im back with btrfs and lanzaboote

2024-08-29 08:41:59 +02:00
parent 4c81077480
commit 01a46eb1fe
7 changed files with 170 additions and 154 deletions
--- a/hosts/cnix/export-system-modules.nix
+++ b/hosts/cnix/export-system-modules.nix
@@ -1,4 +0,0 @@
-let
-  modules = import ./modules.nix;
-in
-  builtins.toJSON modules
--- a/hosts/cnix/hardware-configuration.nix
+++ b/hosts/cnix/hardware-configuration.nix
@@ -1,47 +1,68 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  modulesPath,
-  ...
+{ config
+, lib
+, modulesPath
+, ...
 }: {
-  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
  boot = {
    initrd = {
-      availableKernelModules = [
-        "nvme"
-        "xhci_pci"
-        "ahci"
-        "usbhid"
-        "usb_storage"
-        "sd_mod"
-      ];
-      kernelModules = ["amdgpu"];
+      availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+      kernelModules = [ ];
+      luks.devices."enc".device = "/dev/disk/by-uuid/1bda09f1-5b2c-4040-ab71-cee54a6df910";
+      postDeviceCommands = lib.mkAfter ''
+        mkdir /mnt
+        mount -t btrfs /dev/mapper/enc /mnt
+        btrfs subvolume delete /mnt/root
+        btrfs subvolume snapshot /mnt/root-blank /mnt/root
+      '';
+    };
+    kernelModules = [ "kvm-amd" ];
+    extraModulePackages = [ ];
+    supportedFilesystems = [ "btrfs" ];
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/529700f1-0da2-4e1e-91bc-617c267df1dd";
+      fsType = "btrfs";
+      options = [ "subvol=root" "compress=zstd" ];
    };

-    kernelModules = ["kvm-amd"];
-    extraModulePackages = [];
+    "/home" = {
+      device = "/dev/disk/by-uuid/529700f1-0da2-4e1e-91bc-617c267df1dd";
+      fsType = "btrfs";
+      options = [ "subvol=home" "compress=zstd" ];
+    };
+
+    "/nix" = {
+      device = "/dev/disk/by-uuid/529700f1-0da2-4e1e-91bc-617c267df1dd";
+      fsType = "btrfs";
+      options = [ "subvol=nix" "compress=zstd" "noatime" ];
+    };
+
+    "/persist" = {
+      device = "/dev/disk/by-uuid/529700f1-0da2-4e1e-91bc-617c267df1dd";
+      fsType = "btrfs";
+      options = [ "subvol=persist" "compress=zstd" ];
+    };
+
+    "/var/log" = {
+      device = "/dev/disk/by-uuid/529700f1-0da2-4e1e-91bc-617c267df1dd";
+      fsType = "btrfs";
+      options = [ "subvol=log" "compress=zstd" ];
+      neededForBoot = true;
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-uuid/12CE-A600";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" "umask=0077" ];
+    };
  };

-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/de372c64-89a2-4bbe-ad57-926cdd98e97d";
-    fsType = "ext4";
-  };
-
-  boot.initrd.luks.devices."luks-60ba815c-481b-4932-94d2-b8d29465d3eb".device = "/dev/disk/by-uuid/60ba815c-481b-4932-94d2-b8d29465d3eb";
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/0954-2370";
-    fsType = "vfat";
-    options = [
-      "fmask=0022"
-      "dmask=0022"
-    ];
-  };
-
-  swapDevices = [];
+  swapDevices = [ ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
--- a/hosts/cnix/modules.nix
+++ b/hosts/cnix/modules.nix
@@ -51,8 +51,8 @@
      powerd.enable = true;
      samba.enable = false;
      sops = {
-        enable = true;
-        cnix.enable = true;
+        enable = false;
+        cnix.enable = false;
      };
      ssh.enable = true;
      udisks.enable = true;