diff --git a/nixos/common/modules/installer.nix b/nixos/common/modules/installer.nix index 6fa232c7..9e1ba0a7 100644 --- a/nixos/common/modules/installer.nix +++ b/nixos/common/modules/installer.nix @@ -65,7 +65,8 @@ if [[ $REPLY =~ ^[Yy]$ ]]; then sudo nixos-install --no-root-password --flake ".#$TARGET_HOST" # Rsync nix-config to the target install. - rsync -a --delete "/tmp/nixos/git/" "/mnt/etc/nixos/git/" + sudo mkdir -p "/mnt/etc/nixos" + sudo rsync -a --delete "/tmp/nixos/git/" "/mnt/etc/nixos/git/" pushd "/mnt/etc/nixos/git/" popd diff --git a/nixos/hosts/nixos-laptop/default.nix b/nixos/hosts/nixos-laptop/default.nix index 01827c67..69f75bdc 100644 --- a/nixos/hosts/nixos-laptop/default.nix +++ b/nixos/hosts/nixos-laptop/default.nix @@ -24,7 +24,7 @@ }; boot.initrd.luks.devices."DISK".device = "/dev/nvme0n1p1"; - + fileSystems."/boot" = { device = "/dev/disk/by-label/BOOT"; fsType = "vfat"; diff --git a/nixos/hosts/nixos-vm-02/default.nix b/nixos/hosts/nixos-vm-02/default.nix index a2a7e06e..76ccade6 100644 --- a/nixos/hosts/nixos-vm-02/default.nix +++ b/nixos/hosts/nixos-vm-02/default.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, modulesPath, desktop, username, ... }: { imports = [ # This machine won't be using secureboot - ../../common/modules/bootloader.nix + ../../common/modules/secureboot.nix ./disks.nix ]; nixpkgs.config.allowUnfree = false; diff --git a/nixos/hosts/nixos-vm-02/disks.nix b/nixos/hosts/nixos-vm-02/disks.nix index 49b27679..59158236 100644 --- a/nixos/hosts/nixos-vm-02/disks.nix +++ b/nixos/hosts/nixos-vm-02/disks.nix @@ -2,59 +2,57 @@ boot.loader.grub.device = "/dev/sda"; boot.initrd.luks.devices."sda2".device = "/dev/sda2"; - disko.devices = { - disk = { - sda = { - device = "/dev/sda"; - content = { - type = "table"; - format = "gpt"; - partitions = [ - { - name = "BOOT"; - start = "0%"; - end = "550MiB"; - bootable = true; - flags = [ "esp" ]; - fs-type = "fat32"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - } # partition 1 - { - name = "ROOT"; - start = "550MiB"; - end = "100%"; - content = { - type = "luks"; - name = "LUKS-ROOT"; - extraOpenArgs = [ "--allow-discards" ]; - settings.keyFile = "/tmp/secret.key"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; # root - "/home" = { - mountpoint = "/home"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; # home - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; # nix - }; # subvolumes - }; # content.content - }; # content - } # partition 2 - ]; # partitions - }; # content - }; # sda - }; # disk - }; # disko.devices + disko.devices.disk.sda = { + device = "/dev/sda"; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { + type = "partition"; + name = "BOOT"; + start = "0%"; + end = "550MiB"; + bootable = true; + flags = [ "esp" ]; + fs-type = "fat32"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + } # partition 1 + { + type = "partition"; + name = "LUKS"; + start = "550MiB"; + end = "100%"; + content = { + type = "luks"; + name = "LUKS-ROOT"; + extraOpenArgs = [ "--allow-discards" ]; + # settings.keyFile = "/tmp/secret.key"; + content = { + type = "btrfs"; + # extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; # root + "/home" = { + mountpoint = "/home"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; # home + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; # nix + }; # subvolumes + }; # content.content + }; # content + } # partition 2 + ]; # partitions + }; # content + }; # disko.devices.disk.sda } # root \ No newline at end of file