blob: adf081485adca2bdc1e5ee23d7272226cc39eda1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
{
config,
lib,
modulesPath,
machine,
...
}: {
imports = [
./impermanence.nix
(modulesPath + "/installer/scan/not-detected.nix")
];
age.secrets = {
secret0.file = ../../secrets/secret0.age;
secret1.file = ../../secrets/secret1.age;
};
boot.loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
};
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
};
i18n.defaultLocale = "de_DE.UTF-8";
networking = {
dhcpcd.enable = true;
firewall.enable = true;
hostName = machine.hostname;
networkmanager.enable = true;
};
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"steam"
"steam-original"
"steam-unwrapped"
"steam-run"
];
programs = {
noshell.enable = true;
steam.enable = true;
sway.enable = true;
};
services = {
blueman.enable = true;
displayManager = {
enable = true;
ly.enable = true;
};
libinput.enable = true;
openssh.enable = true;
printing.enable = true;
};
system.stateVersion = "26.05";
time.timeZone = "Europe/Berlin";
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "sdhci_pci"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
#device = "none";
#fsType = "tmpfs";
#options = ["defaults" "size=60%" "mode=755"];
device = "/dev/disk/by-uuid/5455cfb4-0efd-4f55-b496-d2cab3f419b7";
fsType = "btrfs";
options = ["subvol=root"];
};
boot.initrd.postResumeCommands = lib.mkAfter ''
mkdir /btrfs_tmp
mount ${config.fileSystems."/".device} /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:$M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
mkdir /btrfs_tmp/root/nix
mkdir /btrfs_tmp/root/etc
mount ${config.fileSystems."/nix".device} /btrfs_tmp/root/nix
cp /btrfs_tmp/root/nix/persist/etc/ssh /btrfs_tmp/root/etc/ssh -r
umount /btrfs_tmp/root/nix
rm -r /btrfs_tmp/root/nix
umount /btrfs_tmp
'';
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/0e586651-36f4-42b0-99b3-3f0704a894d6";
fsType = "btrfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/F425-55BA";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
swapDevices = [];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}
|
