diff --git a/disko/GLaDOS/default.nix b/disko/GLaDOS/default.nix index f998acc..6e64efe 100644 --- a/disko/GLaDOS/default.nix +++ b/disko/GLaDOS/default.nix @@ -30,8 +30,34 @@ allowDiscards = true; }; content = { - type = "lvm_pv"; - vg = "nvme_pool"; + type = "btrfs"; + extraArgs = ["-f"]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = ["subvol=root" "compress=zstd:1" "noatime" "ssd" "discard=async" "space_cache=v2" "commit=120"]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = ["subvol=home" "compress=zstd:1" "noatime" "ssd" "discard=async" "space_cache=v2" "commit=120" "autodefrag"]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = ["subvol=nix" "compress=zstd:1" "noatime" "ssd" "discard=async" "space_cache=v2" "commit=120" "nodatacow" "nodatasum"]; + }; + "/persist" = { + mountpoint = "/persistent"; + mountOptions = ["subvol=persistent" "compress=zstd:1" "noatime" "ssd" "discard=async" "space_cache=v2" "commit=120"]; + }; + "/log" = { + mountpoint = "/var/log"; + mountOptions = ["subvol=log" "compress=zstd:1" "noatime" "ssd" "discard=async" "space_cache=v2" "commit=120" "nodatacow" "nodatasum"]; + }; + "/swap" = { + mountpoint = "/swap"; + swap.swapfile.size = "8G"; + }; + }; }; }; }; @@ -39,32 +65,6 @@ }; }; }; - lvm_vg = { - nvme_pool = { - type = "lvm_vg"; - lvs = { - nvme_swap = { - size = "32G"; - content = { - type = "swap"; - discardPolicy = "both"; - resumeDevice = true; # resume from hiberation from this device - }; - }; - nvme_root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - mountOptions = [ - "defaults" - ]; - }; - }; - }; - }; - }; nodev = { "/home/lillian/Downloads" = { fsType = "tmpfs"; diff --git a/home-manager/hosts/GLaDOS/lillian.nix b/home-manager/hosts/GLaDOS/lillian.nix index 691837e..7e1c8a9 100644 --- a/home-manager/hosts/GLaDOS/lillian.nix +++ b/home-manager/hosts/GLaDOS/lillian.nix @@ -1,6 +1,10 @@ # This is your home-manager configuration file # Use this to configure your home environment (it replaces ~/.config/nixpkgs/home.nix) -{pkgs, ...}: { +{ + pkgs, + config, + ... +}: { # You can import other home-manager modules here imports = [ # If you want to use modules your own flake exports (from modules/home-manager): @@ -22,6 +26,12 @@ vscodium unrar ]; + home.file = { + nextcloud = { + source = config.lib.file.mkOutOfStoreSymlink "/run/media/lillian/big-SSD/Nextcloud/"; + target = "Nextcloud"; + }; + }; programs.mangohud = { enable = true; diff --git a/nixos/desktop/default.nix b/nixos/desktop/default.nix index bbb9dc8..9829611 100644 --- a/nixos/desktop/default.nix +++ b/nixos/desktop/default.nix @@ -33,6 +33,8 @@ KERNEL=="hidraw*", KERNELS=="*057e:*", MODE="0660", TAG+="uaccess" KERNEL=="hidraw*", ATTRS{idVendor}=="2dc8", MODE="0660", TAG+="uaccess" KERNEL=="hidraw*", KERNELS=="*2DC8:*", MODE="0660", TAG+="uaccess" + KERNEL=="hidraw*", ATTRS{idProduct}=="6012", ATTRS{idVendor}=="2dc8", MODE="0660", TAG+="uaccess" + KERNEL=="hidraw*", KERNELS=="*2DC8:6012*", MODE="0660", TAG+="uaccess" ''; environment.systemPackages = with pkgs; @@ -60,6 +62,7 @@ pciutils podman podman-compose + python3Minimal sbctl tpm2-tools tpm2-tss diff --git a/nixos/hosts/GLaDOS/configuration.nix b/nixos/hosts/GLaDOS/configuration.nix index