From 411ee0c027b44d5067839b4abf8326656dd2b22c Mon Sep 17 00:00:00 2001 From: andromeda Date: Sat, 10 Jan 2026 08:59:54 +0100 Subject: add remote disko and some other things --- modules/nixos/boot/109-199-104-83.nix | 1 - modules/nixos/common.nix | 3 ++ modules/nixos/disko/remote.nix | 64 +++++++++++++++++++++++++++++++ modules/nixos/impermanence-ssh.nix | 4 ++ modules/nixos/impermanence.nix | 1 - modules/nixos/machines/109-199-104-83.nix | 24 ------------ 6 files changed, 71 insertions(+), 26 deletions(-) create mode 100644 modules/nixos/disko/remote.nix create mode 100644 modules/nixos/impermanence-ssh.nix (limited to 'modules') diff --git a/modules/nixos/boot/109-199-104-83.nix b/modules/nixos/boot/109-199-104-83.nix index d54de8e..71f8d54 100644 --- a/modules/nixos/boot/109-199-104-83.nix +++ b/modules/nixos/boot/109-199-104-83.nix @@ -1,6 +1,5 @@ { boot.loader.grub = { - devices = ["/dev/sda"]; efiSupport = true; efiInstallAsRemovable = true; }; diff --git a/modules/nixos/common.nix b/modules/nixos/common.nix index 94d77d4..ba476e5 100644 --- a/modules/nixos/common.nix +++ b/modules/nixos/common.nix @@ -20,4 +20,7 @@ # disable lecture security.sudo.extraConfig = ''Defaults lecture="never"''; + + # make users immutable + users.mutableUsers = false; } diff --git a/modules/nixos/disko/remote.nix b/modules/nixos/disko/remote.nix new file mode 100644 index 0000000..0b2e726 --- /dev/null +++ b/modules/nixos/disko/remote.nix @@ -0,0 +1,64 @@ +{ + disko.devices = { + disk = { + disk1 = { + device = "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + # legacy boot + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + + # efi boot + esp = { + name = "ESP"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + + # btrfs + # root is on nodev + root = { + size = "100%"; + content = { + extraArgs = ["-f"]; # internet told me to, works + type = "btrfs"; + subvolumes = { + # nix store + "/nix" = { + mountpoint = "/nix"; + }; + + # persistant directory + "/persist" = { + mountpoint = "/persist"; + }; + }; + }; + }; + }; + }; + }; + }; + nodev = { + # root + "/" = { + fsType = "tmpfs"; + mountOptions = [ + "defaults" + "mode=755" # stops security complaints + ]; + }; + }; + }; +} diff --git a/modules/nixos/impermanence-ssh.nix b/modules/nixos/impermanence-ssh.nix new file mode 100644 index 0000000..00dc294 --- /dev/null +++ b/modules/nixos/impermanence-ssh.nix @@ -0,0 +1,4 @@ +{ + # ONLY include this module AFTER a machine has been provisioned + environment.persistence."/persist".directories = ["/etc/ssh"]; +} diff --git a/modules/nixos/impermanence.nix b/modules/nixos/impermanence.nix index 91e0dd7..7f0062b 100644 --- a/modules/nixos/impermanence.nix +++ b/modules/nixos/impermanence.nix @@ -7,7 +7,6 @@ "/var/log" "/var/lib/nixos" "/var/lib/systemd/coredump" - "/etc/ssh" ]; files = [ "/etc/machine-id" diff --git a/modules/nixos/machines/109-199-104-83.nix b/modules/nixos/machines/109-199-104-83.nix index 85399e9..998001c 100644 --- a/modules/nixos/machines/109-199-104-83.nix +++ b/modules/nixos/machines/109-199-104-83.nix @@ -17,30 +17,6 @@ boot.kernelModules = []; boot.extraModulePackages = []; - fileSystems."/" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["defaults" "mode=755"]; - }; - - fileSystems."/nix" = { - device = "/dev/disk/by-uuid/3457e181-b01d-4712-809d-c8b65e863992"; - fsType = "btrfs"; - options = ["subvol=nix"]; - }; - - fileSystems."/persist" = { - device = "/dev/disk/by-uuid/3457e181-b01d-4712-809d-c8b65e863992"; - fsType = "btrfs"; - options = ["subvol=persist"]; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/05FB-0941"; - fsType = "vfat"; - options = ["fmask=0022" "dmask=0022"]; - }; - swapDevices = []; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -- cgit v1.3