From 6795b5bd64c240cd989b2db12eb5c4652e48aecd Mon Sep 17 00:00:00 2001 From: Baitinq Date: Fri, 9 Sep 2022 01:15:18 +0200 Subject: Implement host-hardware separation --- hosts/vm/default.nix | 2 -- hosts/vm/disks.nix | 45 ------------------------ hosts/vm/hardware.nix | 33 ------------------ hosts/vm/hardware/virtualbox/default.nix | 4 +++ hosts/vm/hardware/virtualbox/disks.nix | 57 +++++++++++++++++++++++++++++++ hosts/vm/hardware/virtualbox/hardware.nix | 33 ++++++++++++++++++ 6 files changed, 94 insertions(+), 80 deletions(-) delete mode 100644 hosts/vm/disks.nix delete mode 100644 hosts/vm/hardware.nix create mode 100644 hosts/vm/hardware/virtualbox/default.nix create mode 100644 hosts/vm/hardware/virtualbox/disks.nix create mode 100644 hosts/vm/hardware/virtualbox/hardware.nix (limited to 'hosts/vm') diff --git a/hosts/vm/default.nix b/hosts/vm/default.nix index 0150cd6..4fbf51e 100644 --- a/hosts/vm/default.nix +++ b/hosts/vm/default.nix @@ -1,8 +1,6 @@ { config, pkgs, lib, secrets, hostname, inputs, user, ... }: { imports = [ - # Include the results of the hardware scan. - ./hardware.nix ]; # Configure keymap in X11 diff --git a/hosts/vm/disks.nix b/hosts/vm/disks.nix deleted file mode 100644 index cabed80..0000000 --- a/hosts/vm/disks.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ config, lib, inputs, pkgs, modulesPath, ... }: -{ - fileSystems."/" = { - device = "none"; - fsType = "tmpfs"; - }; - - boot.initrd.luks.devices."encrypted_boot".device = "/dev/disk/by-partlabel/boot"; - - fileSystems."/boot" = { - device = "/dev/mapper/encrypted_boot"; - fsType = "vfat"; - }; - - fileSystems."/boot/efi" = { - device = "/dev/disk/by-partlabel/efi"; - fsType = "vfat"; - }; - - boot.initrd.luks.devices."encrypted_root".device = "/dev/disk/by-partlabel/root"; - - fileSystems."/nix" = { - device = "/dev/mapper/encrypted_root"; - fsType = "btrfs"; - options = [ "subvol=nix" "compress-force=zstd" "noatime" ]; - }; - - fileSystems."/persist" = { - device = "/dev/mapper/encrypted_root"; - fsType = "btrfs"; - neededForBoot = true; - options = [ "subvol=persist" "compress-force=zstd" "noatime" ]; - }; - - fileSystems."/home" = { - device = "/dev/mapper/encrypted_root"; - fsType = "btrfs"; - options = [ "subvol=home" "compress-force=zstd" ]; - }; - - swapDevices = [ ]; - - zramSwap.enable = true; - -} diff --git a/hosts/vm/hardware.nix b/hosts/vm/hardware.nix deleted file mode 100644 index 470f733..0000000 --- a/hosts/vm/hardware.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, lib, inputs, pkgs, modulesPath, ... }: -{ - imports = [ - ./disks.nix - ]; - - boot = { - initrd = { - availableKernelModules = - [ "ata_piix" "ohci_pci" "sd_mod" "sr_mod" ]; - kernelModules = [ ]; - }; - kernelPackages = pkgs.linuxPackages_latest; - kernelModules = [ ]; - extraModulePackages = [ ]; - kernelParams = [ "net.ifnames=0" "biosdevname=0" "mitigations=off" ]; - }; - - services.xserver = { - # Enable touchpad support (enabled default in most desktopManager). - libinput.enable = true; - }; - - hardware = { - opengl = { - enable = true; - driSupport = true; - }; - }; - - virtualisation.virtualbox.guest.enable = true; - -} diff --git a/hosts/vm/hardware/virtualbox/default.nix b/hosts/vm/hardware/virtualbox/default.nix new file mode 100644 index 0000000..b0125ee --- /dev/null +++ b/hosts/vm/hardware/virtualbox/default.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + imports = [ ./hardware.nix ]; +} diff --git a/hosts/vm/hardware/virtualbox/disks.nix b/hosts/vm/hardware/virtualbox/disks.nix new file mode 100644 index 0000000..6ba15ec --- /dev/null +++ b/hosts/vm/hardware/virtualbox/disks.nix @@ -0,0 +1,57 @@ +{ config, lib, inputs, pkgs, modulesPath, ... }: +{ + + environment.persistence."/persist" = { + directories = [ + "/var/log" + "/var/lib" + ]; + files = [ + "/etc/machine-id" + "/etc/nix/id_rsa" + ]; + }; + + fileSystems."/" = { + device = "none"; + fsType = "tmpfs"; + }; + + boot.initrd.luks.devices."encrypted_boot".device = "/dev/disk/by-partlabel/boot"; + + fileSystems."/boot" = { + device = "/dev/mapper/encrypted_boot"; + fsType = "vfat"; + }; + + fileSystems."/boot/efi" = { + device = "/dev/disk/by-partlabel/efi"; + fsType = "vfat"; + }; + + boot.initrd.luks.devices."encrypted_root".device = "/dev/disk/by-partlabel/root"; + + fileSystems."/nix" = { + device = "/dev/mapper/encrypted_root"; + fsType = "btrfs"; + options = [ "subvol=nix" "compress-force=zstd" "noatime" ]; + }; + + fileSystems."/persist" = { + device = "/dev/mapper/encrypted_root"; + fsType = "btrfs"; + neededForBoot = true; + options = [ "subvol=persist" "compress-force=zstd" "noatime" ]; + }; + + fileSystems."/home" = { + device = "/dev/mapper/encrypted_root"; + fsType = "btrfs"; + options = [ "subvol=home" "compress-force=zstd" ]; + }; + + swapDevices = [ ]; + + zramSwap.enable = true; + +} diff --git a/hosts/vm/hardware/virtualbox/hardware.nix b/hosts/vm/hardware/virtualbox/hardware.nix new file mode 100644 index 0000000..470f733 --- /dev/null +++ b/hosts/vm/hardware/virtualbox/hardware.nix @@ -0,0 +1,33 @@ +{ config, lib, inputs, pkgs, modulesPath, ... }: +{ + imports = [ + ./disks.nix + ]; + + boot = { + initrd = { + availableKernelModules = + [ "ata_piix" "ohci_pci" "sd_mod" "sr_mod" ]; + kernelModules = [ ]; + }; + kernelPackages = pkgs.linuxPackages_latest; + kernelModules = [ ]; + extraModulePackages = [ ]; + kernelParams = [ "net.ifnames=0" "biosdevname=0" "mitigations=off" ]; + }; + + services.xserver = { + # Enable touchpad support (enabled default in most desktopManager). + libinput.enable = true; + }; + + hardware = { + opengl = { + enable = true; + driSupport = true; + }; + }; + + virtualisation.virtualbox.guest.enable = true; + +} -- cgit 1.4.1