From 8c5b5bf0f4c9d452bf03c7e04e423144f634e701 Mon Sep 17 00:00:00 2001 From: fleaz Date: Mon, 14 Feb 2022 21:50:52 +0100 Subject: [PATCH] cray: Reinstall on new hardware --- machines/cray/configuration.nix | 32 +++++++++++++++++++--- machines/cray/hardware-configuration.nix | 34 +++++++++++++----------- 2 files changed, 48 insertions(+), 18 deletions(-) diff --git a/machines/cray/configuration.nix b/machines/cray/configuration.nix index 2bc7197..b8ea072 100644 --- a/machines/cray/configuration.nix +++ b/machines/cray/configuration.nix @@ -7,6 +7,10 @@ , ... }: +let + home-manager = (import ./nix/sources.nix).home-manager; + secretsFile = "/root.key"; +in { imports = [ # Include the results of the hardware scan. @@ -15,8 +19,28 @@ ]; # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + boot.loader.efi.efiSysMountPoint = "/boot/efi"; + + nix.useSandbox = false; + + boot.loader.systemd-boot.enable = false; + boot.loader.grub = { + enable = true; + version = 2; + device = "nodev"; + efiSupport = true; + enableCryptodisk = true; + configurationLimit = 5; + }; + + # enable passing of keyfile between grub and initrd + boot.initrd.luks.devices."cryptroot" = { + fallbackToPassword = true; + keyFile = secretsFile; + }; + # copy the secret into the additional initramfs. `null` means same path + boot.initrd.secrets."${secretsFile}" = null; # for nvidia drivers #nixpkgs.config.allowUnfree = true; @@ -25,14 +49,16 @@ # Set your time zone. time.timeZone = "Europe/Berlin"; + time.hardwareClockInLocalTime = true; #Be compatible with Windows + # The global useDHCP flag is deprecated, therefore explicitly set to false here. # Per-interface useDHCP will be mandatory in the future, so this generated config # replicates the default behaviour. networking.useDHCP = false; networking.hostName = "cray"; # Define your hostname. - networking.interfaces.eno1.useDHCP = true; - networking.interfaces.eno1.wakeOnLan.enable = true; + networking.interfaces.enp4s0.useDHCP = true; + networking.interfaces.enp4s0.wakeOnLan.enable = true; # Enable CUPS services.printing.enable = true; diff --git a/machines/cray/hardware-configuration.nix b/machines/cray/hardware-configuration.nix index 0637c10..01cd6b3 100644 --- a/machines/cray/hardware-configuration.nix +++ b/machines/cray/hardware-configuration.nix @@ -4,23 +4,21 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = - [ "xhci_pci" "ehci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = { - device = "/dev/disk/by-uuid/1d2ce540-2fce-4621-8a4d-e05e09369bc3"; - fsType = "ext4"; - }; + fileSystems."/" = + { device = "/dev/disk/by-uuid/60e06bf9-f4c4-4555-879b-23ade6599704"; + fsType = "ext4"; + }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/782C-3B0B"; - fsType = "vfat"; - }; + boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/2e85528d-0086-4835-9fc7-0e7a847d90bd"; fileSystems."/mnt/pool" = { device = "//BART/Pool/"; @@ -33,10 +31,16 @@ in [ "${automount_opts},credentials=/etc/nixos/smb-secrets" ]; }; + fileSystems."/boot/efi" = + { device = "/dev/disk/by-uuid/274B-0F7C"; + fsType = "vfat"; + }; - swapDevices = - [{ device = "/dev/disk/by-uuid/6a0a9641-00c5-490e-abcc-9efeaeaca1f8"; }]; + swapDevices = [{ + device = "/dev/disk/by-partuuid/c5586d55-aca1-4771-9695-1232ba83d3f6"; + randomEncryption = true; - hardware.cpu.intel.updateMicrocode = - lib.mkDefault config.hardware.enableRedistributableFirmware; + }]; + + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; }