feat: new host - shoukei

2026-05-21 22:16:52 +02:00 · 2023-12-24 00:36:20 +08:00
parent 73a746cebd
commit 03c1d14ed9
25 changed files with 869 additions and 197 deletions
@@ -0,0 +1,130 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  hardware.firmware = [
+    (import ./brcm-firmware { inherit pkgs;})
+  ];
+
+  boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-intel"];
+  boot.extraModulePackages = [];
+
+  # Use the EFI boot loader.
+  boot.loader.efi.canTouchEfiVariables = true;
+  # depending on how you configured your disk mounts, change this to /boot or /boot/efi.
+  boot.loader.efi.efiSysMountPoint = "/boot";
+  boot.loader.systemd-boot.enable = true;
+
+  # Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
+  boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
+  # supported fil systems, so we can mount any removable disks with these filesystems
+  boot.supportedFilesystems = lib.mkForce [
+    "ext4"
+    "btrfs"
+    "xfs"
+    "ntfs"
+    "fat"
+    "vfat"
+    "cifs" # mount windows share
+  ];
+
+  # clear /tmp on boot to get a stateless /tmp directory.
+  boot.tmp.cleanOnBoot = true;
+  boot.initrd = {
+    # unlocked luks devices via a keyfile or prompt a passphrase.
+    luks.devices."crypted-nixos" = {
+      device = "/dev/nvme0n1p4";
+      # the keyfile(or device partition) that should be used as the decryption key for the encrypted device.
+      # if not specified, you will be prompted for a passphrase instead.
+      #keyFile = "/root-part.key";
+
+      # whether to allow TRIM requests to the underlying device.
+      # it's less secure, but faster.
+      allowDiscards = true;
+    };
+  };
+
+  # equal to `mount -t tmpfs tmpfs /`
+  fileSystems."/" = {
+    device = "tmpfs";
+    fsType = "tmpfs";
+    # set mode to 755, otherwise systemd will set it to 777, which cause problems.
+    # relatime: Update inode access times relative to modify or change time.
+    options = ["relatime" "mode=755"];
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/nvme0n1p1";
+    fsType = "vfat";
+  };
+
+  fileSystems."/nix" = {
+    device = "/dev/disk/by-uuid/2f4db246-e65d-4808-8ab4-5365f9dea1ef";
+    fsType = "btrfs";
+    options = ["subvol=@nix" "noatime" "compress-force=zstd:1"];
+  };
+
+  fileSystems."/tmp" = {
+    device = "/dev/disk/by-uuid/2f4db246-e65d-4808-8ab4-5365f9dea1ef";
+    fsType = "btrfs";
+    options = ["subvol=@tmp" "noatime" "compress-force=zstd:1"];
+  };
+
+  fileSystems."/persistent" = {
+    device = "/dev/disk/by-uuid/2f4db246-e65d-4808-8ab4-5365f9dea1ef";
+    fsType = "btrfs";
+    options = ["subvol=@persistent" "noatime" "compress-force=zstd:1"];
+    # impermanence's data is required for booting.
+    neededForBoot = true;
+  };
+
+  fileSystems."/snapshots" = {
+    device = "/dev/disk/by-uuid/2f4db246-e65d-4808-8ab4-5365f9dea1ef";
+    fsType = "btrfs";
+    options = ["subvol=@snapshots" "noatime" "compress-force=zstd:1"];
+  };
+
+  # mount swap subvolume in readonly mode.
+  fileSystems."/swap" = {
+    device = "/dev/disk/by-uuid/2f4db246-e65d-4808-8ab4-5365f9dea1ef";
+    fsType = "btrfs";
+    options = ["subvol=@swap" "ro"];
+  };
+
+  # remount swapfile in read-write mode
+  fileSystems."/swap/swapfile" = {
+    # the swapfile is located in /swap subvolume, so we need to mount /swap first.
+    depends = ["/swap"];
+
+    device = "/swap/swapfile";
+    fsType = "none";
+    options = ["bind" "rw"];
+  };
+
+  swapDevices = [
+    {device = "/swap/swapfile";}
+  ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp230s0f1u1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp229s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}