Changes for the new limina
This commit is contained in:
parent
9c024fd9ee
commit
283afec419
@ -15,47 +15,43 @@ with lib; {
|
||||
systemd-boot.enable = true;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
|
||||
supportedFilesystems = [ "zfs" ];
|
||||
# kernelPackages = pkgs.linuxPackages_latest;
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-label/BOOT";
|
||||
fsType = "vfat";
|
||||
"/" = {
|
||||
device = "limina-root";
|
||||
fsType = "tmpfs";
|
||||
options = [ "mode=755" "noexec" ];
|
||||
};
|
||||
|
||||
"/" = {
|
||||
device = "zroot/transient/root";
|
||||
fsType = "zfs";
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-label/LIM-BOOT";
|
||||
fsType = "vfat";
|
||||
options = [ "noexec" "noatime" "nodiratime" ];
|
||||
};
|
||||
|
||||
"/nix" = {
|
||||
device = "zroot/transient/nix";
|
||||
fsType = "zfs";
|
||||
device = "/dev/disk/by-label/limina-root";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@nix" "noexec" "noatime" "nodiratime" ];
|
||||
};
|
||||
|
||||
"/var/log" = {
|
||||
device = "zroot/transient/logs";
|
||||
fsType = "zfs";
|
||||
device = "/dev/disk/by-label/limina-root";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@log" "noexec" "noatime" "nodiratime" ];
|
||||
neededForBoot = true;
|
||||
};
|
||||
|
||||
"/home" = {
|
||||
device = "zroot/persistent/home";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
"/state" = {
|
||||
device = "zroot/persistent/state";
|
||||
fsType = "zfs";
|
||||
device = "/dev/disk/by-label/limina-root";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@state" "noexec" "noatime" "nodiratime" ];
|
||||
neededForBoot = true;
|
||||
};
|
||||
};
|
||||
|
||||
services.zfs.autoScrub.enable = true;
|
||||
|
||||
swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
|
||||
swapDevices = [{ device = "/dev/disk/by-label/limina-swap"; }];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 4;
|
||||
|
||||
|
@ -14,9 +14,6 @@ let
|
||||
|
||||
in {
|
||||
config = {
|
||||
|
||||
boot.zfs.enableUnstable = true;
|
||||
|
||||
networking = {
|
||||
interfaces = {
|
||||
enp1s0 = { useDHCP = true; };
|
||||
@ -65,9 +62,6 @@ in {
|
||||
|
||||
client.dns = {
|
||||
enable = true;
|
||||
ipv4 = true;
|
||||
ipv6 = true;
|
||||
user = "fudo-client";
|
||||
external-interface = "enp1s0";
|
||||
## This is now set by hosts.nix
|
||||
# password-file =
|
||||
@ -102,7 +96,7 @@ in {
|
||||
backend = "docker";
|
||||
containers = {
|
||||
pihole = {
|
||||
image = "pihole/pihole:v5.7";
|
||||
image = "pihole/pihole:2021.10";
|
||||
autoStart = true;
|
||||
ports = [ "5353:53/tcp" "5353:53/udp" "3080:80/tcp" ];
|
||||
environment = {
|
||||
@ -111,8 +105,8 @@ in {
|
||||
DNS1 = "${primary-ip}#${toString dns-proxy-port}";
|
||||
};
|
||||
volumes = [
|
||||
"/srv/pihole/etc-pihole/:/etc/pihole/"
|
||||
"/srv/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/"
|
||||
"/state/pihole/etc-pihole/:/etc/pihole/"
|
||||
"/state/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/"
|
||||
];
|
||||
};
|
||||
};
|
||||
@ -121,22 +115,13 @@ in {
|
||||
|
||||
# Support for statelessness
|
||||
environment.etc = {
|
||||
# TODO: replace with current config
|
||||
nixos.source = "/state/nixos";
|
||||
adjtime.source = "/state/etc/adjtime";
|
||||
NIXOS.source = "/state/etc/NIXOS";
|
||||
"host-config.nix".source = "/state/etc/host-config.nix";
|
||||
## This should be handled by nixops deploy
|
||||
# "krb5.keytab" = {
|
||||
# source = "/state/etc/limina.keytab";
|
||||
# user = "root";
|
||||
# mode = "0400";
|
||||
# };
|
||||
};
|
||||
|
||||
boot.initrd.postDeviceCommands = lib.mkAfter ''
|
||||
${pkgs.zfs}/bin/zfs rollback -r zroot/transient/root@blank
|
||||
'';
|
||||
|
||||
security.sudo.extraConfig = ''
|
||||
# rollback results in sudo lectures after each reboot
|
||||
Defaults lecture = never
|
||||
|
Loading…
Reference in New Issue
Block a user