complete servo image & port to impermanence
there might still be some bugs to work out here. this produces a workable image, but with some uncertainty around that swapfile (the first attempt had /swapfile living on a tmpfs).
This commit is contained in:
parent
ba69812720
commit
92488dd890
|
@ -3,6 +3,7 @@
|
|||
# we need space in the GPT header to place tow-boot.
|
||||
# only actually need 1 MB, but better to over-allocate than under-allocate
|
||||
colinsane.image.extraGPTPadding = 16 * 1024 * 1024;
|
||||
colinsane.image.firstPartGap = 0;
|
||||
system.build.img = pkgs.runCommandNoCC "nixos_full-disk-image.img" {} ''
|
||||
cp -v ${config.system.build.img-without-firmware}/nixos.img $out
|
||||
chmod +w $out
|
||||
|
|
|
@ -24,9 +24,14 @@
|
|||
colinsane.home-manager.extraPackages = [
|
||||
pkgs.matrix-synapse
|
||||
];
|
||||
colinsane.impermanence.enable = true;
|
||||
colinsane.services.duplicity.enable = true;
|
||||
|
||||
# TODO: validate this
|
||||
colinsane.image.extraBootFiles = [ pkgs.bootpart-tow-boot-rpi-aarch64 ];
|
||||
boot.loader.grub.enable = false;
|
||||
boot.loader.generic-extlinux-compatible.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = false;
|
||||
colinsane.image.extraBootFiles = [ pkgs.bootpart-u-boot-rpi-aarch64 ];
|
||||
|
||||
sops.secrets.duplicity_passphrase = {
|
||||
sopsFile = ../../secrets/servo.yaml;
|
||||
|
|
|
@ -1,27 +1,49 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
# root is a tmpfs so that we have an ephemeral system ("impermanence" handles the state)
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/2be70d38-79f4-41b6-bee2-bce5a25f8f7b";
|
||||
fsType = "ext4";
|
||||
device = "none";
|
||||
fsType = "tmpfs";
|
||||
options = [
|
||||
"mode=755"
|
||||
"size=1G"
|
||||
"defaults"
|
||||
];
|
||||
};
|
||||
# we need a /tmp of default size (half RAM) for building large nix things
|
||||
fileSystems."/tmp" = {
|
||||
device = "none";
|
||||
fsType = "tmpfs";
|
||||
options = [
|
||||
"mode=777"
|
||||
"defaults"
|
||||
];
|
||||
};
|
||||
|
||||
fileSystems."/nix" = {
|
||||
device = "/dev/disk/by-uuid/aa272cff-0fcc-498e-a4cb-0d95fb60631b";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/B318-A67E";
|
||||
device = "/dev/disk/by-uuid/31D3-40CB";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
|
||||
fileSystems."/var/lib/pleroma" = {
|
||||
device = "/opt/pleroma";
|
||||
options = [ "bind" ];
|
||||
};
|
||||
# fileSystems."/var/lib/pleroma" = {
|
||||
# device = "/opt/pleroma";
|
||||
# options = [ "bind" ];
|
||||
# };
|
||||
|
||||
# TODO: does transmission handle symlinks?
|
||||
fileSystems."/var/lib/transmission/Downloads" = {
|
||||
device = "/opt/uninsane/media";
|
||||
device = "/var/lib/uninsane/media";
|
||||
options = [ "bind" ];
|
||||
};
|
||||
fileSystems."/var/lib/transmission/.incomplete" = {
|
||||
device = "/opt/uninsane/media/incomplete";
|
||||
device = "/var/lib/uninsane/media/incomplete";
|
||||
options = [ "bind" ];
|
||||
};
|
||||
|
||||
|
@ -31,7 +53,7 @@
|
|||
};
|
||||
|
||||
swapDevices = [
|
||||
{ device = "/swapfile"; size = 4096; }
|
||||
{ device = "/nix/persist/swapfile"; size = 4096; }
|
||||
];
|
||||
}
|
||||
|
||||
|
|
|
@ -12,15 +12,9 @@
|
|||
# see: https://github.com/raspberrypi/linux
|
||||
boot.kernelPackages = pkgs.linuxPackages_rpi4;
|
||||
|
||||
# NixOS defaults to grub: we don't want that.
|
||||
boot.loader.grub.enable = false;
|
||||
# raspberryPi boot loader creates extlinux.conf.
|
||||
# otherwise, enable the generic-extlinux-compatible loader below.
|
||||
# note: THESE ARE MUTUALLY EXCLUSIVE. generic-extlinux-compatible causes uboot to not be built
|
||||
# boot.loader.generic-extlinux-compatible.enable = true;
|
||||
boot.loader.raspberryPi.enable = true;
|
||||
boot.loader.raspberryPi.uboot.enable = true;
|
||||
boot.loader.raspberryPi.version = 4;
|
||||
|
||||
boot.initrd.availableKernelModules = [
|
||||
"bcm2711_thermal"
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
|
||||
# web blog/personal site
|
||||
services.nginx.virtualHosts."uninsane.org" = {
|
||||
root = "/opt/uninsane/root";
|
||||
root = "/var/lib/uninsane/root";
