Skip to content

Commit ff2f7db

Browse files
DataEraserCDataEraserC
committed
Merge commit 'a5295500f14bf9bbf26b48ee4db87e41a9cbe544'
2 parents c625748 + a529550 commit ff2f7db

10 files changed

Lines changed: 376 additions & 524 deletions

File tree

flake.lock

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

home/base/tui/editors/helix/default.nix

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
{
2+
lib,
23
config,
34
pkgs,
45
helix,
@@ -17,7 +18,7 @@ in
1718
];
1819

1920
programs.helix = {
20-
enable = true;
21+
enable = lib.mkForce false;
2122
# enable steel as the plugin system
2223
# https://github.com/helix-editor/helix/pull/8675
2324
# https://github.com/mattwparas/helix/blob/steel-event-system/STEEL.md

home/base/tui/editors/neovim/default.nix

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -70,14 +70,11 @@ in
7070
# We should install packages that will compile locally or download FHS binaries via Nix!
7171
# and use lazy.nvim's `dir` option to specify the package directory in nix store.
7272
# so that these plugins can work on NixOS.
73-
#
74-
# related project:
75-
# https://github.com/b-src/lazy-nix-helper.nvim
7673
plugins = with pkgs.vimPlugins; [
7774
# search all the plugins using https://search.nixos.org/packages
7875
telescope-fzf-native-nvim
7976

80-
nvim-treesitter.withAllGrammars
77+
# nvim-treesitter.withAllGrammars
8178
];
8279
};
8380
}

hosts/idols-ai/README.md

Lines changed: 101 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,20 @@
11
# Host - AI
22

3+
Desktop (NixOS + preservation, LUKS + btrfs on nvme). Disk layout is declarative via
4+
[disko](./disko-fs.nix) (target device: **nvme1n1**).
5+
36
Related:
47

5-
- [/nixos-installer/README.md](/nixos-installer/README.md)
8+
- [nixos-installer README](/nixos-installer/README.md) – install from ISO using disko
9+
- [disko-fs.nix](./disko-fs.nix) – partition/layout definition (ESP + LUKS + btrfs)
610

711
## TODOs
812

913
1. Install DCGM-Exporter on `ai` to monitor the GPU status.
1014

1115
## Info
1216

13-
disk status & mountpoints:
17+
Current disk status and mountpoints (example; after migration layout is on nvme1n1):
1418

