megamanmalte/nixos
0
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
nixos/hardware/intel-nuc.nix

108 lines
3.1 KiB
Nix
Raw Blame History

{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
# === Boot options ===
boot.initrd.availableKernelModules =
[ "xhci_pci" "ehci_pci" "ahci" "usbhid" "uas" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# === Internal drive ===
fileSystems."/" = {
device = "zroot/safe/root";
fsType = "zfs";
};
fileSystems."/nix" = {
device = "zroot/local/nix";
fsType = "zfs";
};
fileSystems."/var/log/journal" = {
device = "zroot/safe/journal";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/8BB2-9DCB";
fsType = "vfat";
};
# === Swap ===
swapDevices =
[{ device = "/dev/disk/by-uuid/efc7e294-1c18-4dd9-aca5-f868eb9c47fc"; }];
} // (
# === External drives ===
let
cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup";
unlockLuksService = label: keyfile: overwrites:
lib.attrsets.recursiveUpdate {
description = "Unlock luks encrypted device '${label}'";
bindsTo = [ "dev-${label}.device" ];
after = [ "dev-${label}.device" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = ''
${cryptsetup} luksOpen --key-file ${keyfile} /dev/${label} ${label}opened
'';
ExecStop = ''
${cryptsetup} luksClose ${label}opened
'';
};
} overwrites;
disks = {
FRA = "8ae45289-82ed-4cf1-9d68-a0e26e5d9bb5";
BER = "85ce2e58-72fc-4a66-a376-565bb4fc39a1";
HND = "4a3765fc-155e-453d-a348-d1782447bcfe";
LEJ = "5e3c2c1e-73f6-43e6-b8f3-71c923cbeb6d";
};
in {
# Unlock all luks devices and import the zfs pools if necessary
systemd.services."luks-open-FRA" =
unlockLuksService "FRA" "/root/keys/fra" { };
systemd.services."luks-open-BER" =
unlockLuksService "BER" "/root/keys/ber" {
serviceConfig.ExecStartPost = "${pkgs.zfs}/bin/zpool import zBER";
};
systemd.services."luks-open-HND" =
unlockLuksService "HND" "/root/keys/hnd" {
serviceConfig.ExecStartPost = "${pkgs.zfs}/bin/zpool import zHND";
};
systemd.services."luks-open-LEJ" =
unlockLuksService "LEJ" "/root/keys/lej" { };
systemd.mounts = [
{
what = "/dev/mapper/FRAopened";
where = "/srv/fra";
type = "ext4";
wantedBy = [ "default.target" ];
requires = [ "luks-open-FRA.service" ];
after = [ "luks-open-FRA.service" ];
}
{
what = "/dev/mapper/vg_lej-lv_lej";
where = "/srv/lej";
type = "ext4";
wantedBy = [ "default.target" ];
requires = [ "luks-open-LEJ.service" ];
after = [ "luks-open-LEJ.service" ];
}
];
# Add udev rules for every disk
services.udev.customRules = [{
name = "85-rename-and-unlock-disks";
rules = lib.concatStringsSep "\n" (lib.attrsets.mapAttrsToList
(alias: uuid: ''
SUBSYSTEM=="block", ENV{ID_FS_UUID}=="${uuid}", SYMLINK+="${alias}", TAG+="systemd"
'') disks);
}];
})
Reference in a new issue View git blame Copy permalink