preparation to reinstall workstation

2023-03-25 19:31:05 +03:00 · 2023-03-25 19:31:05 +03:00 · ccfd7dec09
commit ccfd7dec09
parent b7e7d9e02b
5 changed files with 89 additions and 57 deletions
--- a/flake.nix
+++ b/flake.nix
@ -139,29 +139,28 @@
      hostnames = builtins.attrNames (builtins.readDir ./machines);
      mkHost = name: {
        system = builtins.readFile (./machines + "/${name}/system");
-        modules = [ (import (./machines + "/${name}")) { device = name; mainuser = "alukard"; } ];
+        modules = [
          (import (./machines + "/${name}")) { device = name; mainuser = "ataraxia"; }
          inputs.vscode-server.nixosModule
        ];
        specialArgs = { inherit inputs; };
      };
    in (genAttrs hostnames mkHost) // {
      AMD-Workstation = {
        system = builtins.readFile (./machines/AMD-Workstation/system);
        modules = [ (import (./machines/AMD-Workstation)) { device = "AMD-Workstation"; mainuser = "alukard"; } ];
        specialArgs = { inherit inputs; };
        channelName = "unstable-zfs";
      };
      Home-Hypervisor = {
        system = builtins.readFile (./machines/Home-Hypervisor/system);
        modules = [
-          (import (./machines/Home-Hypervisor)) { device = "Home-Hypervisor"; mainuser = "ataraxia"; }
+          (import (./machines/AMD-Workstation)) { device = "AMD-Workstation"; mainuser = "ataraxia"; }
          inputs.vscode-server.nixosModule
        ];
        specialArgs = { inherit inputs; };
        channelName = "unstable-zfs";
      };
      Flakes-ISO = {
        system = "x86_64-linux";
        modules = [
-          (import (./machines/Flakes-ISO)) { device = "Flakes-ISO"; mainuser = "alukard"; }
+          (import (./machines/Flakes-ISO)) { device = "Flakes-ISO"; mainuser = "ataraxia"; }
          ./machines/Home-Hypervisor/autoinstall.nix
          ./machines/AMD-Workstation/autoinstall.nix
          ./machines/NixOS-VM/autoinstall.nix
        ];
        specialArgs = { inherit inputs; };
@ -169,7 +168,7 @@
      Flakes-ISO-Aarch64 = {
        system = "aarch64-linux";
        modules = [
-          (import (./machines/Flakes-ISO)) { device = "Flakes-ISO-Aarch64"; mainuser = "alukard"; }
+          (import (./machines/Flakes-ISO)) { device = "Flakes-ISO-Aarch64"; mainuser = "ataraxia"; }
          ./machines/Arch-Builder-VM/autoinstall.nix
        ];
        specialArgs = { inherit inputs; };
@ -215,14 +214,14 @@
      packages = {
        Wayland-VM = nixos-generators.nixosGenerate {
          system = builtins.readFile (./machines/Wayland-VM/system);
-          modules = [ (import (./machines/Wayland-VM)) { device = "Wayland-VM"; mainuser = "alukard"; } ];
+          modules = [ (import (./machines/Wayland-VM)) { device = "Wayland-VM"; mainuser = "ataraxia"; } ];
          specialArgs = { inherit inputs; };
          format = "vm";
        };
        Flakes-ISO = nixos-generators.nixosGenerate {
          system = "x86_64-linux";
          modules = [
-            (import (./machines/Flakes-ISO)) { device = "Flakes-ISO"; mainuser = "alukard"; }
+            (import (./machines/Flakes-ISO)) { device = "Flakes-ISO"; mainuser = "ataraxia"; }
            ./machines/Home-Hypervisor/autoinstall.nix
            ./machines/NixOS-VM/autoinstall.nix
          ];
@ -232,7 +231,7 @@
        Flakes-ISO-Aarch64 = nixos-generators.nixosGenerate {
          system = "aarch64-linux";
          modules = [
-            (import (./machines/Flakes-ISO)) { device = "Flakes-ISO-Aarch64"; mainuser = "alukard"; }
+            (import (./machines/Flakes-ISO)) { device = "Flakes-ISO-Aarch64"; mainuser = "ataraxia"; }
            ./machines/Arch-Builder-VM/autoinstall.nix
          ];
          specialArgs = { inherit inputs; };
@ -245,23 +244,23 @@
    nixosProfiles = builtins.listToAttrs (findModules ./profiles);
    nixosRoles = import ./roles;
-    deploy = {
+    # deploy = {
      user = "root";
      sudo = "doas -u";
      fastConnection = true;
      sshOpts = [ "-A" ];
      # nodes.Hypervisor-VM = {
      #   hostname = "192.168.122.63";
      #   profiles = {
      #     system = {
    #   user = "root";
-      #       sshUser = "alukard";
+    #   sudo = "doas -u";
-      #       path =
+    #   fastConnection = true;
-      #         deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.Hypervisor-VM;
+    #   sshOpts = [ "-A" ];
    #   # nodes.Hypervisor-VM = {
    #   #   hostname = "192.168.122.63";
    #   #   profiles = {
    #   #     system = {
    #   #       user = "root";
    #   #       sshUser = "ataraxia";
    #   #       path =
    #   #         deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.Hypervisor-VM;
    #   #     };
    #   #   };
    #   # };
