From 37744f0016b77af41e8f57bc6da32b15f5ac50fd Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 2 Sep 2015 10:02:05 +0200 Subject: makefu: sort 2configs --- makefu/2configs/fs/cac-boot-partition.nix | 23 +++++++++++++++++ makefu/2configs/fs/sda-crypto-root-home.nix | 39 +++++++++++++++++++++++++++++ makefu/2configs/fs/sda-crypto-root.nix | 29 +++++++++++++++++++++ makefu/2configs/fs/vm-single-partition.nix | 20 +++++++++++++++ 4 files changed, 111 insertions(+) create mode 100644 makefu/2configs/fs/cac-boot-partition.nix create mode 100644 makefu/2configs/fs/sda-crypto-root-home.nix create mode 100644 makefu/2configs/fs/sda-crypto-root.nix create mode 100644 makefu/2configs/fs/vm-single-partition.nix (limited to 'makefu/2configs/fs') diff --git a/makefu/2configs/fs/cac-boot-partition.nix b/makefu/2configs/fs/cac-boot-partition.nix new file mode 100644 index 00000000..fdf4b89d --- /dev/null +++ b/makefu/2configs/fs/cac-boot-partition.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +# vda1 ext4 (label nixos) -> only root partition +with lib; +{ + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; + + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/boot"; + fsType = "ext4"; + }; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + hardware.cpu.amd.updateMicrocode = true; + +} diff --git a/makefu/2configs/fs/sda-crypto-root-home.nix b/makefu/2configs/fs/sda-crypto-root-home.nix new file mode 100644 index 00000000..3821c750 --- /dev/null +++ b/makefu/2configs/fs/sda-crypto-root-home.nix @@ -0,0 +1,39 @@ +{ config, lib, pkgs, ... }: + +# ssd # +# sda: bootloader grub2 +# sda1: boot ext4 (label nixboot) +# sda2: cryptoluks -> lvm: +# / (main-root) +# /home (main-home) + +with lib; +{ + boot = { + loader.grub.enable =true; + loader.grub.version =2; + loader.grub.device = "/dev/sda"; + + initrd.luks.devices = [ { name = "main"; device = "/dev/sda2"; allowDiscards=true; }]; + initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + }; + fileSystems = { + "/" = { + device = "/dev/mapper/main-root"; + fsType = "ext4"; + options="defaults,discard"; + }; + # TODO: just import sda-crypto-root, add this device + "/home" = { + device = "/dev/mapper/main-home"; + fsType = "ext4"; + options="defaults,discard"; + }; + "/boot" = { + device = "/dev/disk/by-label/nixboot"; + fsType = "ext4"; + options="defaults,discard"; + }; + }; +} diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix new file mode 100644 index 00000000..54db8754 --- /dev/null +++ b/makefu/2configs/fs/sda-crypto-root.nix @@ -0,0 +1,29 @@ +{ config, lib, pkgs, ... }: + +# sda: bootloader grub2 +# sda1: boot ext4 (label nixboot) +# sda2: cryptoluks -> ext4 +with lib; +{ + boot = { + loader.grub.enable =true; + loader.grub.version =2; + loader.grub.device = "/dev/sda"; + + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; + initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + }; + fileSystems = { + "/" = { + device = "/dev/mapper/luksroot"; + fsType = "ext4"; + options="defaults,discard"; + }; + "/boot" = { + device = "/dev/disk/by-label/nixboot"; + fsType = "ext4"; + options="defaults,discard"; + }; + }; +} diff --git a/makefu/2configs/fs/vm-single-partition.nix b/makefu/2configs/fs/vm-single-partition.nix new file mode 100644 index 00000000..78a5e717 --- /dev/null +++ b/makefu/2configs/fs/vm-single-partition.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, ... }: + +# vda1 ext4 (label nixos) -> only root partition +with lib; +{ + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/vda"; + + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + }; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + hardware.cpu.amd.updateMicrocode = true; + + +} -- cgit v1.2.3