diff --git a/nixos/common/modules/bootloader.nix b/nixos/common/modules/bootloader.nix index ac31b1cb..04ec3ef1 100644 --- a/nixos/common/modules/bootloader.nix +++ b/nixos/common/modules/bootloader.nix @@ -1,9 +1,9 @@ { config, pkgs, ... }: { - # Bootloader - boot.loader.efi.canTouchEfiVariables = true; - boot.tmp.cleanOnBoot = true; - boot.initrd.systemd.enable = true; - boot.kernelParams = ["quiet"]; + # Bootloader + boot.loader.efi.canTouchEfiVariables = true; + boot.tmp.cleanOnBoot = true; + boot.initrd.systemd.enable = true; + boot.kernelParams = ["quiet"]; # Plymouth splash screen boot.plymouth.enable = true; diff --git a/nixos/common/modules/installer.nix b/nixos/common/modules/installer.nix index 6821482c..6fa232c7 100644 --- a/nixos/common/modules/installer.nix +++ b/nixos/common/modules/installer.nix @@ -23,7 +23,7 @@ pushd "/tmp/nixos/git" if [[ -z "$TARGET_HOST" ]]; then echo "ERROR! $(basename "$0") requires a hostname as the first argument" echo " The following hosts are available" - ls -1 nixos/hosts/*/default.nix | cut -d'/' -f2 | grep -v iso + ls -1 nixos/hosts/*/default.nix | cut -d'/' -f3 | grep -v -E "iso|rpi" exit 1 fi @@ -42,7 +42,8 @@ fi # Check if the machine we're provisioning expects a keyfile to unlock a disk. # If it does, generate a new key, and write to a known location. if grep -q "secret.key" "nixos/$TARGET_HOST/disks.nix"; then - echo -n "$(head -c32 /dev/random | base64)" > /tmp/secret.key + echo "Secret key not found. Create one at /tmp/secret.key" + exit 1 fi echo "WARNING! The disks in $TARGET_HOST are about to get wiped" @@ -79,5 +80,4 @@ fi in { config.environment.systemPackages = [ install-system ]; - config.services.kmscon.autologinUser = "${username}"; } \ No newline at end of file diff --git a/nixos/hosts/nixos-framework/disks.nix b/nixos/hosts/nixos-framework/disks.nix index e69de29b..b2d6bc72 100644 --- a/nixos/hosts/nixos-framework/disks.nix +++ b/nixos/hosts/nixos-framework/disks.nix @@ -0,0 +1,72 @@ +{ + boot.loader.grub.device = "/dev/nvme0"; + disko.devices = { + disk = { + nvme0 = { + device = "/dev/nvme0"; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { + name = "BOOT"; + start = "0%"; + end = "550MiB"; + bootable = true; + flags = [ "esp" ]; + fs-type = "fat32"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + } # partition 1 + { + name = "SWAP"; + start = "550 MiB"; + end = "120GiB"; + content = { + type = "luks"; + name = "LUKS-SWAP"; + extraOpenArgs = [ "--allow-discards" ]; + settings.keyFile = ""; + content = { + type = "swap"; + }; + }; + } # partition 2 + { + name = "ROOT"; + start = "120GiB"; + end = "100%"; + content = { + type = "luks"; + name = "LUKS-ROOT"; + extraOpenArgs = [ "--allow-discards" ]; + settings.keyFile = "/tmp/secret.key"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; # root + "/home" = { + mountpoint = "/home"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; # home + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; # nix + }; # subvolumes + }; # content.content + }; # content + } # partition 3 + ]; # partitions + }; # content + }; # sda + }; # disk + }; # disko.devices +} # root \ No newline at end of file diff --git a/nixos/hosts/nixos-vm-02/disks.nix b/nixos/hosts/nixos-vm-02/disks.nix index 297a93bd..f737e05d 100644 --- a/nixos/hosts/nixos-vm-02/disks.nix +++ b/nixos/hosts/nixos-vm-02/disks.nix @@ -1,5 +1,7 @@ { boot.loader.grub.device = "/dev/sda"; + boot.initrd.luks.devices = "/dev/sda2"; + disko.devices = { disk = { sda = {