Changes for the new limina
This commit is contained in:
parent
9c024fd9ee
commit
283afec419
@ -15,47 +15,43 @@ with lib; {
|
|||||||
systemd-boot.enable = true;
|
systemd-boot.enable = true;
|
||||||
efi.canTouchEfiVariables = true;
|
efi.canTouchEfiVariables = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
supportedFilesystems = [ "zfs" ];
|
|
||||||
# kernelPackages = pkgs.linuxPackages_latest;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems = {
|
fileSystems = {
|
||||||
"/boot" = {
|
"/" = {
|
||||||
device = "/dev/disk/by-label/BOOT";
|
device = "limina-root";
|
||||||
fsType = "vfat";
|
fsType = "tmpfs";
|
||||||
|
options = [ "mode=755" "noexec" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
"/" = {
|
"/boot" = {
|
||||||
device = "zroot/transient/root";
|
device = "/dev/disk/by-label/LIM-BOOT";
|
||||||
fsType = "zfs";
|
fsType = "vfat";
|
||||||
|
options = [ "noexec" "noatime" "nodiratime" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
"/nix" = {
|
"/nix" = {
|
||||||
device = "zroot/transient/nix";
|
device = "/dev/disk/by-label/limina-root";
|
||||||
fsType = "zfs";
|
fsType = "btrfs";
|
||||||
|
options = [ "subvol=@nix" "noexec" "noatime" "nodiratime" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
"/var/log" = {
|
"/var/log" = {
|
||||||
device = "zroot/transient/logs";
|
device = "/dev/disk/by-label/limina-root";
|
||||||
fsType = "zfs";
|
fsType = "btrfs";
|
||||||
|
options = [ "subvol=@log" "noexec" "noatime" "nodiratime" ];
|
||||||
neededForBoot = true;
|
neededForBoot = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
"/home" = {
|
|
||||||
device = "zroot/persistent/home";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
"/state" = {
|
"/state" = {
|
||||||
device = "zroot/persistent/state";
|
device = "/dev/disk/by-label/limina-root";
|
||||||
fsType = "zfs";
|
fsType = "btrfs";
|
||||||
|
options = [ "subvol=@state" "noexec" "noatime" "nodiratime" ];
|
||||||
|
neededForBoot = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.zfs.autoScrub.enable = true;
|
swapDevices = [{ device = "/dev/disk/by-label/limina-swap"; }];
|
||||||
|
|
||||||
swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
|
|
||||||
|
|
||||||
nix.maxJobs = lib.mkDefault 4;
|
nix.maxJobs = lib.mkDefault 4;
|
||||||
|
|
||||||
|
@ -14,9 +14,6 @@ let
|
|||||||
|
|
||||||
in {
|
in {
|
||||||
config = {
|
config = {
|
||||||
|
|
||||||
boot.zfs.enableUnstable = true;
|
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
interfaces = {
|
interfaces = {
|
||||||
enp1s0 = { useDHCP = true; };
|
enp1s0 = { useDHCP = true; };
|
||||||
@ -65,9 +62,6 @@ in {
|
|||||||
|
|
||||||
client.dns = {
|
client.dns = {
|
||||||
enable = true;
|
enable = true;
|
||||||
ipv4 = true;
|
|
||||||
ipv6 = true;
|
|
||||||
user = "fudo-client";
|
|
||||||
external-interface = "enp1s0";
|
external-interface = "enp1s0";
|
||||||
## This is now set by hosts.nix
|
## This is now set by hosts.nix
|
||||||
# password-file =
|
# password-file =
|
||||||
@ -102,7 +96,7 @@ in {
|
|||||||
backend = "docker";
|
backend = "docker";
|
||||||
containers = {
|
containers = {
|
||||||
pihole = {
|
pihole = {
|
||||||
image = "pihole/pihole:v5.7";
|
image = "pihole/pihole:2021.10";
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
ports = [ "5353:53/tcp" "5353:53/udp" "3080:80/tcp" ];
|
ports = [ "5353:53/tcp" "5353:53/udp" "3080:80/tcp" ];
|
||||||
environment = {
|
environment = {
|
||||||
@ -111,8 +105,8 @@ in {
|
|||||||
DNS1 = "${primary-ip}#${toString dns-proxy-port}";
|
DNS1 = "${primary-ip}#${toString dns-proxy-port}";
|
||||||
};
|
};
|
||||||
volumes = [
|
volumes = [
|
||||||
"/srv/pihole/etc-pihole/:/etc/pihole/"
|
"/state/pihole/etc-pihole/:/etc/pihole/"
|
||||||
"/srv/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/"
|
"/state/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -121,22 +115,13 @@ in {
|
|||||||
|
|
||||||
# Support for statelessness
|
# Support for statelessness
|
||||||
environment.etc = {
|
environment.etc = {
|
||||||
|
# TODO: replace with current config
|
||||||
nixos.source = "/state/nixos";
|
nixos.source = "/state/nixos";
|
||||||
adjtime.source = "/state/etc/adjtime";
|
adjtime.source = "/state/etc/adjtime";
|
||||||
NIXOS.source = "/state/etc/NIXOS";
|
NIXOS.source = "/state/etc/NIXOS";
|
||||||
"host-config.nix".source = "/state/etc/host-config.nix";
|
"host-config.nix".source = "/state/etc/host-config.nix";
|
||||||
## This should be handled by nixops deploy
|
|
||||||
# "krb5.keytab" = {
|
|
||||||
# source = "/state/etc/limina.keytab";
|
|
||||||
# user = "root";
|
|
||||||
# mode = "0400";
|
|
||||||
# };
|
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.initrd.postDeviceCommands = lib.mkAfter ''
|
|
||||||
${pkgs.zfs}/bin/zfs rollback -r zroot/transient/root@blank
|
|
||||||
'';
|
|
||||||
|
|
||||||
security.sudo.extraConfig = ''
|
security.sudo.extraConfig = ''
|
||||||
# rollback results in sudo lectures after each reboot
|
# rollback results in sudo lectures after each reboot
|
||||||
Defaults lecture = never
|
Defaults lecture = never
|
||||||
|
Loading…
Reference in New Issue
Block a user