From fe91044c8b9a223cb860d78682efdd9739288bb3 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 7 Jul 2025 17:47:51 +0800 Subject: [PATCH 1/3] refactor(nixos): move persisted ssh host keys to ssh module --- nix/modules/machine/root/ephemeral.nix | 7 ------- nix/modules/ssh.nix | 10 ++++++++++ 2 files changed, 10 insertions(+), 7 deletions(-) create mode 100644 nix/modules/ssh.nix diff --git a/nix/modules/machine/root/ephemeral.nix b/nix/modules/machine/root/ephemeral.nix index 729f1cc..0b9657f 100644 --- a/nix/modules/machine/root/ephemeral.nix +++ b/nix/modules/machine/root/ephemeral.nix @@ -17,13 +17,6 @@ in btrfs subvolume delete "/btrfs_tmp/root" fi ''; - persistFiles = [ - #TODO: move to ssh config - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" - ]; }) ]; }; diff --git a/nix/modules/ssh.nix b/nix/modules/ssh.nix new file mode 100644 index 0000000..4c8fde2 --- /dev/null +++ b/nix/modules/ssh.nix @@ -0,0 +1,10 @@ +{ + flake.modules.nixos.default = { + persistFiles = [ + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ]; + }; +} From b5772e4525b8947c9b3de7347361225206f8088e Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 7 Jul 2025 18:10:32 +0800 Subject: [PATCH 2/3] refactor(machine/root): centralise root drive cfg --- nix/modules/machine/root.nix | 100 +++++++++++++++++++++++++ nix/modules/machine/root/drive.nix | 75 ------------------- nix/modules/machine/root/ephemeral.nix | 23 ------ 3 files changed, 100 insertions(+), 98 deletions(-) create mode 100644 nix/modules/machine/root.nix delete mode 100644 nix/modules/machine/root/drive.nix delete mode 100644 nix/modules/machine/root/ephemeral.nix diff --git a/nix/modules/machine/root.nix b/nix/modules/machine/root.nix new file mode 100644 index 0000000..98c1120 --- /dev/null +++ b/nix/modules/machine/root.nix @@ -0,0 +1,100 @@ +{ + config, + lib, + inputs, + ... +}: +let + inherit (lib.modules) mkMerge mkIf mkAfter; +in +{ + flake.modules.nixos.default = + { hostName, ... }: + let + inherit (config.flake.manifest.hosts.nixos.${hostName}.machine) root; + in + { + imports = [ inputs.disko.nixosModules.disko ]; + config = mkMerge [ + { + # BTRFS - may add more later on + boot.initrd.kernelModules = [ "dm-snapshot" ]; + disko.devices.disk.main = { + device = root.drive; + content.type = "gpt"; + content.partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + swap = { + size = "4G"; + content = { + type = "swap"; + resumeDevice = true; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "lvm_pv"; + vg = "root_vg"; + }; + }; + }; + }; + + disko.devices.lvm_vg.root_vg = { + type = "lvm_vg"; + lvs.root = { + size = "100%FREE"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root".mountpoint = "/"; + "/persist" = { + mountpoint = "/persist"; + mountOptions = [ + "subvol=persist" + "noatime" + ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ + "subvol=nix" + "noatime" + ]; + }; + }; + }; + }; + }; + } + # Ephemeral by default - assumes btrfs + (mkIf (config.flake.manifest.hosts.nixos.${hostName}.machine.root.ephemeral or true) { + boot.initrd.postDeviceCommands = mkAfter '' + mkdir /btrfs_tmp + mount /dev/root_vg/root /btrfs_tmp + + if [[ -e /btrfs_tmp/root ]]; then + btrfs subvolume delete "/btrfs_tmp/root" + fi + ''; + }) + ]; + }; +} diff --git a/nix/modules/machine/root/drive.nix b/nix/modules/machine/root/drive.nix deleted file mode 100644 index 45ecac6..0000000 --- a/nix/modules/machine/root/drive.nix +++ /dev/null @@ -1,75 +0,0 @@ -{ config, inputs, ... }: -{ - flake.modules.nixos.default = - { hostName, ... }: - { - imports = [ inputs.disko.nixosModules.disko ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - # BTRFS - may add more later on - disko.devices.disk.main = { - device = config.flake.manifest.hosts.nixos.