commit 97c737637dd8eb437569da8b7dc724b7921638b5 Author: Hunter Haugen Date: Sun Apr 20 14:36:58 2025 -0400 initial diff --git a/configs/configuration.nix b/configs/configuration.nix new file mode 100644 index 0000000..638c6af --- /dev/null +++ b/configs/configuration.nix @@ -0,0 +1,167 @@ +# Enable the OpenSSH daemon. +# services.openssh.enable = true; + +# Open ports in the firewall. +# networking.firewall.allowedTCPPorts = [ ... ]; +# networking.firewall.allowedUDPPorts = [ ... ]; +# Or disable the firewall altogether. +# networking.firewall.enable = false; + +# Copy the NixOS configuration file and link it from the resulting system +# (/run/current-system/configuration.nix). This is useful in case you +# accidentally delete configuration.nix. +# system.copySystemConfiguration = true; +{ config, pkgs, lib, ... }: + +let + impermanence = builtins.fetchTarball "https://github.com/nix-community/impermanence/archive/master.tar.gz"; +in +{ + imports = + [ + ./hardware-configuration.nix + "${impermanence}/nixos.nix" + ]; + + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/vda"; + + # Enable ZFS support + boot.supportedFilesystems = [ "zfs" ]; + boot.zfs.extraPools = [ "tank" ]; + #boot.zfs.requestEncryptionCredentials = true; + + # ZFS filesystem configuration + fileSystems = { + #"/" = { + # device = "rpool/local/root"; + # fsType = "zfs"; + #}; + + #"/boot" = { + # device = "/dev/disk/by-uuid/10CD-4CB5"; + # fsType = "vfat"; + # options = [ "fmask=0077" "dmask=0077" ]; + #}; + + #"/nix" = { + # device = "rpool/local/nix"; + # fsType = "zfs"; + #}; + + #"/home" = { + # device = "rpool/safe/home"; + # fsType = "zfs"; + #}; + + "/persist" = { + device = "rpool/safe/persist"; + fsType = "zfs"; + neededForBoot = true; + }; + + #"/var/lib/docker" = { + # device = "rpool/docker"; + # fsType = "zfs"; + # options = [ "zfsutil" ]; + # neededForBoot = true; + #}; + }; + + swapDevices = [{ + randomEncryption = true; + device = "/dev/disk/by-partuuid/1a5d6a96-0558-4623-bf52-e7523f5afe0e"; + }]; + + # Impermanence configuration + # /var/log and /var/lib ar persisted through zfs datasets, but not backed up. + # Anything stored in /persist should get backed up. + environment.persistence."/persist" = { + hideMounts = true; + directories = [ + "/root" + "/etc/nixos" + "/etc/ssh" + ]; + files = [ + "/etc/machine-id" + "/etc/nix/id_rsa" + ]; + }; + + # Create tmpfs for root to implement impermanence + boot.initrd.postDeviceCommands = lib.mkAfter '' + zfs rollback -r rpool/local/root@blank + ''; + + # Docker configuration + virtualisation.docker = { + enable = true; + extraOptions = "--storage-driver=overlay2"; + }; + + # System packages + environment.systemPackages = with pkgs; [ + git + vim + wget + curl + htop + zfs + zsh + tmux + docker-compose + ]; + + # User configuration + users.users.hunner = { + isNormalUser = true; + extraGroups = [ "wheel" "docker" "networkmanager" ]; + initialPassword = "a"; + shell = pkgs.zsh; + }; + + # Home manager integration for persistent home configuration (optional) + # home-manager.users.hunner = { pkgs, ... }: { + # home.persistence."/persist/home/hunner" = { + # directories = [ + # "Downloads" + # "Documents" + # "Pictures" + # "Videos" + # ".ssh" + # ".config" + # ]; + # files = [ + # ".bash_history" + # ]; + # }; + # }; + + # Networking + networking = { + hostName = "cryostation"; + hostId = "a20e391e"; # Required for ZFS + networkmanager.enable = true; + }; + + # Time zone and locale + time.timeZone = "America/Los_Angeles"; # Adjust to your timezone + i18n.defaultLocale = "en_US.UTF-8"; + + programs.zsh.enable = true; + services.openssh.enable = true; + # Enable ZFS auto-snapshot service + # services.zfs.autoSnapshot = { + # enable = true; + # frequent = 4; + # hourly = 24; + # daily = 7; + # weekly = 4; + # monthly = 12; + # }; + + # This value determines the NixOS release + system.stateVersion = "24.11"; +} + diff --git a/configs/configuration.nix-bak b/configs/configuration.nix-bak new file mode 100644 index 0000000..9985b58 --- /dev/null +++ b/configs/configuration.nix-bak @@ -0,0 +1,153 @@ +# Enable the OpenSSH daemon. +# services.openssh.enable = true; + +# Open ports in the firewall. +# networking.firewall.allowedTCPPorts = [ ... ]; +# networking.firewall.allowedUDPPorts = [ ... ]; +# Or disable the firewall altogether. +# networking.firewall.enable = false; + +# Copy the NixOS configuration file and link it from the resulting system +# (/run/current-system/configuration.nix). This is useful in case you +# accidentally delete configuration.nix. +# system.copySystemConfiguration = true; +{ config, pkgs, lib, ... }: + +{ + imports = + [ + ./hardware-configuration.nix + ]; + + boot.loader.grub.enable = true; + + # Enable ZFS support + boot.supportedFilesystems = [ "zfs" ]; + boot.zfs.requestEncryptionCredentials = true; + + # ZFS filesystem configuration + # Assuming you've created these datasets during installation + fileSystems = { + "/" = { + device = "rpool/root"; + fsType = "zfs"; + }; + + "/nix" = { + device = "rpool/nix"; + fsType = "zfs"; + }; + + "/boot" = { + device = "/dev/disk/by-label/BOOT"; + fsType = "vfat"; + }; + + "/home" = { + device = "rpool/home"; + fsType = "zfs"; + neededForBoot = true; + }; + + "/persist" = { + device = "rpool/persist"; + fsType = "zfs"; + neededForBoot = true; + }; + + "/var/lib/docker" = { + device = "rpool/docker"; + fsType = "zfs"; + }; + }; + + # Impermanence configuration + environment.persistence."/persist" = { + hideMounts = true; + directories = [ + "/root" + "/etc/nixos" + "/etc/ssh" + "/var/log" + "/var/lib/NetworkManager" + ]; + files = [ + "/etc/machine-id" + "/etc/nix/id_rsa" + ]; + }; + + # Create tmpfs for root to implement impermanence + boot.initrd.postDeviceCommands = lib.mkAfter '' + zfs rollback -r rpool/local/root@blank + ''; + + # Docker configuration + virtualisation.docker = { + enable = true; + extraOptions = "--storage-driver=overlay2"; + }; + + # System packages + environment.systemPackages = with pkgs; [ + git + vim + wget + curl + htop + zfs + docker-compose + ]; + + # User configuration + users.users.hunner = { + isNormalUser = true; + extraGroups = [ "wheel" "docker" "networkmanager" ]; + # For impermanence, store home directory configuration + home = "/home/hunner"; + createHome = true; + }; + + # Home manager integration for persistent home configuration (optional) + # home-manager.users.hunner = { pkgs, ... }: { + # home.persistence."/persist/home/hunner" = { + # directories = [ + # "Downloads" + # "Documents" + # "Pictures" + # "Videos" + # ".ssh" + # ".config" + # ]; + # files = [ + # ".bash_history" + # ]; + # }; + # }; + + # Networking + networking = { + hostName = "cryostation"; + hostId = "a20e391e"; # Required for ZFS + networkmanager.enable = true; + }; + + # Time zone and locale + time.timeZone = "America/Los_Angeles"; # Adjust to your timezone + i18n.defaultLocale = "en_US.UTF-8"; + + services.openssh.enable = true; + # Enable ZFS auto-snapshot service + # services.zfs.autoSnapshot = { + # enable = true; + # frequent = 4; + # hourly = 24; + # daily = 7; + # weekly = 4; + # monthly = 12; + # }; + + # This value determines the NixOS release + system.stateVersion = "24.11"; +} + diff --git a/configs/configuration.nix-clean b/configs/configuration.nix-clean new file mode 100644 index 0000000..44453c6 --- /dev/null +++ b/configs/configuration.nix-clean @@ -0,0 +1,127 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; + # Define on which hard drive you want to install Grub. + # boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + + # networking.hostName = "nixos"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + + + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # hardware.pulseaudio.enable = true; + # OR + # services.pipewire = { + # enable = true; + # pulse.enable = true; + # }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + # users.users.alice = { + # isNormalUser = true; + # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + # packages = with pkgs; [ + # tree + # ]; + # }; + + # programs.firefox.enable = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + # environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + # ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "24.11"; # Did you read the comment? + +} + diff --git a/configs/configuration.nix-noboot b/configs/configuration.nix-noboot new file mode 100644 index 0000000..77fa4c7 --- /dev/null +++ b/configs/configuration.nix-noboot @@ -0,0 +1,169 @@ +# Enable the OpenSSH daemon. +# services.openssh.enable = true; + +# Open ports in the firewall. +# networking.firewall.allowedTCPPorts = [ ... ]; +# networking.firewall.allowedUDPPorts = [ ... ]; +# Or disable the firewall altogether. +# networking.firewall.enable = false; + +# Copy the NixOS configuration file and link it from the resulting system +# (/run/current-system/configuration.nix). This is useful in case you +# accidentally delete configuration.nix. +# system.copySystemConfiguration = true; +{ config, pkgs, lib, ... }: + +let + impermanence = builtins.fetchTarball "https://github.com/nix-community/impermanence/archive/master.tar.gz"; +in +{ + imports = + [ + ./hardware-configuration.nix + "${impermanence}/nixos.nix" + ]; + + boot.loader.grub.enable = true; + # EFI doesn't seem to boot + #boot.loader.systemd-boot.enable = true; + #boot.loader.efi.canTouchEfiVariables = true; + + # Enable ZFS support + boot.supportedFilesystems = [ "zfs" ]; + boot.zfs.extraPools = [ "tank" ]; + #boot.zfs.requestEncryptionCredentials = true; + + # ZFS filesystem configuration + fileSystems = { + #"/" = { + # device = "rpool/local/root"; + # fsType = "zfs"; + #}; + + #"/boot" = { + # device = "/dev/disk/by-uuid/10CD-4CB5"; + # fsType = "vfat"; + # options = [ "fmask=0077" "dmask=0077" ]; + #}; + + #"/nix" = { + # device = "rpool/local/nix"; + # fsType = "zfs"; + #}; + + #"/home" = { + # device = "rpool/safe/home"; + # fsType = "zfs"; + #}; + + "/persist" = { + device = "rpool/safe/persist"; + fsType = "zfs"; + neededForBoot = true; + }; + + #"/var/lib/docker" = { + # device = "rpool/docker"; + # fsType = "zfs"; + # options = [ "zfsutil" ]; + # neededForBoot = true; + #}; + }; + + swapDevices = [{ + randomEncryption = true; + device = "/dev/disk/by-partuuid/1a5d6a96-0558-4623-bf52-e7523f5afe0e"; + }]; + + # Impermanence configuration + # /var/log and /var/lib ar persisted through zfs datasets, but not backed up. + # Anything stored in /persist should get backed up. + environment.persistence."/persist" = { + hideMounts = true; + directories = [ + "/root" + "/etc/nixos" + "/etc/ssh" + ]; + files = [ + "/etc/machine-id" + "/etc/nix/id_rsa" + ]; + }; + + # Create tmpfs for root to implement impermanence + boot.initrd.postDeviceCommands = lib.mkAfter '' + zfs rollback -r rpool/local/root@blank + ''; + + # Docker configuration + virtualisation.docker = { + enable = true; + extraOptions = "--storage-driver=overlay2"; + }; + + # System packages + environment.systemPackages = with pkgs; [ + git + vim + wget + curl + htop + zfs + zsh + tmux + docker-compose + ]; + + # User configuration + users.users.hunner = { + isNormalUser = true; + extraGroups = [ "wheel" "docker" "networkmanager" ]; + initialPassword = "a"; + shell = pkgs.zsh; + }; + + # Home manager integration for persistent home configuration (optional) + # home-manager.users.hunner = { pkgs, ... }: { + # home.persistence."/persist/home/hunner" = { + # directories = [ + # "Downloads" + # "Documents" + # "Pictures" + # "Videos" + # ".ssh" + # ".config" + # ]; + # files = [ + # ".bash_history" + # ]; + # }; + # }; + + # Networking + networking = { + hostName = "cryostation"; + hostId = "a20e391e"; # Required for ZFS + networkmanager.enable = true; + }; + + # Time zone and locale + time.timeZone = "America/Los_Angeles"; # Adjust to your timezone + i18n.defaultLocale = "en_US.UTF-8"; + + programs.zsh.enable = true; + services.openssh.enable = true; + # Enable ZFS auto-snapshot service + # services.zfs.autoSnapshot = { + # enable = true; + # frequent = 4; + # hourly = 24; + # daily = 7; + # weekly = 4; + # monthly = 12; + # }; + + # This value determines the NixOS release + system.stateVersion = "24.11"; +} + diff --git a/configs/hardware-configuration.nix b/configs/hardware-configuration.nix new file mode 100644 index 0000000..e0904c6 --- /dev/null +++ b/configs/hardware-configuration.nix @@ -0,0 +1,64 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "rpool/local/root"; + fsType = "zfs"; + }; + + fileSystems."/nix" = + { device = "rpool/local/nix"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "rpool/safe/home"; + fsType = "zfs"; + }; + + fileSystems."/persist" = + { device = "rpool/safe/persist"; + fsType = "zfs"; + }; + + fileSystems."/var/log" = + { device = "rpool/local/varlog"; + fsType = "zfs"; + }; + + fileSystems."/var/lib" = + { device = "rpool/local/varlib"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/10CD-4CB5"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/08997d20-b4ed-4b01-bd25-51cd33af20cc"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..cdd6788 --- /dev/null +++ b/configuration.nix @@ -0,0 +1,167 @@ +# Enable the OpenSSH daemon. +# services.openssh.enable = true; + +# Open ports in the firewall. +# networking.firewall.allowedTCPPorts = [ ... ]; +# networking.firewall.allowedUDPPorts = [ ... ]; +# Or disable the firewall altogether. +# networking.firewall.enable = false; + +# Copy the NixOS configuration file and link it from the resulting system +# (/run/current-system/configuration.nix). This is useful in case you +# accidentally delete configuration.nix. +# system.copySystemConfiguration = true; +{ config, pkgs, lib, ... }: + +let + impermanence = builtins.fetchTarball "https://github.com/nix-community/impermanence/archive/master.tar.gz"; +in +{ + imports = + [ + ./hardware-configuration.nix + "${impermanence}/nixos.nix" + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # Enable ZFS support + boot.supportedFilesystems = [ "zfs" ]; + boot.zfs.extraPools = [ "tank" ]; + #boot.zfs.requestEncryptionCredentials = true; + + # ZFS filesystem configuration + fileSystems = { + #"/" = { + # device = "rpool/local/root"; + # fsType = "zfs"; + #}; + + #"/boot" = { + # device = "/dev/disk/by-uuid/10CD-4CB5"; + # fsType = "vfat"; + # options = [ "fmask=0077" "dmask=0077" ]; + #}; + + #"/nix" = { + # device = "rpool/local/nix"; + # fsType = "zfs"; + #}; + + #"/home" = { + # device = "rpool/safe/home"; + # fsType = "zfs"; + #}; + + "/persist" = { + device = "rpool/safe/persist"; + fsType = "zfs"; + neededForBoot = true; + }; + + #"/var/lib/docker" = { + # device = "rpool/docker"; + # fsType = "zfs"; + # options = [ "zfsutil" ]; + # neededForBoot = true; + #}; + }; + + swapDevices = [{ + randomEncryption = true; + device = "/dev/disk/by-partuuid/1a5d6a96-0558-4623-bf52-e7523f5afe0e"; + }]; + + # Impermanence configuration + # /var/log and /var/lib ar persisted through zfs datasets, but not backed up. + # Anything stored in /persist should get backed up. + environment.persistence."/persist" = { + hideMounts = true; + directories = [ + "/root" + "/etc/nixos" + "/etc/ssh" + ]; + files = [ + "/etc/machine-id" + "/etc/nix/id_rsa" + ]; + }; + + # Create tmpfs for root to implement impermanence + boot.initrd.postDeviceCommands = lib.mkAfter '' + zfs rollback -r rpool/local/root@blank + ''; + + # Docker configuration + virtualisation.docker = { + enable = true; + extraOptions = "--storage-driver=overlay2"; + }; + + # System packages + environment.systemPackages = with pkgs; [ + git + vim + wget + curl + htop + zfs + zsh + tmux + docker-compose + ]; + + # User configuration + users.users.hunner = { + isNormalUser = true; + extraGroups = [ "wheel" "docker" "networkmanager" ]; + initialPassword = "a"; + shell = pkgs.zsh; + }; + + # Home manager integration for persistent home configuration (optional) + # home-manager.users.hunner = { pkgs, ... }: { + # home.persistence."/persist/home/hunner" = { + # directories = [ + # "Downloads" + # "Documents" + # "Pictures" + # "Videos" + # ".ssh" + # ".config" + # ]; + # files = [ + # ".bash_history" + # ]; + # }; + # }; + + # Networking + networking = { + hostName = "cryostation"; + hostId = "a20e391e"; # Required for ZFS + networkmanager.enable = true; + }; + + # Time zone and locale + time.timeZone = "America/Los_Angeles"; # Adjust to your timezone + i18n.defaultLocale = "en_US.UTF-8"; + + programs.zsh.enable = true; + services.openssh.enable = true; + # Enable ZFS auto-snapshot service + # services.zfs.autoSnapshot = { + # enable = true; + # frequent = 4; + # hourly = 24; + # daily = 7; + # weekly = 4; + # monthly = 12; + # }; + + # This value determines the NixOS release + system.stateVersion = "24.11"; +} + diff --git a/hardware-configuration.nix b/hardware-configuration.nix new file mode 100644 index 0000000..023a9bc --- /dev/null +++ b/hardware-configuration.nix @@ -0,0 +1,64 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "rpool/local/root"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/10CD-4CB5"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + fileSystems."/nix" = + { device = "rpool/local/nix"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "rpool/safe/home"; + fsType = "zfs"; + }; + + fileSystems."/persist" = + { device = "rpool/safe/persist"; + fsType = "zfs"; + }; + + fileSystems."/var/lib" = + { device = "rpool/local/varlib"; + fsType = "zfs"; + }; + + fileSystems."/var/log" = + { device = "rpool/local/varlog"; + fsType = "zfs"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/08997d20-b4ed-4b01-bd25-51cd33af20cc"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/qemu/boot.sh b/qemu/boot.sh new file mode 100755 index 0000000..eed4c40 --- /dev/null +++ b/qemu/boot.sh @@ -0,0 +1,13 @@ +qemu-system-x86_64 \ + -enable-kvm \ + -m 4G \ + -smp 4 \ + -cpu host \ + -drive file=/home/hunner/Downloads/latest-nixos-minimal-x86_64-linux.iso,media=cdrom \ + -drive file=disk1.qcow2,format=qcow2,if=virtio \ + -drive file=disk2.qcow2,format=qcow2,if=virtio \ + -boot menu=on,splash-time=5000 \ + -nic user,model=virtio-net-pci,hostfwd=tcp::2222-:22 \ + -display gtk + + #-drive file=/home/hunner/Downloads/nixos-minimal-23.05.2664.9034b46dc4c7-x86_64-linux.iso,media=cdrom \ diff --git a/qemu/configuration.nix b/qemu/configuration.nix new file mode 100644 index 0000000..213dc60 --- /dev/null +++ b/qemu/configuration.nix @@ -0,0 +1,116 @@ +{ config, pkgs, lib, ... }: + +#zpool import -f rpool +#mount -t zfs rpool/local/root /mnt +#mkdir -p /mnt/{boot,nix,home,persist,var/lib,var/log} +#mount /dev/vda2 /mnt/boot +#mount -t zfs rpool/local/nix /mnt/nix +#mount -t zfs rpool/safe/home /mnt/home +#mount -t zfs rpool/safe/persist /mnt/persist +#mount -t zfs rpool/local/var/lib /mnt/var/lib +#mount -t zfs rpool/local/var/log /mnt/var/log +let + impermanence = builtins.fetchTarball "https://github.com/nix-community/impermanence/archive/master.tar.gz"; +in +{ + imports = + [ + ./hardware-configuration.nix + "${impermanence}/nixos.nix" + ]; + + # Enable ZFS support + boot.supportedFilesystems = [ "zfs" ]; + boot.zfs.requestEncryptionCredentials = false; + + fileSystems = { + "/persist" = { + device = "rpool/safe/persist"; + fsType = "zfs"; + neededForBoot = true; # Only /persist needs to be marked as needed for boot + }; + }; + + # Import the existing ZFS pool from the second disk without formatting it + boot.zfs.extraPools = [ "tank" ]; + boot.zfs.devNodes = "/dev/disk/by-path"; # This is neede for ZFS to find the pool at boot + + # Use GRUB with MBR for BIOS booting + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/vda"; + boot.loader.grub.zfsSupport = true; + boot.loader.grub.efiSupport = false; + + # Impermanence configuration + # Set up impermanence - root filesystem will be reset on each boot + boot.initrd.postResumeCommands = lib.mkAfter '' + zfs rollback -r rpool/local/root@blank + ''; + # /var/log and /var/lib ar persisted through zfs datasets, but not backed up. + # Anything stored in /persist should get backed up. + environment.persistence."/persist" = { + hideMounts = true; + directories = [ + "/root" + "/etc/nixos" + "/etc/ssh" + ]; + files = [ + "/etc/machine-id" + #"/etc/nix/id_rsa" # Needed? + ]; + }; + # Files are not copied to /persist during install, so need to do so manually + #rsync -azPH /mnt/root/ /mnt/persist/root + #rsync -azPH /mnt/etc/nixos/ /mnt/persist/etc/nixos + #rsync -azPH /mnt/etc/ssh/ /mnt/persist/etc/ssh + #cp /mnt/etc/machine-id /mnt/persist/etc/machine-id + + # Swap configuration + swapDevices = [ { + device = "/dev/vda3"; + randomEncryption.enable = true; + } ]; + + # Basic system configuration + networking.hostId = "5472a981"; # Required for ZFS + networking.hostName = "cryochamber"; + + # Enable networking + networking.networkmanager.enable = true; + + # Set your time zone + time.timeZone = "UTC"; + + # Docker configuration + virtualisation.docker = { + enable = true; + extraOptions = "--storage-driver=overlay2"; + }; + + # System packages + environment.systemPackages = with pkgs; [ + git + vim + wget + curl + htop + zfs + zsh + tmux + docker-compose + ]; + + # Define a user account + users.users.hunner = { + isNormalUser = true; + extraGroups = [ "wheel" "docker" "networkmanager" ]; + initialPassword = "a"; + shell = pkgs.zsh; + }; + + programs.zsh.enable = true; + services.openssh.enable = true; + + system.stateVersion = "24.11"; +} diff --git a/qemu/disko-gpt.nix b/qemu/disko-gpt.nix new file mode 100644 index 0000000..f8a7b3a --- /dev/null +++ b/qemu/disko-gpt.nix @@ -0,0 +1,106 @@ +{ + disko.devices = { + disk = { + vda = { + type = "disk"; + device = "/dev/vda"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; + }; + ESP = { + name = "ESP"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + swap = { + size = "8G"; + content = { + type = "swap"; + randomEncryption = true; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; + }; + zpool = { + rpool = { + type = "zpool"; + rootFsOptions = { + acltype = "posixacl"; + compression = "lz4"; + dnodesize = "auto"; + normalization = "formD"; + relatime = "on"; + xattr = "sa"; + }; + options = { + ashift = "12"; + autotrim = "on"; + }; + datasets = { + "local/root" = { + type = "zfs_fs"; + options = { + mountpoint = "legacy"; + canmount = "noauto"; + }; + mountpoint = "/"; + postCreateHook = '' + zfs snapshot rpool/local/root@blank + ''; + }; + "local/nix" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/nix"; + }; + "safe/persist" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/persist"; + }; + "safe/home" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home"; + }; + "local/var" = { + type = "zfs_fs"; + options = { + mountpoint = "none"; + canmount = "off"; + }; + }; + "local/var/lib" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/var/lib"; + }; + "local/var/log" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/var/log"; + }; + }; + }; + }; + }; +} diff --git a/qemu/disko-mbr.nix b/qemu/disko-mbr.nix new file mode 100644 index 0000000..4c3b44b --- /dev/null +++ b/qemu/disko-mbr.nix @@ -0,0 +1,104 @@ +{ + disko.devices = { + disk = { + vda = { + device = "/dev/vda"; + type = "disk"; + content = { + type = "mbr"; # Use MBR instead of GPT + partitions = { + boot = { + size = "1G"; + type = "83"; # Linux type + bootable = true; # Mark as bootable + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/boot"; + }; + }; + swap = { + size = "8G"; + type = "82"; # Linux swap type + content = { + type = "swap"; + randomEncryption = true; # Enable random encryption for swap + }; + }; + zfs = { + size = "100%"; + type = "83"; # Linux type + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; + }; + zpool = { + rpool = { + type = "zpool"; + rootFsOptions = { + acltype = "posixacl"; + compression = "lz4"; + dnodesize = "auto"; + normalization = "formD"; + relatime = "on"; # Using relatime as you requested + xattr = "sa"; + }; + options = { + ashift = "12"; + autotrim = "on"; + }; + datasets = { + "local/root" = { + type = "zfs_fs"; + options = { + mountpoint = "legacy"; + canmount = "noauto"; + }; + mountpoint = "/"; + postCreateHook = '' + zfs snapshot rpool/local/root@blank + zfs rollback rpool/local/root@blank + ''; + }; + "local/nix" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/nix"; + }; + "safe/persist" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/persist"; + }; + "safe/home" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home"; + }; + "local/var" = { + type = "zfs_fs"; + options = { + mountpoint = "none"; + canmount = "off"; + }; + }; + "local/var/lib" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/var/lib"; + }; + "local/var/log" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/var/log"; + }; + }; + }; + }; + }; +} diff --git a/qemu/disko.nix b/qemu/disko.nix new file mode 100644 index 0000000..43bc1cb --- /dev/null +++ b/qemu/disko.nix @@ -0,0 +1,101 @@ +{ + disko.devices = { + disk = { + vda = { + device = "/dev/vda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1G"; + type = "EF02"; # BIOS boot partition + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/boot"; + }; + }; + swap = { + size = "8G"; + content = { + type = "swap"; + randomEncryption = true; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; + }; + zpool = { + rpool = { + type = "zpool"; + rootFsOptions = { + acltype = "posixacl"; + compression = "lz4"; + dnodesize = "auto"; + normalization = "formD"; + relatime = "on"; + xattr = "sa"; + }; + options = { + ashift = "12"; + autotrim = "on"; + }; + datasets = { + "local/root" = { + type = "zfs_fs"; + options = { + mountpoint = "legacy"; + canmount = "noauto"; + }; + mountpoint = "/"; + postCreateHook = '' + zfs snapshot rpool/local/root@blank + zfs rollback rpool/local/root@blank + ''; + }; + "local/nix" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/nix"; + }; + "safe/persist" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/persist"; + }; + "safe/home" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home"; + }; + "local/var" = { + type = "zfs_fs"; + options = { + mountpoint = "none"; + canmount = "off"; + }; + }; + "local/var/lib" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/var/lib"; + }; + "local/var/log" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/var/log"; + }; + }; + }; + }; + }; +}