gerg-l/nixos
1
0
Fork 0
mirror of https://github.com/Gerg-L/nixos.git synced 2025-12-09 16:33:57 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

move kernel config to it's own file

Browse source 
rollback zpools on shutdown instead of startup
This commit is contained in:
Gerg-L 2025-01-29 21:34:53 -05:00
parent e932262310
commit bfdc54cd54
Signed by: gerg-l
SSH key fingerprint: SHA256:FPYDHIkvMocr4wdmZXpgpJjsb2Tw6rASs2ISPbOb0KI
4 changed files with 100 additions and 91 deletions
Download patch file Download diff file Expand all files Collapse all files

65
nixosConfigurations/gerg-desktop/boot.nix
View file

@ -9,7 +9,6 @@ let
title Windows
efi /shellx64.efi
options -nointerrupt -noconsolein -noconsoleout HD2d65535a1:EFI\Microsoft\Boot\Bootmgfw.efi
'';
in
{
@ -28,39 +27,6 @@ in
];
boot = {
initrd = {
kernelModules = [ "igc" ];
network = {
enable = true;
ssh = {
enable = true;
port = 22;
hostKeys = [ "/persist/initrd-keys/ssh_host_ed5519_key" ];
authorizedKeys = [ config.local.keys.gerg_gerg-phone ];
};
};
systemd = {
# For linuxManualConfig to work:
strip = lib.mkForce false;
network = {
enable = true;
networks.enp11s0 = {
name = "enp11s0";
address = [ "192.168.1.4/24" ];
gateway = [ "192.168.1.1" ];
dns = [ "192.168.1.1" ];
DHCP = "no";
linkConfig = {
MACAddress = "D8:5E:D3:E5:47:90";
RequiredForOnline = "routable";
};
};
wait-online.enable = false;
};
users.root.shell = "/bin/systemd-tty-ask-password-agent";
};
};
lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
@ -97,36 +63,5 @@ in
timeout = lib.mkForce 5;
efi.efiSysMountPoint = "/efi22";
};
kernelPackages = pkgs.linuxPackagesFor (
let
version = "6.12.11";
src = pkgs.fetchurl {
url = "mirror://kernel/linux/kernel/v${builtins.head (lib.splitVersion version)}.x/linux-${version}.tar.xz";
hash = "sha256-R1Fy/b2HoVPxI6V5Umcudzvbba9bWKQX0aXkGfz+7Ek=";
};
in
(pkgs.linuxManualConfig {
inherit src;
inherit (config.boot) kernelPatches;
version = "${version}-gerg";
config = {
CONFIG_RUST = "y";
CONFIG_MODULES = "y";
};
configfile = ./kernelConfig;
}).overrideAttrs
(old: {
passthru = old.passthru or { } // {
features = lib.foldr (x: y: x.features or { } // y) {
efiBootStub = true;
netfilterRPFilter = true;
ia32Emulation = true;
} config.boot.kernelPatches;
};
meta = old.meta or { } // {
broken = false;
};
})
);
};
}

44
nixosConfigurations/gerg-desktop/kernel.nix Normal file
View file

@ -0,0 +1,44 @@
{
lib,
pkgs,
config,
}:
{
boot = {
# For linuxManualConfig to work: https://github.com/NixOS/nixpkgs/issues/368249
initrd.systemd.strip = false;
kernelPackages = pkgs.linuxPackagesFor (
let
version = "6.12.11";
src = pkgs.fetchurl {
url = "mirror://kernel/linux/kernel/v${builtins.head (lib.splitVersion version)}.x/linux-${version}.tar.xz";
hash = "sha256-R1Fy/b2HoVPxI6V5Umcudzvbba9bWKQX0aXkGfz+7Ek=";
};
in
(pkgs.linuxManualConfig {
inherit src;
inherit (config.boot) kernelPatches;
version = "${version}-gerg";
config = {
CONFIG_RUST = "y";
CONFIG_MODULES = "y";
};
configfile = ./kernelConfig;
}).overrideAttrs
(old: {
passthru = old.passthru or { } // {
features = lib.foldr (x: y: x.features or { } // y) {
efiBootStub = true;
netfilterRPFilter = true;
ia32Emulation = true;
} config.boot.kernelPatches;
};
meta = old.meta or { } // {
broken = false;
};
})
);
};
}

26
nixosConfigurations/gerg-desktop/main.nix
View file

@ -58,7 +58,21 @@
nixpkgs-review = pkgs.nixpkgs-review.override { nix = config.nix.package; };
};
};
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
boot = {
binfmt.emulatedSystems = [ "aarch64-linux" ];
supportedFilesystems.ntfs = true;
initrd = {
availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
];
includeDefaultModules = false;
};
};
hardware.nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.beta;
@ -213,16 +227,6 @@
root.hashedPassword = "!";
};
};
boot.initrd = {
availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
];
includeDefaultModules = false;
};
system.stateVersion = "24.11";
networking.hostName = "gerg-desktop";

56
nixosConfigurations/gerg-desktop/zfs.nix
View file

@ -1,6 +1,7 @@
{
config,
lib,
pkgs,
}:
{
#link some stuff
@ -18,9 +19,8 @@
#make sure the sopskey is found
sops.age.sshKeyPaths = lib.mkForce [ "/persist/ssh/ssh_host_ed25519_key" ];
fileSystems."/persist".neededForBoot = true;
boot = {
supportedFilesystems.ntfs = true;
boot = {
zfs = {
devNodes = "/dev/disk/by-id/";
forceImportAll = true;
@ -35,23 +35,49 @@
"dm_mod"
#keyboard module for zfs password
"hid_generic"
#stage one internet
"igc"
];
systemd.services.rollback = {
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
network = {
enable = true;
ssh = {
enable = true;
port = 22;
hostKeys = [ "/persist/initrd-keys/ssh_host_ed5519_key" ];
authorizedKeys = [ config.local.keys.gerg_gerg-phone ];
};
unitConfig.DefaultDependencies = "no";
wantedBy = [ "initrd.target" ];
after = [ "zfs-import.target" ];
before = [ "sysroot.mount" ];
path = [ config.boot.zfs.package ];
script = ''
zfs rollback -r rpool/root@empty
zfs rollback -r rpool/var@empty
'';
};
systemd = {
network = {
enable = true;
networks.enp11s0 = {
name = "enp11s0";
address = [ "192.168.1.4/24" ];
gateway = [ "192.168.1.1" ];
dns = [ "192.168.1.1" ];
DHCP = "no";
linkConfig = {
MACAddress = "D8:5E:D3:E5:47:90";
RequiredForOnline = "routable";
};
};
wait-online.enable = false;
};
users.root.shell = "/bin/systemd-tty-ask-password-agent";
};
};
};
systemd.shutdownRamfs = {
enable = true;
contents."/etc/systemd/system-shutdown/zfs-rollback".source =
pkgs.writeShellScript "zfs-rollback" ''
zfs='${lib.getExe config.boot.zfs.package}'
zfs rollback -r rpool/root@empty
zfs rollback -r rpool/var@empty
'';
storePaths = [ (lib.getExe config.boot.zfs.package) ];
};
}