diff --git a/machines/configuration.nix b/machines/configuration.nix index daa94549..76230512 100644 --- a/machines/configuration.nix +++ b/machines/configuration.nix @@ -99,7 +99,7 @@ in modules = defaultModules ++ [ ./fanny/configuration.nix inputs.disko.nixosModules.disko - ./modules/disko/btrfs-laptop.nix + ./modules/disko/fanny.nix ]; }; diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix index ae2fc700..a4622126 100644 --- a/machines/fanny/configuration.nix +++ b/machines/fanny/configuration.nix @@ -33,8 +33,11 @@ services.acpid.enable = true; networking.hostName = "fanny"; + networking.hostId = "1312acab"; networking.networkmanager.enable = true; + virtualisation.vmVariant.virtualisation.graphics = false; + time.timeZone = "Europe/Berlin"; system.stateVersion = "23.05"; # Do.. Not.. Change.. } diff --git a/machines/modules/disko/btrfs-laptop.nix b/machines/modules/disko/btrfs-laptop.nix index aeedcbb4..eef69315 100644 --- a/machines/modules/disko/btrfs-laptop.nix +++ b/machines/modules/disko/btrfs-laptop.nix @@ -30,7 +30,7 @@ content = { type = "luks"; name = "crypted"; - passwordFile = "/tmp/secret.key"; # Interactive + passwordFile = /tmp/secret.key; # Interactive content = { type = "btrfs"; extraArgs = [ "-f" ]; diff --git a/machines/modules/disko/fanny.nix b/machines/modules/disko/fanny.nix new file mode 100644 index 00000000..53380c65 --- /dev/null +++ b/machines/modules/disko/fanny.nix @@ -0,0 +1,141 @@ +{ + disko.devices = { + disk = { + ssd = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1024M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + }; + }; + }; + }; + + hdd0 = { + type = "disk"; + device = "/dev/sdb"; + content = { + type = "gpt"; + partitions = { + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "storage"; + }; + }; + }; + }; + }; + + hdd1 = { + type = "disk"; + device = "/dev/sdc"; + content = { + type = "gpt"; + partitions = { + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "storage"; + }; + }; + }; + }; + }; + }; + + zpool = { + zroot = { + type = "zpool"; + mode = ""; + # Workaround: cannot import 'zroot': I/O error in disko tests + options.cachefile = "none"; + rootFsOptions = { + compression = "zstd"; + "com.sun:auto-snapshot" = "false"; + }; + + datasets = { + encrypted = { + type = "zfs_fs"; + options = { + mountpoint = "none"; + encryption = "aes-256-gcm"; + keyformat = "passphrase"; + keylocation = "file:///tmp/root.key"; + }; + # use this to read the key during boot + postCreateHook = '' + zfs set keylocation="prompt" "zroot/$name"; + ''; + }; + "encrypted/root" = { + type = "zfs_fs"; + mountpoint = "/"; + }; + "encrypted/var" = { + type = "zfs_fs"; + mountpoint = "/var"; + }; + "encrypted/etc" = { + type = "zfs_fs"; + mountpoint = "/etc"; + }; + "encrypted/home" = { + type = "zfs_fs"; + mountpoint = "/home"; + }; + "encrypted/nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + }; + }; + }; + + storage = { + type = "zpool"; + mode = "mirror"; + + datasets = { + encrypted = { + type = "zfs_fs"; + options = { + mountpoint = "none"; + encryption = "aes-256-gcm"; + keyformat = "passphrase"; + keylocation = "file:///tmp/storage.key"; + }; + + # use this to read the key during boot + postCreateHook = '' + zfs set keylocation="prompt" "zroot/$name"; + ''; + }; + "encrypted/data" = { + type = "zfs_fs"; + mountpoint = "/data"; + }; + }; + }; + }; + }; +}