    # };
      #   };
      # };
    };
    # deploy = {
    #   user = "root";
@ -270,7 +269,7 @@
    #     in {
    #       hostname = machine.config.networking.hostName;
    #       profiles.system = {
-    #         user = if activateable then "root" else "alukard";
+    #         user = if activateable then "root" else "ataraxia";
    #         path = with deploy-rs.lib.${machine.pkgs.system}.activate;
    #           if activateable then
    #             nixos machine
@ -280,6 +279,6 @@
    #     }) self.nixosConfigurations);
    # };
-    checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
+    # checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
  };
 }
--- a/machines/AMD-Workstation/autoinstall.nix
+++ b/machines/AMD-Workstation/autoinstall.nix
@ -2,8 +2,8 @@
  autoinstall.AMD-Workstation = {
    mainuser = "ataraxia";
    flakesPath = "/home/nixos/nixos-config";
-    encryption.ecryptBoot = false;
+    encryption.encryptBoot = false;
-    encryption.ecryptRoot = true;
+    encryption.encryptRoot = true;
    encryption.passwordFile = "/home/nixos/pass";
    encryption.argonIterTime = "4000";
    partitioning.useEntireDisk = true;
--- a/machines/AMD-Workstation/boot.nix
+++ b/machines/AMD-Workstation/boot.nix
@ -0,0 +1,41 @@
 { config, pkgs, lib, ... }:
 let
  zfs_arc_max = toString (6 * 1024 * 1024 * 1024);
 in {
  boot = {
    initrd = {
      luks.devices = {
        "cryptroot" = {
          preLVM = true;
          keyFile = "/keyfile0.bin";
          allowDiscards = true;
          bypassWorkqueues = config.deviceSpecific.isSSD;
          fallbackToPassword = true;
        };
      };
      secrets = {
        "keyfile0.bin" = "/etc/secrets/keyfile0.bin";
      };
    };
    loader = {
      systemd-boot = {
        enable = true;
        editor = false;
        configurationLimit = 10;
      };
      efi.canTouchEfiVariables = false;
      efi.efiSysMountPoint = "/boot/efi";
      generationsDir.copyKernels = true;
    };
    binfmt.emulatedSystems = [ "aarch64-linux" ];
    kernelPackages = pkgs.linuxPackages_lqx;
    kernelParams = [
      "zfs.metaslab_lba_weighting_enabled=0"
      "zfs.zfs_arc_max=${zfs_arc_max}"
    ];
    tmpOnTmpfs = true;
    tmpOnTmpfsSize = "32G";
  };
 }
--- a/machines/AMD-Workstation/default.nix
+++ b/machines/AMD-Workstation/default.nix
@ -1,11 +1,12 @@
 { inputs, config, lib, pkgs, ... }: {
  imports = with inputs.self; [
    ./boot.nix
    ./hardware-configuration.nix
    nixosRoles.workstation
-    nixosProfiles.stable-diffusion
+    # nixosProfiles.stable-diffusion
    nixosProfiles.a2ln-server
-    nixosProfiles.sunshine
+    # nixosProfiles.sunshine
    # customModules.passthrough
  ];
@ -34,10 +35,6 @@
  deviceSpecific.enableVirtualisation = true;
  deviceSpecific.vpn.mullvad.enable = true;
  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
  boot.zfs.forceImportAll = lib.mkForce false;
  hardware.video.hidpi.enable = lib.mkForce false;
  hardware.firmware = [ pkgs.rtl8761b-firmware ];
@ -50,19 +47,17 @@
    '';
  };
  boot.zfs.extraPools = [ "filespool" ];
  fileSystems = {
-    "/media/sys" = {
+    # "/media/sys" = {
-      fsType = "ntfs";
+    #   fsType = "ntfs";
-      device = "/dev/disk/by-partuuid/7d14b1b8-288a-4a5c-a306-6e6ba714d089";
+    #   device = "/dev/disk/by-partuuid/7d14b1b8-288a-4a5c-a306-6e6ba714d089";
-      options = [
+    #   options = [
-        "nofail"
+    #     "nofail"
-        "uid=${toString config.users.users.${config.mainuser}.uid}"
+    #     "uid=${toString config.users.users.${config.mainuser}.uid}"
-        "gid=${toString config.users.groups.users.gid}"
+    #     "gid=${toString config.users.groups.users.gid}"
-      ];
+    #   ];
-    };
+    # };
    "/media/files" = {
      # Samba host
      fsType = "ntfs";
      device = "/dev/mapper/files-veracrypt";
      options = [
@ -73,10 +68,6 @@
    };
  };
  boot.tmpOnTmpfs = true;
  boot.tmpOnTmpfsSize = "32G";
  boot.supportedFilesystems = [ "btrfs" ];
  powerManagement.cpuFreqGovernor = "schedutil";
  services.openssh.settings.PermitRootLogin = lib.mkForce "without-password";
@ -95,7 +86,7 @@
      pkgs.anydesk
      pkgs.winbox
    ];
-    home.stateVersion = "21.11";
+    home.stateVersion = "22.11";
  };
  system.stateVersion = "22.11";
--- a/machines/Flakes-ISO/default.nix
+++ b/machines/Flakes-ISO/default.nix
@ -1,6 +1,7 @@
 { modulesPath, lib, inputs, pkgs, config, ... }: {
  imports = with inputs.self; [
-    "${toString modulesPath}/installer/cd-dvd/installation-cd-base.nix"
+    "${toString modulesPath}/installer/cd-dvd/installation-cd-graphical-plasma5.nix"
    # "${toString modulesPath}/installer/cd-dvd/installation-cd-base.nix"
    ../../modules/autoinstall/default.nix
  ];