPart;
# idk whether this is needed but it works
preLVM = true;
# see https://asalor.blogspot.de/2011/08/trim-dm-crypt-problems.html before enabling
allowDiscards = true;
# improve SSD performance
bypassWorkqueues = true;
keyFile = "/crypto_keyfile.bin";
};
luks.devices."dataroot" = {
device = dataPart;
preLVM = true;
allowDiscards = true;
bypassWorkqueues = true;
keyFile = "/crypto_keyfile.bin";
};
};
boot.loader = {
grub = {
enable = true;
enableCryptodisk = true;
efiSupport = true;
# nodev = disable bios support
device = "nodev";
};
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot/efi";
};
boot.resumeDevice = cryptroot;
boot.kernelParams = [
"resume=/@swap/swapfile"
# resume_offset = $(btrfs inspect-internal map-swapfile -r path/to/swapfile)
"resume_offset=533760"
];
fileSystems = let
device = cryptroot;
fsType = "btrfs";
# max compression! my cpu is pretty good anyway
compress = "compress=zstd:15";
discard = "discard=async";
neededForBoot = true;
in {
# mount root on tmpfs
"/" = { device = "none"; fsType = "tmpfs"; inherit neededForBoot;
options = [ "defaults" "size=2G" "mode=755" ]; };
"/persist" =
{ inherit device fsType neededForBoot;
options = [ discard compress "subvol=@" ]; };
"/nix" = { inherit device fsType neededForBoot;
options = [ discard compress "subvol=@nix" "noatime" ]; };
"/swap" = { inherit device fsType neededForBoot;
options = [ discard "subvol=@swap" "noatime" ]; };
"/home" = { inherit device fsType;
options = [ discard compress "subvol=@home" ]; };
# why am I even bothering with creating this subvolume every time if I don't use snapshots anyway?
"/.snapshots" =
{ inherit device fsType;
options = [ discard compress "subvol=@snapshots" ]; };
"/boot" = { inherit device fsType neededForBoot;
options = [ discard compress "subvol=@boot" ]; };
"/boot/efi" =
{ device = efiPart; fsType = "vfat"; inherit neededForBoot; };
"/data" =
{ device = dataroot; fsType = "btrfs";
options = [ discard compress ]; };
};
impermanence = {
enable = true;
path = /persist;
};
# fix for my realtek usb ethernet adapter
services.tlp.settings.USB_DENYLIST = "0bda:8156";
swapDevices = [ { device = "/swap/swapfile"; } ];
# dedupe
services.beesd = {
# i have a lot of ram :tonystark:
filesystems.cryptroot = {
spec = "UUID=${cryptrootUuid}";
hashTableSizeMB = 128;
extraOptions = [ "--loadavg-target" "8.0" ];
};
filesystems.dataroot = {
spec = "UUID=${datarootUuid}";
hashTableSizeMB = 256;
extraOptions = [ "--loadavg-target" "8.0" ];
};
};
}
Reference in a new issue View git blame Copy permalink