File tree Expand file tree Collapse file tree 5 files changed +226
-0
lines changed
Expand file tree Collapse file tree 5 files changed +226
-0
lines changed Original file line number Diff line number Diff line change 1+ { pkgs , ... } :
2+ {
3+ imports = [
4+ ./disko.nix
5+ ./networking.nix
6+ ./state.nix
7+ ./zfs.nix
8+ ] ;
9+ boot = {
10+ loader = {
11+ systemd-boot = {
12+ enable = true ;
13+ memtest86 . enable = true ;
14+ } ;
15+ efi . canTouchEfiVariables = true ;
16+ } ;
17+ kernelPackages = pkgs . linuxPackages_6_12 ;
18+ } ;
19+ }
Original file line number Diff line number Diff line change 1+ {
2+ disko . devices = {
3+ disk = {
4+ root = {
5+ type = "disk" ;
6+ # device = "/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_500GB_S466NB0K428706Z";
7+ device = "/dev/disk/by-id/" ; # TODO: change device
8+ content = {
9+ type = "gpt" ;
10+ partitions = {
11+ esp = {
12+ size = "2G" ;
13+ type = "EF00" ;
14+ content = {
15+ type = "filesystem" ;
16+ format = "vfat" ;
17+ mountpoint = "/boot" ;
18+ mountOptions = [ "umask=0077" ] ;
19+ } ;
20+ } ;
21+ swap = {
22+ size = "16G" ;
23+ content = {
24+ type = "swap" ;
25+ randomEncryption = true ;
26+ } ;
27+ } ;
28+ luks = {
29+ size = "100%" ;
30+ content = {
31+ type = "luks" ;
32+ name = "root" ;
33+ settings = {
34+ allowDiscards = true ;
35+ keyFile = "/mnt/encryption-keys/root.key" ;
36+ } ;
37+ content = {
38+ type = "zfs" ;
39+ pool = "zroot" ;
40+ } ;
41+ } ;
42+ } ;
43+ } ;
44+ } ;
45+ } ;
46+ wd-red-plus-a = {
47+ type = "disk" ;
48+ device = "/dev/disk/by-id/" ; # TODO: add disk
49+ content = {
50+ type = "luks" ;
51+ name = "wd-red-plus-a" ;
52+ settings = {
53+ allowDiscards = true ;
54+ keyFile = "/mnt/encryption-keys/wd-red-plus-a.key" ;
55+ } ;
56+ content = {
57+ type = "zfs" ;
58+ pool = "tank" ;
59+ } ;
60+ } ;
61+ } ;
62+ wd-red-plus-b = {
63+ type = "disk" ;
64+ device = "/dev/disk/by-id/" ; # TODO: add disk
65+ content = {
66+ type = "luks" ;
67+ name = "wd-red-plus-b" ;
68+ settings = {
69+ allowDiscards = true ;
70+ keyFile = "/mnt/encryption-keys/wd-red-plus-b.key" ;
71+ } ;
72+ content = {
73+ type = "zfs" ;
74+ pool = "tank" ;
75+ } ;
76+ } ;
77+ } ;
78+ } ;
79+ zpool =
80+ let
81+ options = {
82+ acltype = "posixacl" ;
83+ compression = "zstd" ;
84+ mountpoint = "none" ;
85+ xattr = "sa" ;
86+ dnodesize = "auto" ;
87+ atime = "off" ;
88+ } ;
89+ in
90+ {
91+ zroot = {
92+ type = "zpool" ;
93+ rootFsOptions = options ;
94+ options . ashift = "12" ;
95+ postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/local/root@blank$' || zfs snapshot zroot/local/root@blank" ;
96+
97+ datasets = {
98+ "local/nix" = {
99+ type = "zfs_fs" ;
100+ mountpoint = "/nix" ;
101+ } ;
102+ "local/root" = {
103+ type = "zfs_fs" ;
104+ mountpoint = "/" ;
105+ } ;
106+ "data/state" = {
107+ type = "zfs_fs" ;
108+ mountpoint = "/state" ;
109+ } ;
110+ } ;
111+ } ;
112+ tank = {
113+ type = "zpool" ;
114+ mode = "mirror" ;
115+ rootFsOptions = options ;
116+ options . ashift = "12" ;
117+
118+ datasets = {
119+ "data/shares" = {
120+ type = "zfs_fs" ;
121+ mountpoint = "/srv/shares" ;
122+ } ;
123+ "data/shares/media" = {
124+ type = "zfs_fs" ;
125+ mountpoint = "/srv/shares/media" ;
126+ options = {
127+ recordsize = "1M" ;
128+ } ;
129+ } ;
130+ "data/shares/marie" = {
131+ type = "zfs_fs" ;
132+ mountpoint = "/srv/shares/marie" ;
133+ } ;
134+ } ;
135+ } ;
136+ } ;
137+ } ;
138+ }
Original file line number Diff line number Diff line change 1+ { ... } :
2+ {
3+ networking = {
4+ hostName = "marie-nas" ;
5+ useDHCP = false ;
6+ nftables . enable = true ;
7+ } ;
8+ systemd . network = {
9+ enable = true ;
10+ networks = {
11+ ethernet = {
12+ matchConfig = {
13+ Type = [ "ether" ] ;
14+ Kind = [ "!veth" ] ;
15+ } ;
16+ networkConfig = {
17+ DHCP = "ipv4" ;
18+ IPv6AcceptRA = true ;
19+ KeepConfiguration = "yes" ;
20+ } ;
21+ } ;
22+ } ;
23+ } ;
24+
25+ services . tailscale = {
26+ enable = true ;
27+ useRoutingFeatures = "both" ;
28+ } ;
29+ }
Original file line number Diff line number Diff line change 1+ { ... } :
2+ {
3+ users . mutableUsers = false ;
4+ preservation = {
5+ enable = true ;
6+ preserveAt . "/state" = {
7+ directories = [
8+ "/etc/NIXOS"
9+ { directory = "/home/marie" ; user = "marie" ; group = "users" ; }
10+ "/var/db/sudo"
11+ { directory = "/var/lib/nixos" ; inInitrd = true ; }
12+ "/var/lib/systemd"
13+ "/var/lib/tailscale"
14+ "/var/log"
15+ ] ;
16+ files = [
17+ { file = "/etc/machine-id" ; inInitrd = true ; how = "symlink" ; configureParent = true ; }
18+ { file = "/etc/ssh/ssh_host_ed25519_key" ; mode = "0700" ; inInitrd = true ; }
19+ { file = "/etc/ssh/ssh_host_ed25519_key.pub" ; inInitrd = true ; }
20+ { file = "/etc/ssh/ssh_host_rsa_key" ; mode = "0700" ; inInitrd = true ; }
21+ { file = "/etc/ssh/ssh_host_rsa_key.pub" ; inInitrd = true ; }
22+ ] ;
23+ } ;
24+ } ;
25+
26+ systemd . suppressedSystemUnits = [ "systemd-machine-id-commit.service" ] ;
27+
28+ systemd . services . systemd-machine-id-commit = {
29+ unitConfig . ConditionPathIsMountPoint = [ "" "/state/etc/machine-id" ] ;
30+ serviceConfig . ExecStart = [ "" "systemd-machine-id-setup --commit --root /state" ] ;
31+ } ;
32+ }
Original file line number Diff line number Diff line change 1+ { ... } :
2+ {
3+ networking . hostId = "450afd45" ;
4+ boot = {
5+ supportedFilesystems . zfs = true ;
6+ zfs . forceImportRoot = false ;
7+ } ;
8+ }
You can’t perform that action at this time.
0 commit comments