|
||||
# a lot of places hardcode https://uninsane.org,
|
||||
# and then when we mix http + non-https, we get CORS violations
|
||||
# and things don't look right. so force SSL.
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
{
|
||||
services.postgresql.enable = true;
|
||||
services.postgresql.dataDir = "/opt/postgresql/13";
|
||||
# services.postgresql.dataDir = "/opt/postgresql/13";
|
||||
# XXX colin: for a proper deploy, we'd want to include something for Pleroma here too.
|
||||
# services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
|
||||
# CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '<password goes here>';
|
||||
|
|
|
@ -12,8 +12,20 @@ in
|
|||
};
|
||||
colinsane.image.extraGPTPadding = mkOption {
|
||||
default = 0;
|
||||
# NB: rpi doesn't like non-zero values for this.
|
||||
# at the same time, spinning disks REALLY need partitions to be aligned to 4KiB boundaries.
|
||||
# maybe there's some imageBuilder.fileSystem type which represents empty space?
|
||||
# default = 2014 * 512; # standard is to start part0 at sector 2048 (versus 34 if no padding)
|
||||
type = types.int;
|
||||
};
|
||||
colinsane.image.firstPartGap = mkOption {
|
||||
# align the first part to 16 MiB.
|
||||
# do this by inserting a gap of 16 MiB - gptHeaderSize
|
||||
# and then multiply by 1MiB and subtract 1 because mobile-nixos
|
||||
# has a bug which will divide this by 1 MiB (and round up)
|
||||
default = (16 * 1024 * 1024 - 34 * 512) * 1024 * 1024 - 1;
|
||||
type = types.nullOr types.int;
|
||||
};
|
||||
colinsane.image.bootPartSize = mkOption {
|
||||
default = 512 * 1024 * 1024;
|
||||
type = types.int;
|
||||
|
@ -62,6 +74,7 @@ in
|
|||
# Tow-Boot manages to do that; not sure how.
|
||||
headerHole = cfg.extraGPTPadding;
|
||||
partitions = [
|
||||
(pkgs.imageBuilder.gap cfg.firstPartGap)
|
||||
(fsBuilderMapBoot."${bootFs.fsType}" {
|
||||
# fs properties
|
||||
name = "ESP";
|
||||
|
|
|
@ -69,6 +69,24 @@ in
|
|||
# "/var/lib/systemd" # nothing obviously necessary
|
||||
# "/var/lib/udisks2" # empty on lappy
|
||||
# "/var/lib/upower" # historic charge data. unnecessary, but maybe used somewhere?
|
||||
#
|
||||
# servo additions:
|
||||
"/var/lib/acme"
|
||||
# "/var/lib/dhparams" # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/security/dhparams.nix
|
||||
# "/var/lib/dovecot"
|
||||
# "/var/lib/duplicity"
|
||||
"/var/lib/gitea" # TODO: could be more granular
|
||||
"/var/lib/ipfs" # TODO: could be more granular
|
||||
"/var/lib/jackett" # TODO: we only need this to save Indexer creds ==> migrate to config?
|
||||
"/var/lib/jellyfin" # TODO: could be more granular
|
||||
"/var/lib/matrix-appservice-irc"
|
||||
"/var/lib/matrix-synapse"
|
||||
"/var/lib/opendkim" # TODO: move this to the nix config (SOPS)
|
||||
"/var/lib/pleroma" # TODO: could be more granular
|
||||
"/var/lib/postgresql"
|
||||
"/var/lib/postfix" # TODO: could be more granular
|
||||
"/var/lib/transmission" # we need this specifically for the stats tracking in .config/
|
||||
"/var/lib/uninsane"
|
||||
"/var/log"
|
||||
# TODO: what even GOES in /srv?
|
||||
"/srv"
|
||||
|
|
|
@ -37,17 +37,15 @@ in
|
|||
"/sys"
|
||||
"/tmp"
|
||||
# bind mounted (dupes):
|
||||
"/var/lib/pleroma"
|
||||
"/var/lib/transmission/Downloads"
|
||||
"/var/lib/transmission/.incomplete"
|
||||
"/var/lib"
|
||||
# other mounts
|
||||
"/mnt"
|
||||
# data that's not worth the cost to backup:
|
||||
"/opt/uninsane/media"
|
||||
"/nix/persist/var/lib/uninsane/media"
|
||||
"/nix/persist/home/colin/tmp"
|
||||
"/nix/persist/home/colin/Videos"
|
||||
"/home/colin/tmp"
|
||||
"/home/colin/Videos"
|
||||
# TODO: transitional
|
||||
"/home/colin/internal"
|
||||
];
|
||||
|
||||
services.duplicity.extraFlags = [
|
||||
|
|
|
@ -18,11 +18,11 @@ let sshOpts = {
|
|||
in
|
||||
{
|
||||
fileSystems."/mnt/servo-media-wan" = {
|
||||
device = "colin@uninsane.org:/opt/uninsane/media";
|
||||
device = "colin@uninsane.org:/var/lib/uninsane/media";
|
||||
inherit (sshOpts) fsType options;
|
||||
};
|
||||
fileSystems."/mnt/servo-media-lan" = {
|
||||
device = "colin@servo:/opt/uninsane/media";
|
||||
device = "colin@servo:/var/lib/uninsane/media";
|
||||
inherit (sshOpts) fsType options;
|
||||
};
|
||||
fileSystems."/mnt/desko-home" = {
|
||||
|
|
Loading…
Reference in New Issue
Block a user