diff options
| -rw-r--r-- | machines/aszlig/dnyarri.nix | 90 | ||||
| -rw-r--r-- | machines/aszlig/mmrnmhrm.nix | 79 | ||||
| -rw-r--r-- | machines/default.nix | 1 |
3 files changed, 57 insertions, 113 deletions
diff --git a/machines/aszlig/dnyarri.nix b/machines/aszlig/dnyarri.nix index fcd62513..6223255a 100644 --- a/machines/aszlig/dnyarri.nix +++ b/machines/aszlig/dnyarri.nix @@ -1,28 +1,55 @@ { pkgs, lib, ... }: -{ +let + vaultPath = "/dev/mapper/${vaultDevice.name}"; + + mkDevice = category: num: uuid: { + name = "dnyarri-${category}-crypt-${toString num}"; + device = "/dev/disk/by-uuid/${uuid}"; + keyFile = vaultPath; + keyFileSize = 1048576; + }; + + vaultDevice = { + name = "dnyarri-crypt-vault"; + device = "/dev/disk/by-uuid/61e971d2-be93-4e60-8266-b2c6a71e2dc8"; + }; + + cryptDevices = { + root = lib.imap (mkDevice "root") [ + "b13d257e-b5fd-4f86-82b1-8bfe06335a75" + "a607c827-2fd7-49d9-a7d8-05279c8653a4" + "de32cb42-2e09-4e6a-84b4-244078d289c8" + "12dac5b2-7647-45de-b752-5efee23855d0" + ]; + swap = lib.imap (mkDevice "swap") [ + "e0a8281d-2c68-48ca-8e00-f0defaf51f38" + "d26e61d6-c238-4c01-8c57-b1ba0bdb8c93" + ]; + }; + +in { vuizvui.user.aszlig.profiles.workstation.enable = true; nix.maxJobs = 8; boot = { + loader.systemd-boot.enable = true; + loader.grub.enable = lib.mkForce false; + loader.efi.canTouchEfiVariables = true; + initrd = { - mdadmConf = '' - ARRAY /dev/md0 metadata=1.2 UUID=f5e9de04:89efc509:4e184fcc:166b0b67 - ARRAY /dev/md1 metadata=0.90 UUID=b85aa8be:cea0faf2:7abcbee8:eeae037b - ''; - luks.devices = [ - { name = "system_crypt"; - device = "/dev/md1"; - preLVM = true; - } + availableKernelModules = [ + "aes_x86_64" "af_alg" "algif_skcipher" "cbc" "cryptd" "crypto_simd" + "dm_crypt" "ecb" "gf128mul" "glue_helper" "xts" ]; - }; - loader.grub.devices = [ - "/dev/disk/by-id/ata-ST31500541AS_5XW0AMNH" - "/dev/disk/by-id/ata-ST31500541AS_6XW0M217" - ]; + luks.devices = lib.singleton vaultDevice + ++ lib.concatLists (lib.attrValues cryptDevices); + postDeviceCommands = lib.mkAfter '' + cryptsetup luksClose ${lib.escapeShellArg vaultPath} + ''; + }; }; environment.systemPackages = [ pkgs.paperwork ]; @@ -52,12 +79,13 @@ fileSystems = { "/boot" = { - label = "boot"; - fsType = "ext2"; + device = "/dev/disk/by-uuid/9A75-9A6E"; + fsType = "vfat"; }; "/" = { - device = "/dev/shofixti/root"; - fsType = "xfs"; + label = "dnyarri-root"; + fsType = "btrfs"; + options = [ "autodefrag" "space_cache" "compress=lzo" "noatime" ]; }; }; @@ -66,9 +94,9 @@ ${pkgs.hdparm}/sbin/hdparm -B 255 /dev/disk/by-id/ata-ST31500541AS_6XW0M217 ''; - swapDevices = lib.singleton { - device = "/dev/shofixti/swap"; - }; + swapDevices = map ({ name, ... }: { + device = "/dev/mapper/${name}"; + }) cryptDevices.swap; users.users.aszlig.extraGroups = [ "scanner" @@ -78,19 +106,15 @@ "audio" ]; - services.synergy.client.enable = true; - services.synergy.client.serverAddress = "mmrnmhrm"; - - services.kmscon.enable = true; - - systemd.services."synergy-client".serviceConfig.CPUSchedulingPolicy = "rr"; - systemd.services."synergy-client".serviceConfig.CPUSchedulingPriority = 50; - services.xserver.videoDrivers = [ "ati" ]; - services.xserver.xrandrHeads = [ "HDMI-0" "DVI-0" ]; + services.xserver.xrandrHeads = [ "DVI-0" "HDMI-0" ]; + + vuizvui.user.aszlig.services.i3.workspaces."1" = { + label = "XMPP"; + assign = lib.singleton { class = "^(?:Tkabber|Gajim)\$"; }; + }; - vuizvui.user.aszlig.services.i3.reverseHeads = true; - vuizvui.user.aszlig.services.i3.workspaces."6" = { + vuizvui.user.aszlig.services.i3.workspaces."3" = { label = "Chromium"; assign = lib.singleton { class = "^Chromium(?:-browser)?\$"; }; }; diff --git a/machines/aszlig/mmrnmhrm.nix b/machines/aszlig/mmrnmhrm.nix deleted file mode 100644 index 4fa3fa24..00000000 --- a/machines/aszlig/mmrnmhrm.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ pkgs, lib, ... }: - -{ - # whitelist insecure webkitgtk - nixpkgs.config.permittedInsecurePackages = [ - "webkitgtk-2.4.11" - ]; - - vuizvui.user.aszlig.profiles.workstation.enable = true; - - nix.maxJobs = 2; - - boot = { - loader.grub.devices = map (i: "/dev/disk/by-id/${i}") [ - "ata-WDC_WD10EZEX-00BN5A0_WD-WCC3F5756955" - "ata-WDC_WD10EZEX-00BN5A0_WD-WCC3F5790537" - ]; - }; - - vuizvui.user.aszlig.system.kernel.enable = true; - hardware.enableAllFirmware = true; - - networking.hostName = "mmrnmhrm"; - - fileSystems = { - "/" = { - label = "root"; - fsType = "btrfs"; - options = [ "autodefrag" "space_cache" "compress=lzo" "noatime" ]; - }; - }; - - swapDevices = [ - { label = "swap1"; } - { label = "swap2"; } - ]; - - services.synergy.server.enable = true; - services.synergy.server.configFile = pkgs.writeText "synergy.conf" '' - section: screens - dnyarri: - mmrnmhrm: - tishtushi: - end - - section: links - mmrnmhrm: - left = dnyarri - right = dnyarri - dnyarri: - right = mmrnmhrm - left = mmrnmhrm - end - - section: options - keystroke(Super+F1) = switchToScreen(dnyarri) - keystroke(Super+F2) = switchToScreen(mmrnmhrm) - keystroke(Super+F3) = switchToScreen(tishtushi) - end - ''; - - services.kmscon.enable = true; - - systemd.services."synergy-server".serviceConfig.CPUSchedulingPolicy = "rr"; - systemd.services."synergy-server".serviceConfig.CPUSchedulingPriority = 50; - - services.xserver.videoDrivers = [ "nouveau" ]; - services.xserver.xrandrHeads = [ "DVI-I-1" "VGA-1" ]; - - vuizvui.user.aszlig.services.i3.workspaces."1" = { - label = "XMPP"; - assign = lib.singleton { class = "^(?:Tkabber|Gajim)\$"; }; - }; - - vuizvui.user.aszlig.services.i3.workspaces."3" = { - label = "Chromium"; - assign = lib.singleton { class = "^Chromium(?:-browser)?\$"; }; - }; -} diff --git a/machines/default.nix b/machines/default.nix index 3525a3e1..a976bbc4 100644 --- a/machines/default.nix +++ b/machines/default.nix @@ -3,7 +3,6 @@ with import ../lib; { aszlig = { dnyarri = callMachine ./aszlig/dnyarri.nix {}; - mmrnmhrm = callMachine ./aszlig/mmrnmhrm.nix {}; arilou = callMachine ./aszlig/arilou.nix {}; kzerza = callMachine ./aszlig/kzerza.nix {}; meshuggah = callMachine ./aszlig/meshuggah.nix {}; |