Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

hosts: steamdeck: fix luks hardware-config

Browse Source
This commit is contained in:
Kabbone 2023-12-21 11:32:23 +01:00
parent 2aa2c10ff2
commit 1466895a1e
Signed by: Kabbone
SSH Key Fingerprint: SHA256:ezolxoMIF3LNo1yc1aGNCvFNUiSZNjUbNhrZohFeKd0
4 changed files with 101 additions and 252 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/default.nix
View File

@ -97,7 +97,7 @@ in
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
home-manager-unstable.nixosModules.home-manager { home-manager-unstable.nixosModules.home-manager {
nixpkgs-unstable.overlays = [ nixpkgs.overlays = [
nur.overlay nur.overlay
]; ];
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;

4
hosts/steamdeck/default.nix
View File

@ -67,14 +67,14 @@
}; };
services = { services = {
blueman.enable = true; # blueman.enable = true;
printing = { # Printing and drivers for TS5300 printing = { # Printing and drivers for TS5300
enable = true; enable = true;
drivers = [ pkgs.gutenprint ]; drivers = [ pkgs.gutenprint ];
}; };
avahi = { # Needed to find wireless printer avahi = { # Needed to find wireless printer
enable = true; enable = true;
nssmdns = true; nssmdns4 = true;
publish = { # Needed for detecting the scanner publish = { # Needed for detecting the scanner
enable = true; enable = true;
addresses = true; addresses = true;

174
hosts/steamdeck/hardware-configuration.nix
View File

@ -17,82 +17,65 @@
[ (modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ]; boot = {
boot.initrd.kernelModules = [ ]; initrd = {
boot.kernelModules = [ "kvm-amd" ]; availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
boot.extraModulePackages = [ ]; kernelModules = [ ];
boot.tmp.useTmpfs = false; systemd.enable = true;
boot.tmp.cleanOnBoot = true; luks = {
devices."crypted" = {
device = "/dev/disk/by-partlabel/disk-nvme0n1-luks";
allowDiscards = true;
};
};
};
kernelModules = [ "kvm-amd" ];
kernelParams = [ "luks.options=fido2-device=auto" ];
tmp.useTmpfs = false;
tmp.cleanOnBoot = true;
};
zramSwap.enable = true; zramSwap.enable = true;
# services.btrfs.autoScrub = { services.btrfs.autoScrub = {
# enable = true; enable = true;
# interval = "monthly"; interval = "monthly";
# fileSystems = [ fileSystems = [
# "/" "/"
# ]; ];
# }; };
#
# services.btrbk = {
# instances = {
# hf = {
# onCalendar = "hourly";
# settings = {
# incremental = "yes";
# snapshot_create = "ondemand";
# snapshot_dir = "@snapshots";
# timestamp_format = "long";
#
# snapshot_preserve = "2m 2w 5d 5h";
# snapshot_preserve_min = "latest";
#
# volume = {
# "/mnt/snapshots/root" = {
# snapshot_create = "always";
# subvolume = {
# "@home" = {};
# };
# };
# };
# };
# };
# };
# };
# fileSystems."/" = services.btrbk = {
# { device = "/dev/disk/by-label/NIXROOT"; instances = {
# fsType = "btrfs"; hf = {
# options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ]; onCalendar = "hourly";
# }; settings = {
# incremental = "yes";
# fileSystems."/home" = snapshot_create = "ondemand";
# { device = "/dev/disk/by-label/NIXROOT"; snapshot_dir = "@snapshots";
# fsType = "btrfs"; timestamp_format = "long";
# options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
# }; snapshot_preserve = "2m 2w 5d 5h";
# snapshot_preserve_min = "latest";
# fileSystems."/srv" =
# { device = "/dev/disk/by-label/NIXROOT"; volume = {
# fsType = "btrfs"; "/mnt/snapshots/root" = {
# options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ]; snapshot_create = "always";
# }; subvolume = {
# "@home" = {};
# fileSystems."/nix" = };
# { device = "/dev/disk/by-label/NIXROOT"; };
# fsType = "btrfs"; };
# options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ]; };
# }; };
# };
# fileSystems."/mnt/snapshots/root" = };
# { device = "/dev/disk/by-label/NIXROOT";
# fsType = "btrfs";
# options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
# };
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT"; { device = "/dev/mapper/crypted";
fsType = "ext4"; fsType = "btrfs";
options = [ "defaults,noatime" ]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
}; };
fileSystems."/boot" = fileSystems."/boot" =
@ -100,10 +83,46 @@
fsType = "vfat"; fsType = "vfat";
}; };
fileSystems."/home" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/opt" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/sdcard" = fileSystems."/sdcard" =
{ device = "/dev/disk/by-label/sdcard"; { device = "/dev/disk/by-label/sdcard";
fsType = "ext4"; fsType = "ext4";
options = [ "nofail,noauto,x-systemd.automount" ]; options = [ "nofail,noauto,users,x-systemd.automount" ];
}; };
fileSystems."/mnt/Pluto" = fileSystems."/mnt/Pluto" =
@ -118,14 +137,13 @@
options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ]; options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
}; };
swapDevices = [
{ device = "/dev/disk/by-label/NIXSWAP"; } swapDevices = [ { device = "/swap/swapfile"; } ];
];
networking = { networking = {
useDHCP = false; # Deprecated useDHCP = false; # Deprecated
hostName = "nix-steamdeck"; hostName = "steamdeck";
wireless.iwd.enable = true; wireless.iwd.enable = true;
networkmanager = { networkmanager = {
enable = true; enable = true;
@ -154,4 +172,8 @@
}; };
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
#powerManagement.powertop.enable = true;
powerManagement = {
scsiLinkPolicy = "med_power_with_dipm";
};
} }

173
hosts/steamdeck/hardware-configuration_luks.nix
View File

@ -1,173 +0,0 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd = {
availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
kernelModules = [ ];
systemd.enable = true;
luks = {
devices."crypted" = {
device = "/dev/disk/by-partlabel/disk-nvme0n1-luks";
allowDiscards = true;
};
};
};
kernelModules = [ "kvm-amd" ];
kernelParams = [ "luks.options=fido2-device=auto" ];
tmp.useTmpfs = false;
tmp.cleanOnBoot = true;
};
zramSwap.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
services.btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
};
};
};
};
fileSystems."/" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/home" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/opt" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
fileSystems."/sdcard" =
{ device = "/dev/disk/by-label/sdcard";
fsType = "ext4";
options = [ "nofail,noauto,users,x-systemd.automount" ];
};
fileSystems."/mnt/Pluto" =
{ device = "jupiter:/Pluto";
fsType = "nfs";
options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
};
fileSystems."/mnt/Mars" =
{ device = "jupiter:/Mars";
fsType = "nfs";
options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
};
swapDevices = [ { device = "/swap/swapfile"; } ];
networking = {
useDHCP = false; # Deprecated
hostName = "nix-steamdeck";
wireless.iwd.enable = true;
networkmanager = {
enable = true;
wifi = {
backend = "iwd";
powersave = true;
};
};
# interfaces = {
# wlan0 = {
# useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# #ipv4.addresses = [ {
# # address = "192.168.0.51";
# # prefixLength = 24;
# #} ];
# };
# };
#defaultGateway = "192.168.0.1";
#nameservers = [ "192.168.0.4" ];
firewall = {
checkReversePath = "loose";
# enable = false;
# #allowedUDPPorts = [ 53 67 ];
# #allowedTCPPorts = [ 53 80 443 9443 ];
};
};
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
#powerManagement.powertop.enable = true;
powerManagement = {
scsiLinkPolicy = "med_power_with_dipm";
};
}