megamanmalte/nixos
0
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
nixos/hardware/intel-nuc.nix

114 lines
3.1 KiB
Nix
Raw Blame History

{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
# === Boot options ===
boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usbhid" "uas" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
# === Internal drive ===
fileSystems."/" = {
device = "zroot/safe/root";
fsType = "zfs";
};
fileSystems."/nix" = {
device = "zroot/local/nix";
fsType = "zfs";
};
fileSystems."/var/log/journal" = {
device = "zroot/safe/journal";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/8BB2-9DCB";
fsType = "vfat";
};
# === Swap ===
swapDevices = [{device = "/dev/disk/by-uuid/efc7e294-1c18-4dd9-aca5-f868eb9c47fc";}];
}
// (
# === External drives ===
let
cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup";
unlockLuksService = label: keyfile: overwrites:
lib.attrsets.recursiveUpdate {
description = "Unlock luks encrypted device '${label}'";
bindsTo = ["dev-${label}.device"];
after = ["dev-${label}.device"];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = ''
${cryptsetup} luksOpen --key-file ${keyfile} /dev/${label} ${label}opened
'';
ExecStop = ''
${cryptsetup} luksClose ${label}opened
'';
};
}
overwrites;
disks = {
FRA = "8ae45289-82ed-4cf1-9d68-a0e26e5d9bb5";
BER = "85ce2e58-72fc-4a66-a376-565bb4fc39a1";
HND = "4a3765fc-155e-453d-a348-d1782447bcfe";
LEJ = "5e3c2c1e-73f6-43e6-b8f3-71c923cbeb6d";
};
in {
# Unlock all luks devices and import the zfs pools if necessary
systemd.services."luks-open-FRA" =
unlockLuksService "FRA" "/root/keys/fra" {};
systemd.services."luks-open-BER" = unlockLuksService "BER" "/root/keys/ber" {
serviceConfig.ExecStartPost = "${pkgs.zfs}/bin/zpool import zBER";
};
systemd.services."luks-open-HND" = unlockLuksService "HND" "/root/keys/hnd" {
serviceConfig.ExecStartPost = "${pkgs.zfs}/bin/zpool import zHND";
};
systemd.services."luks-open-LEJ" =
unlockLuksService "LEJ" "/root/keys/lej" {};
systemd.mounts = [
{
what = "/dev/mapper/FRAopened";
where = "/srv/fra";
type = "ext4";
wantedBy = ["default.target"];
requires = ["luks-open-FRA.service"];
after = ["luks-open-FRA.service"];
}
{
what = "/dev/mapper/vg_lej-lv_lej";
where = "/srv/lej";
type = "ext4";
wantedBy = ["default.target"];
requires = ["luks-open-LEJ.service"];
after = ["luks-open-LEJ.service"];
}
];
# Add udev rules for every disk
services.udev.customRules = [
{
name = "85-rename-and-unlock-disks";
rules = lib.concatStringsSep "\n" (lib.attrsets.mapAttrsToList
(alias: uuid: ''
SUBSYSTEM=="block", ENV{ID_FS_UUID}=="${uuid}", SYMLINK+="${alias}", TAG+="systemd"
'')
disks);
}
];
}
)
Reference in a new issue View git blame Copy permalink