new cnix system and lanzaboote default

2024-12-31 17:39:34 +01:00
parent 484b0747ea
commit 1ba9ce1ce6
3 changed files with 40 additions and 46 deletions
--- a/hosts/cnix/hardware-configuration.nix
+++ b/hosts/cnix/hardware-configuration.nix
@@ -1,72 +1,66 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
 {
-  config,
-  lib,
-  modulesPath,
-  ...
-}: {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
-  boot = {
-    initrd = {
-      availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
-      kernelModules = [];
-      luks.devices."enc".device = "/dev/disk/by-uuid/1bda09f1-5b2c-4040-ab71-cee54a6df910";
-    };
-    kernelModules = ["amdgpu"];
-    extraModulePackages = [];
-    supportedFilesystems = ["btrfs"];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/90eafb57-0f89-4c2a-b417-4e0f2fba5f47";
+      fsType = "btrfs";
+      options = [ "subvol=root" ];
    };

-  fileSystems = {
-    "/" = {
-      device = "/dev/disk/by-uuid/529700f1-0da2-4e1e-91bc-617c267df1dd";
+  boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/36144799-13f2-4166-9bfe-b29c3df435ab";
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-uuid/90eafb57-0f89-4c2a-b417-4e0f2fba5f47";
      fsType = "btrfs";
-      options = ["subvol=root" "compress=zstd"];
+      options = [ "subvol=home" ];
    };

-    "/home" = {
-      device = "/dev/disk/by-uuid/529700f1-0da2-4e1e-91bc-617c267df1dd";
+  fileSystems."/nix" =
+    { device = "/dev/disk/by-uuid/90eafb57-0f89-4c2a-b417-4e0f2fba5f47";
      fsType = "btrfs";
-      options = ["subvol=home" "compress=zstd"];
+      options = [ "subvol=nix" ];
    };

-    "/nix" = {
-      device = "/dev/disk/by-uuid/529700f1-0da2-4e1e-91bc-617c267df1dd";
+  fileSystems."/persist" =
+    { device = "/dev/disk/by-uuid/90eafb57-0f89-4c2a-b417-4e0f2fba5f47";
      fsType = "btrfs";
-      options = ["subvol=nix" "compress=zstd" "noatime"];
+      options = [ "subvol=persist" ];
    };

-    "/persist" = {
-      device = "/dev/disk/by-uuid/529700f1-0da2-4e1e-91bc-617c267df1dd";
+  fileSystems."/var/log" =
+    { device = "/dev/disk/by-uuid/90eafb57-0f89-4c2a-b417-4e0f2fba5f47";
      fsType = "btrfs";
-      options = ["subvol=persist" "compress=zstd"];
-    };
-
-    "/var/log" = {
-      device = "/dev/disk/by-uuid/529700f1-0da2-4e1e-91bc-617c267df1dd";
-      fsType = "btrfs";
-      options = ["subvol=log" "compress=zstd"];
+      options = [ "subvol=log" ];
      neededForBoot = true;
    };

-    "/boot" = {
-      device = "/dev/disk/by-uuid/12CE-A600";
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/1D4A-3121";
      fsType = "vfat";
-      options = ["fmask=0022" "dmask=0022" "umask=0077"];
-    };
+      options = [ "fmask=0022" "dmask=0022" ];
    };

-  swapDevices = [];
+  swapDevices = [{ device = "/dev/disk/by-uuid/91e16a5f-6a1c-4c7d-aa61-5823068fdaf0";}];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp7s0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp11s0.useDHCP = lib.mkDefault true;

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
--- a/hosts/cnix/modules.nix
+++ b/hosts/cnix/modules.nix
@@ -136,9 +136,9 @@
    };
    services = {
      agenix = {
-        enable = true;
+        enable = false;
        cnix = {
-          enable = true;
+          enable = false;
        };
      };
      blueman = {
@@ -196,7 +196,7 @@
      scx = {
        enable = true;
        scheduler = "scx_lavd";
-        flags = "--performance --no-core-compaction";
+        flags = "--performance";
      };
      udisks = {
        enable = true;
--- a/modules/nixos/boot/loader/default.nix
+++ b/modules/nixos/boot/loader/default.nix
@@ -47,7 +47,7 @@ in {
      boot = {
        lanzaboote = {
          enable = true;
-          pkiBundle = "/etc/secureboot";
+          pkiBundle = "/var/lib/sbctl";
        };

        # We let Lanzaboote install systemd-boot