about summary refs log tree commit diff
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2023-02-02 00:49:21 +0300
committerAzat Bahawi <azat@bahawi.net>2023-02-02 00:49:21 +0300
commit89399796d0b91e7904ce67de04bd2f60f0d93b5b (patch)
tree06d47b2ccc861fe8188cdb96910e651802ae06cc
parent2023-01-30 (diff)
2023-02-02
-rw-r--r--modules/nixos/common/systemd.nix3
-rw-r--r--modules/nixos/common/users.nix8
-rw-r--r--modules/nixos/openssh.nix2
-rw-r--r--modules/nixos/profiles/default.nix3
-rw-r--r--modules/nixos/profiles/headful.nix4
-rw-r--r--nixosConfigurations/eonwe/default.nix52
-rw-r--r--nixosConfigurations/yavanna/default.nix4
7 files changed, 59 insertions, 17 deletions
diff --git a/modules/nixos/common/systemd.nix b/modules/nixos/common/systemd.nix
index c1b2539..29020a0 100644
--- a/modules/nixos/common/systemd.nix
+++ b/modules/nixos/common/systemd.nix
@@ -1,7 +1,6 @@
 {pkgs, ...}: {
   ark = {
-    # FIXME Enable on a fresh system!
-    # files = ["/etc/machine-id"];
+    files = ["/etc/machine-id"];
     directories = ["/var/lib/systemd/coredump"];
   };
 
diff --git a/modules/nixos/common/users.nix b/modules/nixos/common/users.nix
index 400bf33..367af41 100644
--- a/modules/nixos/common/users.nix
+++ b/modules/nixos/common/users.nix
@@ -1,7 +1,8 @@
 {lib, ...}:
-with lib; {
-  # TODO Enable on a fresh system.
-  # ark.directories = [config.my.home];
+with lib; let
+  home = "/home/${my.username}";
+in {
+  ark.directories = [home];
 
   users = {
     mutableUsers = false;
@@ -13,6 +14,7 @@ with lib; {
         isNormalUser = true;
         uid = 1000;
         description = my.fullname;
+        inherit home;
         inherit (my) hashedPassword;
         openssh.authorizedKeys.keys = [my.ssh.key];
         extraGroups = ["wheel"];
diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix
index 0cd44bd..9a131d7 100644
--- a/modules/nixos/openssh.nix
+++ b/modules/nixos/openssh.nix
@@ -46,7 +46,7 @@ in {
             else "ERROR";
           MaxAuthTries = 3;
           PasswordAuthentication = false;
-          PermitRootLogin = "no";
+          PermitRootLogin = mkForce "no";
         };
       };
 
diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix
index 23eb455..0c78b0f 100644
--- a/modules/nixos/profiles/default.nix
+++ b/modules/nixos/profiles/default.nix
@@ -15,8 +15,7 @@ in {
   ];
 
   config = mkIf cfg.enable {
-    # FIXME Enable on a fresh system!
-    # ark.directories = ["/var/log"];
+    ark.directories = ["/var/log"];
 
     programs.less = {
       enable = true;
diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix
index 2d37b47..ca604cb 100644
--- a/modules/nixos/profiles/headful.nix
+++ b/modules/nixos/profiles/headful.nix
@@ -33,9 +33,7 @@ in {
     };
 
     boot = {
-      # Pretty much placebo but has some nice patches for `-march=native`
-      # optimisations, P-State Zen4 support and Fsync for Wine.
-      kernelPackages = mkDefault pkgs.linuxPackages_xanmod_latest;
+      kernelPackages = mkDefault pkgs.linuxPackages_latest;
 
       # There are (arguably) not a lot of reasons to keep mitigations enabled
       # for on machine that is not web-facing. First of all, to completely
diff --git a/nixosConfigurations/eonwe/default.nix b/nixosConfigurations/eonwe/default.nix
index 8889120..19eb8b1 100644
--- a/nixosConfigurations/eonwe/default.nix
+++ b/nixosConfigurations/eonwe/default.nix
@@ -72,16 +72,60 @@ with lib; {
     initrd.kernelModules = ["nvme"];
   };
 
+  # Filesystem creation:
+  # ```
+  # mkfs.vfat -F 32 -l nixos-boot /dev/nvmeXnYpZ
+  #
+  # zpool create
+  # -o ashift=12
+  # -o autotrim=on
+  # -O acltype=posixacl
+  # -O xattr=sa
+  # -O compression=zstd
+  # -O atime=off
+  # -O relatime=off
+  # -O devices=off
+  # -O canmount=off
+  # -O mountpoint=none
+  # nixos
+  # /dev/nvmeXnYpZ
+  #
+  # zfs create
+  # nixos/root
+  #
+  # zfs create
+  # -o mountpoint=legacy
+  # -o relatime=on
+  # -o encryption=on
+  # -o keyformat=passphrase
+  # nixos/root/ark
+  #
+  # zfs create
+  # -o mountpoint=legacy
+  # nixos/root/nix
+  # ```
   fileSystems = {
     "/boot" = {
-      device = "/dev/disk/by-uuid/FF1E-9CFD";
+      device = "/dev/disk/by-uuid/1363-02E6";
       fsType = "vfat";
     };
 
     "/" = {
-      device = "/dev/disk/by-uuid/20276c1b-7e46-430b-b741-2f4aeb76bc51";
-      fsType = "xfs";
-      options = ["noatime"];
+      device = "none";
+      fsType = "tmpfs";
+      options = ["size=8G" "mode=755"];
+    };
+
+    "/ark" = {
+      device = "nixos/root/ark";
+      fsType = "zfs";
+      neededForBoot = true;
+    };
+
+    "/nix" = {
+      device = "nixos/root/nix";
+      fsType = "zfs";
+      neededForBoot = true;
     };
   };
 
diff --git a/nixosConfigurations/yavanna/default.nix b/nixosConfigurations/yavanna/default.nix
index d347c61..3073caa 100644
--- a/nixosConfigurations/yavanna/default.nix
+++ b/nixosConfigurations/yavanna/default.nix
@@ -27,8 +27,8 @@ with lib; {
     # automatically (IIRC) generated `hardware-configuration.nix' as is.
     #
     # There's, however, no indication that any NVME drives are being used and,
-    # as the matter of fact, the VPS itself is KVM-shire, so... I'm still not
-    # going to risk it.
+    # as the matter of fact, the VPS itself is on KVM, so... I'm still not going
+    # to risk it, though.
     #
     # [1]: https://github.com/elitak/nixos-infect
     initrd.availableKernelModules = ["nvme"];

Consider giving Nix/NixOS a try! <3