Andromeda/conf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add remote disko and some other things

Browse Source
This commit is contained in:
andromeda
2026-01-10 08:59:54 +01:00
parent aec328ce93
commit 411ee0c027
10 changed files with 106 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
flake.lock generated
View File

@@ -129,6 +129,27 @@
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1746728054,
"narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=",
"owner": "nix-community",
"repo": "disko",
"rev": "ff442f5d1425feb86344c028298548024f21256d",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "latest",
"repo": "disko",
"type": "github"
}
},
"firefox-gnome-theme": {
"flake": false,
"locked": {
@@ -304,26 +325,6 @@
"type": "github"
}
},
"glide-browser": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1767296470,
"narHash": "sha256-4VpU9zSO4mHV4kaqhs6Wkt7UdNwbb/6PdKWgyRkpw64=",
"owner": "glide-browser",
"repo": "glide.nix",
"rev": "2778e385e37330c9effd6c66252d940e7ec8ac95",
"type": "github"
},
"original": {
"owner": "glide-browser",
"repo": "glide.nix",
"type": "github"
}
},
"gnome-shell": {
"flake": false,
"locked": {
@@ -617,7 +618,7 @@
"root": {
"inputs": {
"agenix": "agenix",
"glide-browser": "glide-browser",
"disko": "disko",
"home-manager": "home-manager_2",
"impermanence": "impermanence",
"nix-zulip": "nix-zulip",

10
flake.nix
View File

@@ -4,8 +4,8 @@
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
};
glide-browser = {
url = "github:glide-browser/glide.nix";
disko = {
url = "github:nix-community/disko/latest";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
@@ -45,7 +45,7 @@
};
outputs = {
agenix,
glide-browser,
disko,
home-manager,
impermanence,
nixos-mailserver,
@@ -70,8 +70,9 @@
./users.nix
./secrets.nix
./modules/nixos/common.nix
impermanence.nixosModules.impermanence
agenix.nixosModules.default
disko.nixosModules.disko
impermanence.nixosModules.impermanence
nixos-mailserver.nixosModule
noshell.nixosModules.default
phoenix.nixosModules.default
@@ -79,7 +80,6 @@
{
nixpkgs.overlays = [
agenix.overlays.default
glide-browser.overlays.default
nur.overlays.default
nix-zulip'.overlays.default
];

13
machines.nix
View File

@@ -6,6 +6,7 @@
modules = [
# impermanence
./modules/nixos/impermanence.nix
./modules/nixos/impermanence-ssh.nix
# hardware configuration
# includes `system.stateVersion`
@@ -39,6 +40,7 @@
# hardware configuration
# verbatim as `nixos-generate-config` AND `system.stateVersion`
./modules/nixos/machines/109-199-104-83.nix
./modules/nixos/disko/remote.nix
# boot process
# grub boot on /dev/sda
@@ -51,9 +53,12 @@
# ssh through port 5522 among other things
# andromeda@lenovo is the only user allowed access
./modules/nixos/networking/hard-ssh.nix
./modules/nixos/networking/ssh-as-root.nix
({config, ...}: {users.users.root.openssh.authorizedKeys.keys = [config.pub-keys.ssh.andromeda];})
# ./modules/nixos/networking/hard-ssh.nix
#./modules/nixos/networking/ssh-as-root.nix
({config, ...}: {
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [config.pub-keys.ssh.andromeda];
})
# TODO add Impermanence to the following services
@@ -70,8 +75,6 @@
# zulip chat server
# zulip.domain
# ./modules/nixos/zulip.nix
{
}
];
};
}

1
modules/nixos/boot/109-199-104-83.nix
View File

@@ -1,6 +1,5 @@
{
boot.loader.grub = {
devices = ["/dev/sda"];
efiSupport = true;
efiInstallAsRemovable = true;
};

3
modules/nixos/common.nix
View File

@@ -20,4 +20,7 @@
# disable lecture
security.sudo.extraConfig = ''Defaults lecture="never"'';
# make users immutable
users.mutableUsers = false;
}

64
modules/nixos/disko/remote.nix Normal file
View File

@@ -0,0 +1,64 @@
{
disko.devices = {
disk = {
disk1 = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
# legacy boot
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
# efi boot
esp = {
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
# btrfs
# root is on nodev
root = {
size = "100%";
content = {
extraArgs = ["-f"]; # internet told me to, works
type = "btrfs";
subvolumes = {
# nix store
"/nix" = {
mountpoint = "/nix";
};
# persistant directory
"/persist" = {
mountpoint = "/persist";
};
};
};
};
};
};
};
};
nodev = {
# root
"/" = {
fsType = "tmpfs";
mountOptions = [
"defaults"
"mode=755" # stops security complaints
];
};
};
};
}

4
modules/nixos/impermanence-ssh.nix Normal file
View File

@@ -0,0 +1,4 @@
{
# ONLY include this module AFTER a machine has been provisioned
environment.persistence."/persist".directories = ["/etc/ssh"];
}

1
modules/nixos/impermanence.nix
View File

@@ -7,7 +7,6 @@
"/var/log"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/etc/ssh"
];
files = [
"/etc/machine-id"

24
modules/nixos/machines/109-199-104-83.nix
View File

@@ -17,30 +17,6 @@
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["defaults" "mode=755"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/3457e181-b01d-4712-809d-c8b65e863992";
fsType = "btrfs";
options = ["subvol=nix"];
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/3457e181-b01d-4712-809d-c8b65e863992";
fsType = "btrfs";
options = ["subvol=persist"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/05FB-0941";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
swapDevices = [];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

1
users/andromeda/home.nix
View File

@@ -35,7 +35,6 @@ in {
pkgs.dust
pkgs.fluffychat
pkgs.fzf
pkgs.glide-browser
pkgs.glow
pkgs.grim
pkgs.jmtpfs