diff --git a/config/hardware/lambda.nix b/config/hardware/lambda.nix index fcc3e56..cfce431 100644 --- a/config/hardware/lambda.nix +++ b/config/hardware/lambda.nix @@ -23,8 +23,7 @@ in { kernelModules = [ ]; }; - kernelModules = [ "kvm-amd" ]; - kernelPackages = pkgs.linuxPackages.zfs; + kernelModules = [ "kvm-intel" ]; supportedFilesystems = [ "zfs" ]; loader.grub = { @@ -38,11 +37,13 @@ in { "/boot" = { device = "/dev/disk/by-label/lambda-boot"; fsType = "ext4"; + options = [ "noexec" ]; }; "/" = { - device = "lambda/transient/root"; - fsType = "zfs"; + device = "none"; + fsType = "tmpfs"; + options = [ "noexec" ]; }; "/nix" = { @@ -54,29 +55,20 @@ in { device = "lambda/transient/logs"; fsType = "zfs"; neededForBoot = true; - }; - - "/home" = { - device = "lambda/persistent/home"; - fsType = "zfs"; + options = [ "noexec" ]; }; "/state" = { device = "lambda/persistent/state"; fsType = "zfs"; + options = [ "noexec" ]; }; }; - boot.initrd.postDeviceCommands = lib.mkAfter '' - ${pkgs.zfs}/bin/zfs rollback -r lambda/transient/root@blank - ''; - swapDevices = [{ device = "/dev/disk/by-label/lambda-swap"; }]; nix.maxJobs = lib.mkDefault 12; - hardware.bluetooth.enable = false; - networking = { hostId = substring 0 8 (fileContents /etc/machine-id); diff --git a/config/host-config/lambda.nix b/config/host-config/lambda.nix index 69f6445..cc20aa3 100644 --- a/config/host-config/lambda.nix +++ b/config/host-config/lambda.nix @@ -12,7 +12,7 @@ in { enp4s0f0.useDHCP = false; enp4s0f1.useDHCP = false; - intif0 = { useDHCP = true; }; + intif0.useDHCP = true; }; }; @@ -36,10 +36,17 @@ in { "L /root/.ssh/id_rsa - - - - /state/root/ssh/id_rsa" "L /root/.ssh/id_rsa.pub - - - - /state/root/ssh/id_rsa.pub" "L /root/.ssh/known_hosts - - - - /state/root/ssh/known_hosts" - "L /etc/ssh/ssh_host_ed25519_key - - - - /state/ssh/ssh_host_ed25519_key" - "L /etc/ssh/ssh_host_rsa_key - - - - /state/ssh/ssh_host_rsa_key" ]; + environment.etc = { + "ssh/ssh_host_rsa_key".source = "/state/ssh/ssh_host_rsa_key"; + "ssh/ssh_host_rsa_key.pub".source = "/state/ssh/ssh_host_rsa_key.pub"; + "ssh/ssh_host_ed25519_key".source = "/state/ssh/ssh_host_ed25519_key"; + "ssh/ssh_host_ed25519_key.pub".source = + "/state/ssh/ssh_host_ed25519_key.pub"; + "machine-id".source = "/state/host/machine-id"; + }; + security.sudo.extraConfig = '' # Due to rollback, sudo will lecture after every reboot Defaults lecture = never diff --git a/config/profile-config/common.nix b/config/profile-config/common.nix index d82892f..9bc8c3d 100644 --- a/config/profile-config/common.nix +++ b/config/profile-config/common.nix @@ -15,7 +15,7 @@ let in { environment = { - etc.current-nixos-config.source = ../../.; + etc.nixos-live.source = ../../.; systemPackages = global-packages; diff --git a/home-manager/niten.nix b/home-manager/niten.nix index 126bcdd..12df5ba 100644 --- a/home-manager/niten.nix +++ b/home-manager/niten.nix @@ -56,6 +56,7 @@ let lshw minecraft mkpasswd + mplayer mtr nixfmt nix-index diff --git a/live-disk.nix b/live-disk.nix index 002f190..7a57e42 100644 --- a/live-disk.nix +++ b/live-disk.nix @@ -45,6 +45,12 @@ in { "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/"; extraGroups = [ "wheel" ]; }; + + root = { + authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPwh522lvafTJYA0X2uFdP7Ws+Um1f8gZsARK1Y5nMzf6ZcWBF1jplTOKUVSOl4isMWni0Tu0TnX4zqCcgocWUVbwIwXSIRYqdiCPvVOH+/Ibc97n1/dYxk5JPMtbrsEw6/gWZxVg0qwe0J3dQWldEMiDY7iWhlrmIr7YL+Y3PUd7DOwp3PbfWfNyzTfE1kXcz5YvTeN+txFhbbXT0oS2R2wtc1vYXFZ/KbNstjqd+i8jszAq3ZkbbwL3aNR0RO4n8+GoIILGw8Ya4eP7D6+mYk608IhAoxpGyMrUch2TC2uvOK3rd/rw1hsTxf4AKjAZbrfd/FJaYru9ZeoLjD4bRGMdVp56F1m7pLvRiWRK62pV2Q/fjx+4KjHUrgyPd601eUIP0ayS/Rfuq8ijLpBJgO5/Y/6mFus/kjZIfRR9dXfLM67IMpyEzEITYrc/R2sedWf+YHxSh6eguAZ/kLzioar1nHLR7Wzgeu0tgWkD78WQGjpXGoefAz3xHeBg3Et0=" + ]; + }; }; # groups = { wheel = { members = [ "niten" ]; }; };