ba002ed..3ae30f8 100644 --- a/nixos/hosts/GLaDOS/configuration.nix +++ b/nixos/hosts/GLaDOS/configuration.nix @@ -75,8 +75,36 @@ # }; # }; }; - boot = { + # Nuke root AND home subvolumes on every boot + initrd.systemd.services.wipe-my-fs = { + requires = ["dev-mapper-nvme_crypted.device"]; + after = ["dev-mapper-nvme_crypted.device"]; + wantedBy = ["initrd.target"]; + script = '' + mkdir -p /btrfs_tmp + mount /dev/mapper/cryptroot /btrfs_tmp + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + # Nuke and recreate root + delete_subvolume_recursively /btrfs_tmp/root + btrfs subvolume create /btrfs_tmp/root + + # Nuke and recreate home (wipes /home — but we restore via impermanence) + delete_subvolume_recursively /btrfs_tmp/home + btrfs subvolume create /btrfs_tmp/home + + umount /btrfs_tmp + ''; + }; + loader.systemd-boot.enable = false; initrd.systemd.enable = true; kernelPackages = pkgs.linuxPackages_latest; @@ -89,9 +117,6 @@ pkiBundle = "/var/lib/sbctl"; }; extraModprobeConfig = '' - #fix for https://gitlab.freedesktop.org/drm/amd/-/issues/4141 - amdgpu.runpm=0 - amdgpu.dcdebugmask=0x10 ''; }; diff --git a/nixos/shared/preservation.nix b/nixos/shared/preservation.nix index 36bcb48..c3acb6c 100644 --- a/nixos/shared/preservation.nix +++ b/nixos/shared/preservation.nix @@ -62,6 +62,7 @@ { file = "/etc/machine-id"; inInitrd = true; + how = "symlink"; } { file = "/etc/ssh/ssh_host_rsa_key"; @@ -155,20 +156,16 @@ }; }; }; - - # Create some directories with custom permissions. - # - # In this configuration the path `/home/butz/.local` is not an immediate parent - # of any persisted file, so it would be created with the systemd-tmpfiles default - # ownership `root:root` and mode `0755`. This would mean that the user `butz` - # could not create other files or directories inside `/home/butz/.local`. - # - # Therefore systemd-tmpfiles is used to prepare such directories with - # appropriate permissions. - # - # Note that immediate parent directories of persisted files can also be - # configured with ownership and permissions from the `parent` settings if - # `configureParent = true` is set for the file. + systemd.services.systemd-machine-id-commit = { + unitConfig.ConditionPathIsMountPoint = [ + "" + "/persistent/etc/machine-id" + ]; + serviceConfig.ExecStart = [ + "" + "systemd-machine-id-setup --commit --root /persistent" + ]; + }; systemd.tmpfiles.settings.preservation = { "/home/lillian/.config".d = { user = "lillian"; diff --git a/pkgs/install-nix-no-inhibit/default.nix b/pkgs/install-nix-no-inhibit/default.nix index a1dff9e..cee56c6 100644 --- a/pkgs/install-nix-no-inhibit/default.nix +++ b/pkgs/install-nix-no-inhibit/default.nix @@ -37,8 +37,8 @@ writeShellApplication --mode zap_create_mount \ "./disko/''${dir}/default.nix" echo "NixOS Installing..." - sudo nixos-install --flake .#"''${dir}" --show-trace --log-format internal-json -v |& nom --json - sudo nixos-install --flake .#"''${dir}" --show-trace --log-format internal-json -v |& nom --json + sudo nixos-install --flake .#"''${dir}" --show-trace -v |& nom + sudo nixos-install --flake .#"''${dir}" --show-trace -v |& nom popd > /dev/null echo "Cleaning up repository in '/tmp/install-nix'..." rm -rf ./install-nix