add remote disko and some other things

6 files changed, 71 insertions, 26 deletions

diff --git a/modules/nixos/boot/109-199-104-83.nix b/modules/nixos/boot/109-199-104-83.nix
index d54de8e..71f8d54 100644
--- a/modules/nixos/boot/109-199-104-83.nix
+++ b/modules/nixos/boot/109-199-104-83.nix
@@ -1,6 +1,5 @@
 {
   boot.loader.grub = {
-    devices = ["/dev/sda"];
     efiSupport = true;
     efiInstallAsRemovable = true;
   };
diff --git a/modules/nixos/common.nix b/modules/nixos/common.nix
index 94d77d4..ba476e5 100644
--- a/modules/nixos/common.nix
+++ b/modules/nixos/common.nix
@@ -20,4 +20,7 @@
 
   # disable lecture
   security.sudo.extraConfig = ''Defaults lecture="never"'';
+
+  # make users immutable
+  users.mutableUsers = false;
 }
diff --git a/modules/nixos/disko/remote.nix b/modules/nixos/disko/remote.nix
new file mode 100644
index 0000000..0b2e726
--- /dev/null
+++ b/modules/nixos/disko/remote.nix
@@ -0,0 +1,64 @@
+{
+  disko.devices = {
+    disk = {
+      disk1 = {
+        device = "/dev/sda";
+        type = "disk";
+        content = {
+          type = "gpt";
+          partitions = {
+            # legacy boot
+            boot = {
+              name = "boot";
+              size = "1M";
+              type = "EF02";
+            };
+
+            # efi boot
+            esp = {
+              name = "ESP";
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+
+            # btrfs
+            # root is on nodev
+            root = {
+              size = "100%";
+              content = {
+                extraArgs = ["-f"]; # internet told me to, works
+                type = "btrfs";
+                subvolumes = {
+                  # nix store
+                  "/nix" = {
+                    mountpoint = "/nix";
+                  };
+
+                  # persistant directory
+                  "/persist" = {
+                    mountpoint = "/persist";
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+    nodev = {
+      # root
+      "/" = {
+        fsType = "tmpfs";
+        mountOptions = [
+          "defaults"
+          "mode=755" # stops security complaints
+        ];
+      };
+    };
+  };
+}
diff --git a/modules/nixos/impermanence-ssh.nix b/modules/nixos/impermanence-ssh.nix
new file mode 100644
index 0000000..00dc294
--- /dev/null
+++ b/modules/nixos/impermanence-ssh.nix
@@ -0,0 +1,4 @@
+{
+  # ONLY include this module AFTER a machine has been provisioned
+  environment.persistence."/persist".directories = ["/etc/ssh"];
+}
diff --git a/modules/nixos/impermanence.nix b/modules/nixos/impermanence.nix
index 91e0dd7..7f0062b 100644
--- a/modules/nixos/impermanence.nix
+++ b/modules/nixos/impermanence.nix
@@ -7,7 +7,6 @@
       "/var/log"
       "/var/lib/nixos"
       "/var/lib/systemd/coredump"
-      "/etc/ssh"
     ];
     files = [
       "/etc/machine-id"
diff --git a/modules/nixos/machines/109-199-104-83.nix b/modules/nixos/machines/109-199-104-83.nix
index 85399e9..998001c 100644
--- a/modules/nixos/machines/109-199-104-83.nix
+++ b/modules/nixos/machines/109-199-104-83.nix
@@ -17,30 +17,6 @@
   boot.kernelModules = [];
   boot.extraModulePackages = [];
 
-  fileSystems."/" = {
-    device = "tmpfs";
-    fsType = "tmpfs";
-    options = ["defaults" "mode=755"];
-  };
-
-  fileSystems."/nix" = {
-    device = "/dev/disk/by-uuid/3457e181-b01d-4712-809d-c8b65e863992";
-    fsType = "btrfs";
-    options = ["subvol=nix"];
-  };
-
-  fileSystems."/persist" = {
-    device = "/dev/disk/by-uuid/3457e181-b01d-4712-809d-c8b65e863992";
-    fsType = "btrfs";
-    options = ["subvol=persist"];
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/05FB-0941";
-    fsType = "vfat";
-    options = ["fmask=0022" "dmask=0022"];
-  };
-
   swapDevices = [];
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";