1519
```bash
1620
› df -Th
@@ -36,50 +40,129 @@ tmpfs tmpfs 100K 0 100K 0% /var/lib/lxd/devlxd
3640
~
3741
› lsblk
3842
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
39-
zram0 253:0 0 15.6G 0 disk [SWAP]
4043
nvme0n1 259:0 0 1.8T 0 disk
41-
├─nvme0n1p1 259:2 0 598M 0 part /boot
42-
└─nvme0n1p2 259:3 0 1.8T 0 part
43-
└─crypted-nixos 254:0 0 1.8T 0 crypt /tmp
44-
/swap/swapfile
44+
├─nvme0n1p1 259:1 0 598M 0 part /boot
45+
└─nvme0n1p2 259:2 0 1.8T 0 part
46+
└─crypted-nixos 254:0 0 1.8T 0 crypt /swap/swapfile
47+
/gnu/store
4548
/swap
49+
/tmp
4650
/snapshots
47-
/home/ryan/tmp
51+
/gnu
52+
/btr_pool
53+
/var/log
54+
/var/lib/qemu
55+
/var/lib/tailscale
56+
/var/lib/systemd
57+
/var/lib/private
58+
/var/lib/nixos
59+
/var/lib/lxd
60+
/var/lib/netbird-homelab
61+
/var/lib/lxc
62+
/var/lib/libvirt
63+
/var/lib/iwd
64+
/var/lib/flatpak
65+
/var/lib/containers
66+
/var/lib/cni
67+
/var/lib/NetworkManager
68+
/var/lib/bluetooth
69+
/home/ryan/work
4870
/home/ryan/nix-config
71+
/home/ryan/tmp
4972
/home/ryan/go
5073
/home/ryan/codes
5174
/home/ryan/Videos
5275
/home/ryan/Pictures
5376
/home/ryan/Music
77+
/home/ryan/Games
5478
/home/ryan/Downloads
79+
/home/ryan/.zoom
5580
/home/ryan/Documents
5681
/home/ryan/.wakatime
82+
/home/ryan/.vscode
83+
/home/ryan/.var
84+
/home/ryan/.terraform.d/plugin-cache
85+
/home/ryan/.steam
5786
/home/ryan/.ssh
87+
/home/ryan/.pulumi
5888
/home/ryan/.pki
5989
/home/ryan/.npm
6090
/home/ryan/.mozilla
61-
/home/ryan/.local/state
62-
/home/ryan/.local/share
91+
/home/ryan/.m2
92+
/home/ryan/.local/state/wireplumber
93+
/home/ryan/.local/state/nvim
94+
/home/ryan/.local/state/home-manager
95+
/home/ryan/.local/share/uv
96+
/home/ryan/.local/state/Heroic
97+
/home/ryan/.local/state/nix/profiles
98+
/home/ryan/.local/share/zoxide
99+
/home/ryan/.local/share/umu
100+
/home/ryan/.local/share/tiled
101+
/home/ryan/.local/share/steel
102+
/home/ryan/.local/share/remmina
103+
/home/ryan/.local/share/password-store
104+
/home/ryan/.local/share/opencode
105+
/home/ryan/.local/share/nvim
106+
/home/ryan/.local/share/nix
107+
/home/ryan/.local/share/krita
108+
/home/ryan/.local/share/lutris
109+
/home/ryan/.local/share/keyrings
110+
/home/ryan/.local/share/k9s
111+
/home/ryan/.local/share/jupyter
112+
/home/ryan/.local/share/flatpak
113+
/home/ryan/.local/share/io.github.clash-verge-rev.clash-verge-rev
114+
/home/ryan/.local/share/feral-interactive
115+
/home/ryan/.local/share/direnv
116+
/home/ryan/.local/share/clash-verge
117+
/home/ryan/.local/share/containers
118+
/home/ryan/.local/share/atuin
119+
/home/ryan/.local/share/Steam
120+
/home/ryan/.local/share/StardewValley
121+
/home/ryan/.local/share/GOG.com
122+
/home/ryan/.local/bin
123+
/home/ryan/.local/pipx
63124
/home/ryan/.kube
125+
/home/ryan/.gradle
64126
/home/ryan/.gnupg
127+
/home/ryan/.kimi
128+
/home/ryan/.ipython
129+
/home/ryan/.gemini
65130
/home/ryan/.docker
131+
/home/ryan/.config/sunshine
132+
/home/ryan/.cursor
133+
/home/ryan/.context7
66134
/home/ryan/.config/remmina
67135
/home/ryan/.config/pulse
136+
/home/ryan/.config/opencode
137+
/home/ryan/.config/obs-studio
138+
/home/ryan/.config/mozc
139+
/home/ryan/.config/nushell
140+
/home/ryan/.config/lutris
141+
/home/ryan/.config/joplin
142+
/home/ryan/.config/heroic
68143
/home/ryan/.config/google-chrome
69-
/home/ryan/.config/github-copilot
144+
/home/ryan/.config/gcloud
70145
/home/ryan/.config/freerdp
146+
/home/ryan/.config/blender
147+
/home/ryan/.config/chromium
148+
/home/ryan/.config/LDtk
149+
/home/ryan/.config/Joplin
150+
/home/ryan/.config/Cursor
151+
/home/ryan/.config/Code
152+
/home/ryan/.conda
153+
/home/ryan/.cargo
154+
/home/ryan/.codex
155+
/home/ryan/.cache
71156
/home/ryan/.aws
157+
/home/ryan/.aliyun
72158
/etc/ssh
73159
/etc/secureboot
74160
/etc/nix/inputs
75-
/etc/agenix
76161
/etc/NetworkManager/system-connections
77-
/etc/machine-id
78-
/home/ryan/.config/nushell/history.txt
79-
/home/ryan/.wakatime.cfg
162+
/etc/agenix
163+
/etc/netbird-homelab
80164
/nix/store
81-
/var/log
82-
/var/lib
83-
/nix
165+
/etc/machine-id
84166
/persistent
167+
/nix
85168
```

hosts/idols-ai/default.nix

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22
config,
33
pkgs,
44
lib,
5+
disko,
56
myvars,
67
nur-DataEraserC,
78
nixGL,
@@ -23,6 +24,8 @@ let
2324
in
2425
rec {
2526
imports = [
27+
disko.nixosModules.default
28+
./disko-fs.nix
2629
./netdev-mount.nix
2730
# Include the results of the hardware scan.
2831
./hardware-configuration.nix
@@ -32,7 +35,7 @@ rec {
3235
./preservation.nix
3336
./impermanence_addon.nix
3437
./secureboot.nix
35-
./tpm_luks.nix
38+
# ./tpm_luks.nix
3639
./dae.nix
3740
];
3841

hosts/idols-ai/disko-fs.nix

Lines changed: 139 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,139 @@
1+
# Disko layout for idols-ai on nvme1n1 (target disk after migration).
2+
# Same structure as current nvme0n1: ESP + LUKS + btrfs with ephemeral root (tmpfs).
3+
#
4+
# Format & mount (from installer or live system):
5+
# nix run github:nix-community/disko -- --mode disko ./disko-fs.nix
6+
# Mount only (after first format):
7+
# nix run github:nix-community/disko -- --mode mount ./disko-fs.nix
8+
#
9+
# Use by-id for stability; override device when installing, e.g.:
10+
# nixos-install --flake .#ai --option disko.devices.disk.nixos-ai.device /dev/nvme1n1
11+
{
12+
# Ephemeral root; preservation mounts /persistent for state.
13+
fileSystems."/persistent".neededForBoot = true;
14+
15+
disko.devices = {
16+
# Ephemeral root; relatime and mode=755 so systemd does not set 777.
17+
nodev."/" = {
18+
fsType = "tmpfs";
19+
mountOptions = [
20+
"relatime" # Update inode access times relative to modify/change time
21+
"mode=755"
22+
];
23+
};
24+
25+
disk.nixos-ai = {
26+
type = "disk";
27+
# Override at install time if needed: --option disko.devices.disk.nixos-ai.device /dev/nvme1n1
28+
device = "/dev/nvme0n1";
29+
content = {
30+
type = "gpt";
31+
partitions = {
32+
# EFI system partition; must stay unencrypted for UEFI to load the bootloader.
33+
ESP = {
34+
priority = 1;
35+
name = "ESP";
36+
start = "1M";
37+
end = "600M";
38+
type = "EF00"; # EF00 = ESP in GPT
39+
content = {
40+
type = "filesystem";
41+
format = "vfat";
42+
mountpoint = "/boot";
43+
mountOptions = [
44+
"fmask=0177" # File mask: 777-177=600 (owner rw-, group/others ---)
45+
"dmask=0077" # Directory mask: 777-077=700 (owner rwx, group/others ---)
46+
"noexec,nosuid,nodev" # Security: no execution, ignore setuid, no device nodes
47+
];
48+
};
49+
};
50+
# Root partition: LUKS encrypted, then btrfs with subvolumes.
51+
root = {
52+
size = "100%";
53+
content = {
54+
type = "luks";
55+
name = "nixos-luks"; # Mapper name; match boot.initrd.luks
56+
settings = {
57+
allowDiscards = true; # TRIM for SSDs; slightly less secure, better performance
58+
};
59+
# Add boot.initrd.luks.devices so initrd prompts for passphrase at boot
60+
initrdUnlock = true;
61+
# cryptsetup luksFormat options
62+
extraFormatArgs = [
63+
"--type luks2"
64+
"--cipher aes-xts-plain64"
65+
"--hash sha512"
66+
"--iter-time 5000"
67+
"--key-size 256"
68+
"--pbkdf argon2id"
69+
"--use-random" # Block until enough entropy from /dev/random
70+
];
71+
extraOpenArgs = [
72+
"--timeout 10"
73+
];
74+
content = {
75+
type = "btrfs";
76+
extraArgs = [ "-f" ]; # Force overwrite if filesystem already exists
77+
subvolumes = {
78+
# Top-level subvolume (id 5); used for btrfs send/receive and snapshots
79+
"/" = {
80+
mountpoint = "/btr_pool";
81+
mountOptions = [ "subvolid=5" ];
82+
};
83+
"@nix" = {
84+
mountpoint = "/nix";
85+
mountOptions = [
86+
"compress-force=zstd:1" # Save space and reduce I/O on SSD
87+
"noatime"
88+
];
89+
};
90+
"@guix" = {
91+
mountpoint = "/gnu";
92+
mountOptions = [
93+
"compress-force=zstd:1"
94+
"noatime"
95+
];
96+
};
97+
"@persistent" = {
98+
mountpoint = "/persistent";
99+
mountOptions = [
100+
"compress-force=zstd:1"
101+
];
102+
};
103+
"@snapshots" = {
104+
mountpoint = "/snapshots";
105+
mountOptions = [
106+
"compress-force=zstd:1"
107+
];
108+
};
109+
"@tmp" = {
110+
mountpoint = "/tmp";
111+
mountOptions = [
112+
"compress-force=zstd:1"
113+
];
114+
};
115+
# Swap subvolume read-only; disko creates swapfile and adds swapDevices
116+
"@swap" = {
117+
mountpoint = "/swap";
118+
swap.swapfile.size = "20G";
119+
};
120+
# "root" = {
121+
# mountpoint = "/"; # Mounted by initrd; not used directly by systemd
122+
# mountOptions = [ "subvol=root" ]; # Subvolume for root filesystem; used by initrd
123+
# };
124+
};
125+
};
126+
};
127+
};
128+
};
129+
};
130+
};
131+
};
132+
modules.desktop.rootfs.fsType = "btrfs";
133+
# modules.desktop.rootfs.btrfsBlockDevice = "/dev/disk/by-uuid/17df699e-6502-4205-955f-c456eb378d48";
134+
modules.desktop.rootfs.btrfsBlockDevice = "/dev/mapper/nixos-luks";
135+
modules.desktop.rootfs.retentionPeriod = 7;
136+
modules.desktop.rootfs.PreBackupCommand = ''
137+
[ -d /btrfs_tmp/root/etc/agenix ] && rm -rf /btrfs_tmp/root/etc/agenix || true
138+
'';
139+
}

0 commit comments

Comments
 (0)