gerg-l/nixos
1
0
Fork 0
mirror of https://github.com/Gerg-L/nixos.git synced 2025-12-10 00:43:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

move kernel config to it's own file

Browse source 
rollback zpools on shutdown instead of startup
This commit is contained in:
Gerg-L 2025-01-29 21:34:53 -05:00
parent e932262310
commit bfdc54cd54
Signed by: gerg-l
SSH key fingerprint: SHA256:FPYDHIkvMocr4wdmZXpgpJjsb2Tw6rASs2ISPbOb0KI
4 changed files with 100 additions and 91 deletions
Download patch file Download diff file Expand all files Collapse all files

65
nixosConfigurations/gerg-desktop/boot.nix
View file

@ -9,7 +9,6 @@ let
title Windows title Windows
efi /shellx64.efi efi /shellx64.efi
options -nointerrupt -noconsolein -noconsoleout HD2d65535a1:EFI\Microsoft\Boot\Bootmgfw.efi options -nointerrupt -noconsolein -noconsoleout HD2d65535a1:EFI\Microsoft\Boot\Bootmgfw.efi
''; '';
in in
{ {
@ -28,39 +27,6 @@ in
]; ];
boot = { boot = {
initrd = {
kernelModules = [ "igc" ];
network = {
enable = true;
ssh = {
enable = true;
port = 22;
hostKeys = [ "/persist/initrd-keys/ssh_host_ed5519_key" ];
authorizedKeys = [ config.local.keys.gerg_gerg-phone ];
};
};
systemd = {
# For linuxManualConfig to work:
strip = lib.mkForce false;
network = {
enable = true;
networks.enp11s0 = {
name = "enp11s0";
address = [ "192.168.1.4/24" ];
gateway = [ "192.168.1.1" ];
dns = [ "192.168.1.1" ];
DHCP = "no";
linkConfig = {
MACAddress = "D8:5E:D3:E5:47:90";
RequiredForOnline = "routable";
};
};
wait-online.enable = false;
};
users.root.shell = "/bin/systemd-tty-ask-password-agent";
};
};
lanzaboote = { lanzaboote = {
enable = true; enable = true;
pkiBundle = "/var/lib/sbctl"; pkiBundle = "/var/lib/sbctl";
@ -97,36 +63,5 @@ in
timeout = lib.mkForce 5; timeout = lib.mkForce 5;
efi.efiSysMountPoint = "/efi22"; efi.efiSysMountPoint = "/efi22";
}; };
kernelPackages = pkgs.linuxPackagesFor (
let
version = "6.12.11";
src = pkgs.fetchurl {
url = "mirror://kernel/linux/kernel/v${builtins.head (lib.splitVersion version)}.x/linux-${version}.tar.xz";
hash = "sha256-R1Fy/b2HoVPxI6V5Umcudzvbba9bWKQX0aXkGfz+7Ek=";
};
in
(pkgs.linuxManualConfig {
inherit src;
inherit (config.boot) kernelPatches;
version = "${version}-gerg";
config = {
CONFIG_RUST = "y";
CONFIG_MODULES = "y";
};
configfile = ./kernelConfig;
}).overrideAttrs
(old: {
passthru = old.passthru or { } // {
features = lib.foldr (x: y: x.features or { } // y) {
efiBootStub = true;
netfilterRPFilter = true;
ia32Emulation = true;
} config.boot.kernelPatches;
};
meta = old.meta or { } // {
broken = false;
};
})
);
}; };
} }

44
nixosConfigurations/gerg-desktop/kernel.nix Normal file
View file

@ -0,0 +1,44 @@
{
lib,
pkgs,
config,
}:
{
boot = {
# For linuxManualConfig to work: https://github.com/NixOS/nixpkgs/issues/368249
initrd.systemd.strip = false;
kernelPackages = pkgs.linuxPackagesFor (
let
version = "6.12.11";
src = pkgs.fetchurl {
url = "mirror://kernel/linux/kernel/v${builtins.head (lib.splitVersion version)}.x/linux-${version}.tar.xz";
hash = "sha256-R1Fy/b2HoVPxI6V5Umcudzvbba9bWKQX0aXkGfz+7Ek=";
};
in
(pkgs.linuxManualConfig {
inherit src;
inherit (config.boot) kernelPatches;
version = "${version}-gerg";
config = {
CONFIG_RUST = "y";
CONFIG_MODULES = "y";
};
configfile = ./kernelConfig;
}).overrideAttrs
(old: {
passthru = old.passthru or { } // {
features = lib.foldr (x: y: x.features or { } // y) {
efiBootStub = true;
netfilterRPFilter = true;
ia32Emulation = true;
} config.boot.kernelPatches;
};
meta = old.meta or { } // {
broken = false;
};
})
);
};
}

