diff --git a/hosts/default.nix b/hosts/default.nix index 235eceb..6dda811 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -11,7 +11,7 @@ # └─ ./home.nix # -{ lib, inputs, nixpkgs, nixos-hardware, home-manager, home-manager-unstable, nur, user, userdmz, userserver, location, agenix, jovian-nixos, microvm, ... }: +{ lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, nur, user, userdmz, userserver, location, agenix, jovian-nixos, microvm, ... }: let system = "x86_64-linux"; # System architecture @@ -82,7 +82,7 @@ in ]; }; - steamdeck = lib.nixosSystem { # Laptop profile + steamdeck = nixpkgs-unstable.lib.nixosSystem { # steamdeck profile inherit system; specialArgs = { inherit inputs user location nixos-hardware nur agenix jovian-nixos; }; modules = [ @@ -97,7 +97,7 @@ in nixos-hardware.nixosModules.common-pc-ssd home-manager-unstable.nixosModules.home-manager { - nixpkgs.overlays = [ + nixpkgs-unstable.overlays = [ nur.overlay ]; home-manager.useGlobalPkgs = true; diff --git a/hosts/steamdeck/hardware-configuration.nix b/hosts/steamdeck/hardware-configuration.nix index 10f9f77..624df49 100644 --- a/hosts/steamdeck/hardware-configuration.nix +++ b/hosts/steamdeck/hardware-configuration.nix @@ -103,7 +103,7 @@ fileSystems."/sdcard" = { device = "/dev/disk/by-label/sdcard"; fsType = "ext4"; - options = [ "nofail,x-systemd.automount" ]; + options = [ "nofail,noauto,x-systemd.automount" ]; }; fileSystems."/mnt/Pluto" = diff --git a/hosts/steamdeck/hardware-configuration_luks.nix b/hosts/steamdeck/hardware-configuration_luks.nix new file mode 100644 index 0000000..d3d159c --- /dev/null +++ b/hosts/steamdeck/hardware-configuration_luks.nix @@ -0,0 +1,173 @@ +# +# Hardware settings for Teclast F5 10" Laptop +# NixOS @ sda2 +# +# flake.nix +# └─ ./hosts +# └─ ./laptop +# └─ hardware-configuration.nix * +# +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd = { + availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ]; + kernelModules = [ ]; + systemd.enable = true; + luks = { + devices."crypted" = { + device = "/dev/disk/by-partlabel/disk-nvme0n1-luks"; + allowDiscards = true; + }; + }; + }; + + kernelModules = [ "kvm-amd" ]; + kernelParams = [ "luks.options=fido2-device=auto" ]; + tmp.useTmpfs = false; + tmp.cleanOnBoot = true; + }; + + zramSwap.enable = true; + + services.btrfs.autoScrub = { + enable = true; + interval = "monthly"; + fileSystems = [ + "/" + ]; + }; + + services.btrbk = { + instances = { + hf = { + onCalendar = "hourly"; + settings = { + incremental = "yes"; + snapshot_create = "ondemand"; + snapshot_dir = "@snapshots"; + timestamp_format = "long"; + + snapshot_preserve = "2m 2w 5d 5h"; + snapshot_preserve_min = "latest"; + + volume = { + "/mnt/snapshots/root" = { + snapshot_create = "always"; + subvolume = { + "@home" = {}; + }; + }; + }; + }; + }; + }; + }; + + fileSystems."/" = + { device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ]; + }; + + fileSystems."/home" = + { device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ]; + }; + + fileSystems."/srv" = + { device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ]; + }; + + fileSystems."/opt" = + { device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async" ]; + }; + + fileSystems."/nix" = + { device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ]; + }; + + fileSystems."/mnt/snapshots/root" = + { device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-label/NIXBOOT"; + fsType = "vfat"; + }; + + fileSystems."/sdcard" = + { device = "/dev/disk/by-label/sdcard"; + fsType = "ext4"; + options = [ "nofail,noauto,users,x-systemd.automount" ]; + }; + + fileSystems."/mnt/Pluto" = + { device = "jupiter:/Pluto"; + fsType = "nfs"; + options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ]; + }; + + fileSystems."/mnt/Mars" = + { device = "jupiter:/Mars"; + fsType = "nfs"; + options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ]; + }; + + + swapDevices = [ { device = "/swap/swapfile"; } ]; + + + networking = { + useDHCP = false; # Deprecated + hostName = "nix-steamdeck"; + wireless.iwd.enable = true; + networkmanager = { + enable = true; + wifi = { + backend = "iwd"; + powersave = true; + }; + }; +# interfaces = { +# wlan0 = { +# useDHCP = true; # For versatility sake, manually edit IP on nm-applet. +# #ipv4.addresses = [ { +# # address = "192.168.0.51"; +# # prefixLength = 24; +# #} ]; +# }; +# }; + #defaultGateway = "192.168.0.1"; + #nameservers = [ "192.168.0.4" ]; + firewall = { + checkReversePath = "loose"; + # enable = false; + # #allowedUDPPorts = [ 53 67 ]; + # #allowedTCPPorts = [ 53 80 443 9443 ]; + }; + }; + + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + #powerManagement.powertop.enable = true; + powerManagement = { + scsiLinkPolicy = "med_power_with_dipm"; + }; +}