Changes for the new limina

This commit is contained in:
niten 2021-10-12 23:54:43 -07:00
parent 9c024fd9ee
commit 283afec419
2 changed files with 23 additions and 42 deletions

View File

@ -15,47 +15,43 @@ with lib; {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
supportedFilesystems = [ "zfs" ];
# kernelPackages = pkgs.linuxPackages_latest;
};
fileSystems = {
"/boot" = {
device = "/dev/disk/by-label/BOOT";
fsType = "vfat";
"/" = {
device = "limina-root";
fsType = "tmpfs";
options = [ "mode=755" "noexec" ];
};
"/" = {
device = "zroot/transient/root";
fsType = "zfs";
"/boot" = {
device = "/dev/disk/by-label/LIM-BOOT";
fsType = "vfat";
options = [ "noexec" "noatime" "nodiratime" ];
};
"/nix" = {
device = "zroot/transient/nix";
fsType = "zfs";
device = "/dev/disk/by-label/limina-root";
fsType = "btrfs";
options = [ "subvol=@nix" "noexec" "noatime" "nodiratime" ];
};
"/var/log" = {
device = "zroot/transient/logs";
fsType = "zfs";
device = "/dev/disk/by-label/limina-root";
fsType = "btrfs";
options = [ "subvol=@log" "noexec" "noatime" "nodiratime" ];
neededForBoot = true;
};
"/home" = {
device = "zroot/persistent/home";
fsType = "zfs";
};
"/state" = {
device = "zroot/persistent/state";
fsType = "zfs";
device = "/dev/disk/by-label/limina-root";
fsType = "btrfs";
options = [ "subvol=@state" "noexec" "noatime" "nodiratime" ];
neededForBoot = true;
};
};
services.zfs.autoScrub.enable = true;
swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
swapDevices = [{ device = "/dev/disk/by-label/limina-swap"; }];
nix.maxJobs = lib.mkDefault 4;

View File

@ -14,9 +14,6 @@ let
in {
config = {
boot.zfs.enableUnstable = true;
networking = {
interfaces = {
enp1s0 = { useDHCP = true; };
@ -65,9 +62,6 @@ in {
client.dns = {
enable = true;
ipv4 = true;
ipv6 = true;
user = "fudo-client";
external-interface = "enp1s0";
## This is now set by hosts.nix
# password-file =
@ -102,7 +96,7 @@ in {
backend = "docker";
containers = {
pihole = {
image = "pihole/pihole:v5.7";
image = "pihole/pihole:2021.10";
autoStart = true;
ports = [ "5353:53/tcp" "5353:53/udp" "3080:80/tcp" ];
environment = {
@ -111,8 +105,8 @@ in {
DNS1 = "${primary-ip}#${toString dns-proxy-port}";
};
volumes = [
"/srv/pihole/etc-pihole/:/etc/pihole/"
"/srv/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/"
"/state/pihole/etc-pihole/:/etc/pihole/"
"/state/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/"
];
};
};
@ -121,22 +115,13 @@ in {
# Support for statelessness
environment.etc = {
# TODO: replace with current config
nixos.source = "/state/nixos";
adjtime.source = "/state/etc/adjtime";
NIXOS.source = "/state/etc/NIXOS";
"host-config.nix".source = "/state/etc/host-config.nix";
## This should be handled by nixops deploy
# "krb5.keytab" = {
# source = "/state/etc/limina.keytab";
# user = "root";
# mode = "0400";
# };
};
boot.initrd.postDeviceCommands = lib.mkAfter ''
${pkgs.zfs}/bin/zfs rollback -r zroot/transient/root@blank
'';
security.sudo.extraConfig = ''
# rollback results in sudo lectures after each reboot
Defaults lecture = never