26
nixosConfigurations/gerg-desktop/main.nix
View file

@ -58,7 +58,21 @@
nixpkgs-review = pkgs.nixpkgs-review.override { nix = config.nix.package; }; nixpkgs-review = pkgs.nixpkgs-review.override { nix = config.nix.package; };
}; };
}; };
boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; boot = {
binfmt.emulatedSystems = [ "aarch64-linux" ];
supportedFilesystems.ntfs = true;
initrd = {
availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
];
includeDefaultModules = false;
};
};
hardware.nvidia = { hardware.nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.beta; package = config.boot.kernelPackages.nvidiaPackages.beta;
@ -213,16 +227,6 @@
root.hashedPassword = "!"; root.hashedPassword = "!";
}; };
}; };
boot.initrd = {
availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
];
includeDefaultModules = false;
};
system.stateVersion = "24.11"; system.stateVersion = "24.11";
networking.hostName = "gerg-desktop"; networking.hostName = "gerg-desktop";

54
nixosConfigurations/gerg-desktop/zfs.nix
View file

@ -1,6 +1,7 @@
{ {
config, config,
lib, lib,
pkgs,
}: }:
{ {
#link some stuff #link some stuff
@ -18,9 +19,8 @@
#make sure the sopskey is found #make sure the sopskey is found
sops.age.sshKeyPaths = lib.mkForce [ "/persist/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = lib.mkForce [ "/persist/ssh/ssh_host_ed25519_key" ];
fileSystems."/persist".neededForBoot = true; fileSystems."/persist".neededForBoot = true;
boot = {
supportedFilesystems.ntfs = true;
boot = {
zfs = { zfs = {
devNodes = "/dev/disk/by-id/"; devNodes = "/dev/disk/by-id/";
forceImportAll = true; forceImportAll = true;
@ -35,23 +35,49 @@
"dm_mod" "dm_mod"
#keyboard module for zfs password #keyboard module for zfs password
"hid_generic" "hid_generic"
#stage one internet
"igc"
]; ];
systemd.services.rollback = { network = {
serviceConfig = { enable = true;
Type = "oneshot"; ssh = {
RemainAfterExit = true; enable = true;
port = 22;
hostKeys = [ "/persist/initrd-keys/ssh_host_ed5519_key" ];
authorizedKeys = [ config.local.keys.gerg_gerg-phone ];
}; };
unitConfig.DefaultDependencies = "no"; };
wantedBy = [ "initrd.target" ]; systemd = {
after = [ "zfs-import.target" ]; network = {
before = [ "sysroot.mount" ]; enable = true;
path = [ config.boot.zfs.package ]; networks.enp11s0 = {
script = '' name = "enp11s0";
address = [ "192.168.1.4/24" ];
gateway = [ "192.168.1.1" ];
dns = [ "192.168.1.1" ];
DHCP = "no";
linkConfig = {
MACAddress = "D8:5E:D3:E5:47:90";
RequiredForOnline = "routable";
};
};
wait-online.enable = false;
};
users.root.shell = "/bin/systemd-tty-ask-password-agent";
};
};
};
systemd.shutdownRamfs = {
enable = true;
contents."/etc/systemd/system-shutdown/zfs-rollback".source =
pkgs.writeShellScript "zfs-rollback" ''
zfs='${lib.getExe config.boot.zfs.package}'
zfs rollback -r rpool/root@empty zfs rollback -r rpool/root@empty
zfs rollback -r rpool/var@empty zfs rollback -r rpool/var@empty
''; '';
storePaths = [ (lib.getExe config.boot.zfs.package) ];
}; };
};
};
} }