diff --git a/hosts/desktop/default.nix b/hosts/desktop/default.nix new file mode 100644 index 0000000..48e513d --- /dev/null +++ b/hosts/desktop/default.nix @@ -0,0 +1,25 @@ +{lib, config, modulesPath, ...}: { + imports = [ + ./disks.nix + ../../options.nix + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + has_battery = true; + desktop_scale = 1.3; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/desktop/disks.nix b/hosts/desktop/disks.nix new file mode 100644 index 0000000..3ee43eb --- /dev/null +++ b/hosts/desktop/disks.nix @@ -0,0 +1,82 @@ +{ + disko.devices = { + disk = { + root = { + type = "disk"; + device = "/dev/disk/by-id/ata-Verbatim_Vi550_S3_493535014831840"; + content = { + type = "gpt"; + partitions = { + ESP = { + label = "boot"; + name = "ESP"; + type = "EF00"; + size = "512M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + + luks = { + size = "100%"; + label = "luks"; + content = { + type = "luks"; + name = "cryptroot"; + extraOpenArgs = [ + "--allow-discards" + "--perf-no_read_workqueue" + "--perf-no_write_workqueue" + ]; + # https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html + settings = {crypttabExtraOpts = ["tpm2-device=auto" "token-timeout=10"];}; + content = { + type = "btrfs"; + extraArgs = ["-L" "nixos" "-f"]; + subvolumes = { + "@root" = { + mountpoint = "/"; + mountOptions = ["subvol=@root" "compress=zstd" "noatime"]; + }; + "@home" = { + mountpoint = "/home"; + mountOptions = ["subvol=@home" "compress=zstd" "noatime"]; + }; + "@games" = { + mountpoint = "/var/games"; + mountOptions = ["subvol=@games" "compress=zstd" "noatime"]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = ["subvol=@nix" "compress=zstd" "noatime"]; + }; + "@persist" = { + mountpoint = "/persist"; + mountOptions = ["subvol=@persist" "compress=zstd" "noatime"]; + }; + "@log" = { + mountpoint = "/var/log"; + mountOptions = ["subvol=@log" "compress=zstd" "noatime"]; + }; + "@snapshots" = { + }; + "@swap" = { + mountpoint = "/swap"; + swap.swapfile.size = "32G"; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; + + fileSystems."/persist".neededForBoot = true; + fileSystems."/var/log".neededForBoot = true; +}