refactor: split noweb... into appendix, template

2025-12-06 09:07:21 +01:00 · 2024-12-29 01:21:10 +01:00 · 2024-12-29 01:21:10 +01:00 · 80bf7596bc
commit 80bf7596bc
parent 8a7e6102ac
3 changed files with 1013 additions and 599 deletions
--- a/templates/hosts/nixos/default.nix
+++ b/templates/hosts/nixos/default.nix
@ -0,0 +1,78 @@
+{ self, inputs, outputs, config, pkgs, lib, ... }:
+let
+  profilesPath = "${self}/profiles";
+  sharedOptions = {
+    isBtrfs = true;
+  };
+in
+{
+
+  imports = outputs.nixModules ++ [
+    # ---- nixos-hardware here ----
+
+    ./hardware-configuration.nix
+    ./disk-config.nix
+
+    "${profilesPath}/optional/nixos/virtualbox.nix"
+    # "${profilesPath}/optional/nixos/vmware.nix"
+    "${profilesPath}/optional/nixos/autologin.nix"
+    "${profilesPath}/optional/nixos/nswitch-rcm.nix"
+    "${profilesPath}/optional/nixos/gaming.nix"
+
+    inputs.home-manager.nixosModules.home-manager
+    {
+      home-manager.users.swarsel.imports = outputs.mixedModules ++ [
+        "${profilesPath}/optional/home/gaming.nix"
+      ] ++ (builtins.attrValues outputs.homeManagerModules);
+    }
+  ] ++ (builtins.attrValues outputs.nixosModules);
+
+
+  nixpkgs = {
+    overlays = [ outputs.overlays.default ];
+    config = {
+      allowUnfree = true;
+    };
+  };
+
+  boot = {
+    kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
+  };
+
+  networking = {
+    hostName = "TEMPLATE";
+    firewall.enable = true;
+  };
+
+  swarselsystems = lib.recursiveUpdate
+    {
+      wallpaper = self + /wallpaper/lenovowp.png;
+      hasBluetooth = true;
+      hasFingerprint = true;
+      isImpermanence = true;
+      isSecureBoot = true;
+      isCrypted = true;
+      isSwap = true;
+      swapSize = "32G";
+      rootDisk = "TEMPLATE";
+    }
+    sharedOptions;
+
+  home-manager.users.swarsel.swarselsystems = lib.recursiveUpdate
+    {
+      isLaptop = true;
+      isNixos = true;
+      flakePath = "/home/swarsel/.dotfiles";
+      cpuCount = 16;
+      startup = [
+        { command = "nextcloud --background"; }
+        { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; }
+        { command = "element-desktop --hidden  --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
+        { command = "ANKI_WAYLAND=1 anki"; }
+        { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
+        { command = "nm-applet"; }
+        { command = "feishin"; }
+      ];
+    }
+    sharedOptions;
+}
--- a/templates/hosts/nixos/disk-config.nix
+++ b/templates/hosts/nixos/disk-config.nix
@ -0,0 +1,122 @@
+{ lib, pkgs, config, rootDisk, ... }:
+let
+  type = "btrfs";
+  extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite
+  subvolumes = {
+    "/root" = {
+      mountpoint = "/";
+      mountOptions = [
+        "subvol=root"
+        "compress=zstd"
+        "noatime"
+      ];
+    };
+    "/home" = lib.mkIf config.swarselsystems.isImpermanence {
+      mountpoint = "/home";
+      mountOptions = [
+        "subvol=home"
+        "compress=zstd"
+        "noatime"
+      ];
+    };
+    "/persist" = lib.mkIf config.swarselsystems.isImpermanence {
+      mountpoint = "/persist";
+      mountOptions = [
+        "subvol=persist"
+        "compress=zstd"
+        "noatime"
+      ];
+    };
+    "/log" = lib.mkIf config.swarselsystems.isImpermanence {
+      mountpoint = "/var/log";
+      mountOptions = [
+        "subvol=log"
+        "compress=zstd"
+        "noatime"
+      ];
+    };
+    "/nix" = {
+      mountpoint = "/nix";
+      mountOptions = [
+        "subvol=nix"
+        "compress=zstd"
+        "noatime"
+      ];
+    };
+    "/swap" = lib.mkIf config.swarselsystems.isSwap {
+      mountpoint = "/.swapvol";
+      swap.swapfile.size = config.swarselsystems.swapSize;
+    };
+  };
+in
+{
+  disko.devices = {
+    disk = {
+      disk0 = {
+        type = "disk";
+        device = config.swarselsystems.rootDisk;
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              priority = 1;
+              name = "ESP";
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "defaults" ];
+              };
+            };
+            root = lib.mkIf (!config.swarselsystems.isCrypted) {
+              size = "100%";
+              content = {
+                inherit type subvolumes extraArgs;
+                postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
+                  MNTPOINT=$(mktemp -d)
+                  mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5
+                  trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
+                  btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
+                '';
+              };
+            };
+            luks = lib.mkIf config.swarselsystems.isCrypted {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "cryptroot";
+                passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh
+                settings = {
+                  allowDiscards = true;
+                  # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36
+                  crypttabExtraOpts = [
+                    "fido2-device=auto"
+                    "token-timeout=10"
+                  ];
+                };
+                content = {
+                  inherit type subvolumes extraArgs;
+                  postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
+                    MNTPOINT=$(mktemp -d)
+                    mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5
+                    trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
+                    btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
+                  '';
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+
+  fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
+  fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
+
+  environment.systemPackages = [
+    pkgs.yubikey-manager
+  ];
+}