update

2024-11-10 22:15:07 -05:00 · 2024-11-10 22:15:07 -05:00 · 091d7180a5
commit 091d7180a5
parent 76c1d36e5f
4 changed files with 102 additions and 117 deletions
--- a/systems/x86_64-linux/navis/default.nix
+++ b/systems/x86_64-linux/navis/default.nix
@ -5,66 +5,36 @@
  lib,
  ...
 }: {
-  # boot.initrd.systemd.services.wipe-root = {
-  #   requires = ["dev-mapper-enc.device"];
-  #   after = ["dev-mapper-enc.device"];
-  #   wantedBy = ["initrd.target"];
-  #   script = lib.mkAfter ''
-  #     mkdir /btrfs_tmp
-  #     mount /dev/disk/by-uuid/d375c3a3-63a3-47f8-8b77-58fabbb8f67b /btrfs_tmp
-  #     if [[ -e /btrfs_tmp/root ]]; then
-  #         mkdir -p /btrfs_tmp/old_roots
-  #         timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
-  #         mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
-  #     fi
-  #
-  #     delete_subvolume_recursively() {
-  #         IFS=$'\n'
-  #         for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
-  #             delete_subvolume_recursively "/btrfs_tmp/$i"
-  #         done
-  #         btrfs subvolume delete "$1"
-  #     }
-  #
-  #     for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
-  #         delete_subvolume_recursively "$i"
-  #     done
-  #
-  #     btrfs subvolume create /btrfs_tmp/root
-  #     umount /btrfs_tmp
-  #   '';
-  # };
-
  facter.reportPath = ./facter.json;

  fileSystems = {
    "/" = {
-      device = "/dev/disk/by-uuid/d375c3a3-63a3-47f8-8b77-58fabbb8f67b";
+      device = "/dev/mapper/enc";
      fsType = "btrfs";
      options = ["subvol=root"];
    };

    "/home" = {
-      device = "/dev/disk/by-uuid/d375c3a3-63a3-47f8-8b77-58fabbb8f67b";
+      device = "/dev/mapper/enc";
      fsType = "btrfs";
      options = ["subvol=home" "compress=zstd"];
    };

    "/nix" = {
-      device = "/dev/disk/by-uuid/d375c3a3-63a3-47f8-8b77-58fabbb8f67b";
+      device = "/dev/mapper/enc";
      fsType = "btrfs";
      options = ["subvol=nix" "compress=zstd" "noatime"];
    };

    "/persist" = {
-      device = "/dev/disk/by-uuid/d375c3a3-63a3-47f8-8b77-58fabbb8f67b";
+      device = "/dev/mapper/enc";
      neededForBoot = true;
      fsType = "btrfs";
      options = ["subvol=persist" "compress=zstd"];
    };

    "/var/log" = {
-      device = "/dev/disk/by-uuid/d375c3a3-63a3-47f8-8b77-58fabbb8f67b";
+      device = "/dev/mapper/enc";
      fsType = "btrfs";
      options = ["subvol=log" "compress=zstd" "noatime"];
      neededForBoot = true;
@ -151,10 +121,6 @@
    identityPaths = ["/persist/root/.ssh/id_ed25519"];
  };

-  chaotic.scx.enable = true;
-  chaotic.scx.package = pkgs.scx_git.rustland;
-  chaotic.scx.scheduler = "scx_rustland";
-
  virtualisation = {
    spiceUSBRedirection.enable = true;
    waydroid.enable = true;
@ -211,13 +177,34 @@
    kernelPackages = pkgs.linuxPackages_cachyos;
    supportedFilesystems = ["btrfs" "ntfs"];

+    # Encrypted device
    initrd.luks.devices."enc".device = "/dev/disk/by-uuid/9952fcd1-46eb-4c9c-ab7d-361d31fdb9a2";
    tmp.useTmpfs = true;

-    # initrd.systemd = {
-    #   enable = true;
-    #   emergencyAccess = true; # No password needed because of LUKS
-    # };
+    initrd.postDeviceCommands = lib.mkAfter ''
+      mkdir /btrfs_tmp
+      mount /dev/dm-0 /btrfs_tmp
+      if [[ -e /btrfs_tmp/root ]]; then
+          mkdir -p /btrfs_tmp/old_roots
+          timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
+          mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
+      fi
+
+      delete_subvolume_recursively() {
+          IFS=$'\n'
+          for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
+              delete_subvolume_recursively "/btrfs_tmp/$i"
+          done
+          btrfs subvolume delete "$1"
+      }
+
+      for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
+          delete_subvolume_recursively "$i"
+      done
+
+      btrfs subvolume create /btrfs_tmp/root
+      umount /btrfs_tmp
+    '';

    plymouth = {
      enable = true;
@ -302,18 +289,15 @@
        "https://cuda-maintainers.cachix.org"
        "https://hyprland.cachix.org"
        "https://nix-community.cachix.org"
-        "https://nyx.chaotic.cx/"
      ];

      trusted-public-keys = [
        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
        "cache.privatevoid.net:SErQ8bvNWANeAvtsOESUwVYr2VJynfuc9JRwlzTTkVg="
-        "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
        "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
        "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
        "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-        "nyx.chaotic.cx-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
      ];
    };
  };