${hostName}.machine.root.drive; - type = "disk"; - content.type = "gpt"; - content.partitions = { - boot = { - name = "boot"; - size = "1M"; - type = "EF02"; - }; - esp = { - name = "ESP"; - size = "500M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - swap = { - size = "4G"; - content = { - type = "swap"; - resumeDevice = true; - }; - }; - root = { - name = "root"; - size = "100%"; - content = { - type = "lvm_pv"; - vg = "root_vg"; - }; - }; - }; - }; - - disko.devices.lvm_vg.root_vg = { - type = "lvm_vg"; - lvs.root = { - size = "100%FREE"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/root".mountpoint = "/"; - "/persist" = { - mountpoint = "/persist"; - mountOptions = [ - "subvol=persist" - "noatime" - ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "subvol=nix" - "noatime" - ]; - }; - }; - }; - }; - }; - }; -} diff --git a/nix/modules/machine/root/ephemeral.nix b/nix/modules/machine/root/ephemeral.nix deleted file mode 100644 index 0b9657f..0000000 --- a/nix/modules/machine/root/ephemeral.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, ... }: -let - inherit (lib.modules) mkMerge mkIf mkAfter; -in -{ - flake.modules.nixos.default = - { hostName, ... }: - { - config = mkMerge [ - # Ephemeral by default - assumes btrfs - (mkIf (config.flake.manifest.hosts.nixos.${hostName}.machine.root.ephemeral or true) { - boot.initrd.postDeviceCommands = mkAfter '' - mkdir /btrfs_tmp - mount /dev/root_vg/root /btrfs_tmp - - if [[ -e /btrfs_tmp/root ]]; then - btrfs subvolume delete "/btrfs_tmp/root" - fi - ''; - }) - ]; - }; -} From b63959f307ce6d568ed988901921bd99f726dde6 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 7 Jul 2025 18:11:33 +0800 Subject: [PATCH 3/3] refactor(configurations): centralise home-manager config --- nix/configurations.nix | 16 +++++++++++----- nix/modules/home-manager.nix | 18 ------------------ 2 files changed, 11 insertions(+), 23 deletions(-) delete mode 100644 nix/modules/home-manager.nix diff --git a/nix/configurations.nix b/nix/configurations.nix index 645e60e..9375b15 100644 --- a/nix/configurations.nix +++ b/nix/configurations.nix @@ -7,7 +7,14 @@ let inherit (lib) nixosSystem; inherit (lib.attrsets) mapAttrs; + inherit (cfg.lib.modules) forAllUsers'; cfg = config.flake; + globalCfg = { + useGlobalPkgs = true; + useUserPackages = true; + sharedModules = [ cfg.modules.homeManager.default ]; + users = forAllUsers' (name: _: cfg.homes.${name}); + }; hosts = cfg.manifest.hosts or { }; mkConfigurations = class: hosts: @@ -15,13 +22,11 @@ let name: value: if class == "nixos" then nixosSystem { - specialArgs = { - inherit inputs; - inherit (cfg) manifest; - hostName = name; - }; + specialArgs.hostName = name; modules = [ cfg.modules.nixos.default + inputs.home-manager.nixosModules.home-manager + { home-manager = globalCfg; } (value.extraCfg or { }) ]; } @@ -30,5 +35,6 @@ let ) hosts; in { + imports = [ inputs.home-manager.flakeModules.home-manager ]; flake.nixosConfigurations = mkConfigurations "nixos" hosts.nixos; } diff --git a/nix/modules/home-manager.nix b/nix/modules/home-manager.nix deleted file mode 100644 index e33893c..0000000 --- a/nix/modules/home-manager.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ inputs, config, ... }: -let - inherit (cfg.lib.modules) forAllUsers'; - cfg = config.flake; - hm = inputs.home-manager; - globalCfg = { - useGlobalPkgs = true; - useUserPackages = true; - extraSpecialArgs = { inherit (cfg) manifest; }; - sharedModules = [ cfg.modules.homeManager.default ]; - users = forAllUsers' (name: _: cfg.homes.${name}); - }; -in -{ - imports = [ hm.flakeModules.home-manager ]; - flake.modules.nixos.default.imports = [ hm.nixosModules.home-manager ]; - flake.modules.nixos.default.config.home-manager = globalCfg; -}