diff --git a/configuration.nix b/configuration.nix index f1f2347..b449d09 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,36 +1,29 @@ -{ pkgs -, inputs -, modulesPath -, lib -, ... +{ + pkgs, + inputs, + modulesPath, + lib, + ... }: { imports = [ - (modulesPath + "/profiles/qemu-guest.nix") # Temporary ]; - networking.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = true; - boot.loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; timeout = 0; }; - # boot.zfs.extraPools = [ "zraid" ]; + boot.zfs.devNodes = "/dev/disk/by-path"; - boot.supportedFilesystems = [ "zfs" ]; - boot.zfs.forceImportRoot = false; - - nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nix.settings.experimental-features = ["nix-command" "flakes"]; nix.gc = { automatic = true; options = "--delete-older-than 30d"; }; nix.optimise = { automatic = true; - dates = [ "05:00" ]; + dates = ["05:00"]; }; networking.hostName = "enis"; @@ -38,12 +31,12 @@ networking.networkmanager.enable = true; networking.firewall = { enable = true; - allowedTCPPorts = [ ]; - allowedUDPPorts = [ ]; + allowedTCPPorts = []; + allowedUDPPorts = []; }; home-manager = { - extraSpecialArgs = { inherit inputs; }; + extraSpecialArgs = {inherit inputs;}; users = { "enis" = import ./home.nix; }; @@ -61,17 +54,15 @@ shell = pkgs.zsh; }; - users.users."nixos" = - { - isNormalUser = true; - initialPassword = "1234"; - extraGroups = [ "wheel" ]; - }; + users.users."nixos" = { + isNormalUser = true; + initialPassword = "1234"; + extraGroups = ["wheel"]; + }; - users.users.root = - { - initialPassword = "1234"; - }; + users.users.root = { + initialPassword = "1234"; + }; programs.zsh = { enable = true; @@ -112,12 +103,14 @@ services.openssh = { enable = true; settings = { - PasswordAuthentication = true; - KbdInteractiveAuthentication = true; + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; AllowUsers = null; PermitRootLogin = "no"; }; }; + nix.settings.trusted-users = ["@wheel"]; + system.stateVersion = "24.11"; } diff --git a/disko.nix b/disko.nix index 22ca562..bc7ea53 100644 --- a/disko.nix +++ b/disko.nix @@ -1,8 +1,8 @@ -{ - lib, - root-disk ? "Expected a mf disk brother", - raid-disks ? "Expected disks for raid", - ... +{ lib +, root-disk ? throw "Expected a mf disk brother" +, raid-disks ? [] +, swap-size ? -1 +, ... }: { disko.devices = { disk = @@ -20,15 +20,22 @@ type = "filesystem"; format = "vfat"; mountpoint = "/boot"; - mountOptions = ["umask=0077"]; + mountOptions = [ "umask=0077" ]; + }; + }; + swap = lib.mkIf (swap-size != -1) { + size = swap-size; + content = { + type = "swap"; + discardPolicy = "both"; + resumeDevice = true; }; }; root = { size = "100%"; content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; + type = "zfs"; + pool = "zroot"; }; }; }; @@ -55,6 +62,7 @@ # }; # }; } + # Import all disks into raid named "raid5" // lib.attrsets.genAttrs raid-disks (name: { type = "disk"; device = "/dev/" + name; @@ -65,29 +73,54 @@ size = "100%"; content = { type = "zfs"; - pool = "storage"; + pool = "raid5"; }; }; }; }; }); - zpool = lib.mkIf (builtins.length raid-disks > 0) { - storage = { + zpool = { + zroot = { + type = "zpool"; + rootFsOptions.mountpoint = "none"; + + datasets = { + root = { + type = "zfs_fs"; + mountpoint = "/"; + }; + + "nix/store" = { + type = "zfs_fs"; + mountpoint = "/nix/store"; + }; + }; + }; + + raid5 = lib.mkIf (builtins.length raid-disks > 0) { type = "zpool"; mode = "raidz"; - # TODO: Cache-ing - # rootFsOptions = { - # compression = "zstd"; - # "com.sun:auto-snapshot" = "false"; - # }; - mountpoint = "/storage"; + rootFsOptions.compression = "zstd"; + rootFsOptions.mountpoint = "none"; datasets = { var = { type = "zfs_fs"; - mountpoint = "/storage/var"; + mountpoint = "/var"; + }; + home = { + type = "zfs_fs"; + mountpoint = "/home"; + }; + src = { + type = "zfs_fs"; + mountpoint = "/srv"; + }; + opt = { + type = "zfs_fs"; + mountpoint = "/opt"; }; }; }; diff --git a/flake.nix b/flake.nix index 0a1449a..1ebe241 100644 --- a/flake.nix +++ b/flake.nix @@ -26,12 +26,13 @@ formatter.${system} = pkgs.alejandra; nixosConfigurations = { - server = nixpkgs.lib.nixosSystem { + server-vm = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ inputs.disko.nixosModules.default (import ./disko.nix { lib = pkgs.lib; + swap-size = "16G"; root-disk = "/dev/vda"; raid-disks = [ "vdb" @@ -41,9 +42,33 @@ }) inputs.home-manager.nixosModules.default + ./vm-hardware-configuration.nix ./configuration.nix ]; }; + + server = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + inputs.disko.nixosModules.default + (import ./disko.nix { + lib = pkgs.lib; + swap-size = "128G"; + root-disk = "/dev/nvme0n1"; + raid-disks = [ + "sda" + "sdb" + "sdc" + "sdd" + ]; + }) + inputs.home-manager.nixosModules.default + + ./hardware-configuration.nix + ./configuration.nix + ]; + }; + }; }; } diff --git a/vm-hardware-configuration.nix b/vm-hardware-configuration.nix new file mode 100644 index 0000000..09644ce --- /dev/null +++ b/vm-hardware-configuration.nix @@ -0,0 +1,20 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm_amd"]; + boot.extraModulePackages = []; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +}