Impermanence for zeus

This commit is contained in:
Chris Dombroski 2024-05-31 20:04:28 -04:00
parent 29f025991b
commit 96ba2614c4
6 changed files with 39 additions and 14 deletions

View file

@ -73,7 +73,10 @@
zeus = nixpkgs.lib.nixosSystem { zeus = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { inherit inputs; }; specialArgs = { inherit inputs; };
modules = [ ./systems/zeus/configuration.nix ]; modules = [
impermanence.nixosModules.impermanence
./systems/zeus/configuration.nix
];
}; };
orangepihole = nixpkgs.lib.nixosSystem { orangepihole = nixpkgs.lib.nixosSystem {
system = "aarch64-linux"; system = "aarch64-linux";

View file

@ -1,7 +1,7 @@
{ inputs, ... }: { { inputs, ... }: {
imports = [ inputs.sops-nix.nixosModules.sops ]; imports = [ inputs.sops-nix.nixosModules.sops ];
sops.defaultSopsFile = ../../secrets/secret.yaml; sops.defaultSopsFile = ../../secrets/secret.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ];
sops.age.keyFile = "/var/lib/sops-nix/key.txt"; sops.age.keyFile = "/var/lib/sops-nix/key.txt";
sops.age.generateKey = true; sops.age.generateKey = true;
} }

View file

@ -10,7 +10,6 @@
boot.loader.grub.enable = false; boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true; boot.loader.generic-extlinux-compatible.enable = true;
boot.loader.timeout = 1; boot.loader.timeout = 1;
# boot.kernelPackages = pkgs.linuxPackages_6_6;
boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;
networking = { networking = {
hostName = "orangepihole"; # Define your hostname. hostName = "orangepihole"; # Define your hostname.
@ -35,7 +34,6 @@
ipv6SendRAConfig.EmitDNS = false; ipv6SendRAConfig.EmitDNS = false;
ipv6Prefixes = [{ ipv6PrefixConfig.Prefix = "fd72:3dd5:21ae:3c97::/64"; }]; ipv6Prefixes = [{ ipv6PrefixConfig.Prefix = "fd72:3dd5:21ae:3c97::/64"; }];
}; };
sops.age.sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ];
zramSwap.enable = true; zramSwap.enable = true;
swapDevices = [{ swapDevices = [{
device = "/persist/swapfile"; device = "/persist/swapfile";

View file

@ -25,7 +25,6 @@
tmp.cleanOnBoot = true; tmp.cleanOnBoot = true;
}; };
powerManagement.cpuFreqGovernor = "schedutil"; powerManagement.cpuFreqGovernor = "schedutil";
sops.age.sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ];
sops.secrets."cdombroski/password" = { sops.secrets."cdombroski/password" = {
neededForUsers = true; neededForUsers = true;
sopsFile = ../../secrets/smolboi/users.yaml; sopsFile = ../../secrets/smolboi/users.yaml;
@ -238,7 +237,7 @@
}; };
}; };
cursor = { cursor = {
package = pkgs.breeze-qt5; package = pkgs.kdePackages.breeze;
name = "breeze_cursors"; name = "breeze_cursors";
size = 24; size = 24;
}; };

View file

@ -263,7 +263,8 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH7rvqA2VG9kOPHBNgfna0YA+jEjIR6ZAKrdgWVWQjCV root@orangepihole" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH7rvqA2VG9kOPHBNgfna0YA+jEjIR6ZAKrdgWVWQjCV root@orangepihole"
]; ];
}; };
environment.systemPackages = with pkgs; [ environment = {
systemPackages = with pkgs; [
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
dive dive
podman-tui podman-tui
@ -271,6 +272,23 @@
tcpdump tcpdump
ethtool ethtool
]; ];
persistence."/persist" = {
hideMounts = true;
directories = [
"/srv/docker"
"/tmp"
"/etc/containers/networks"
];
files = [
"/etc/machine-id"
"/etc/adjtime"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
};
};
services = { services = {
samba = { samba = {

View file

@ -13,8 +13,15 @@
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" = {
device = "none";
fsType = "tmpfs";
options = [ "defaults" "mode=755" ];
};
fileSystems."/persist" = {
device = "zroot/root"; device = "zroot/root";
fsType = "zfs"; fsType = "zfs";
neededForBoot = true;
}; };
fileSystems."/boot" = { fileSystems."/boot" = {