WIP

2025-12-25 10:28:27 +01:00 · 2025-12-25 10:28:27 +01:00 · 92f83235e0
commit 92f83235e0
parent e06b409221
10 changed files with 382 additions and 159 deletions
--- a/profiles/linux/minimal.nix
+++ b/profiles/linux/minimal.nix
@ -0,0 +1,129 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+let
+  inherit (lib) mkDefault;
+
+  inherit (config.machine.filesystem.uuid)
+    boot
+    esp
+    luks
+    cryptroot
+    ;
+in
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    ../minimal.nix
+  ];
+
+  boot.bootspec.enable = true;
+  boot.initrd = {
+    kernelModules = [ ];
+    luks.devices."cryptroot".device = "/dev/disk/by-uuid/${luks}";
+    systemd.enable = true;
+  };
+
+  boot.lanzaboote = {
+    enable = true;
+    pkiBundle = "/var/lib/sbctl";
+  };
+
+  boot.loader.efi = {
+    canTouchEfiVariables = true;
+    efiSysMountPoint = "efi";
+  };
+
+  boot.loader.systemd-boot = {
+    enable = lib.mkForce false;
+    xbootldrMountPoint = "/boot";
+  };
+
+  environment.sessionVariables = {
+    EDITOR = "${pkgs.vim}/bin/vim";
+    PAGER = "${pkgs.less}/bin/less";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/${boot}";
+    fsType = "ext4";
+  };
+
+  fileSystems."/efi" = {
+    device = "/dev/disk/by-uuid/${esp}";
+    fsType = "vfat";
+    options = [
+      "fmask=0137"
+      "dmask=0027"
+    ];
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/${cryptroot}";
+    fsType = "btrfs";
+    options = [ "subvol=@root" ];
+  };
+
+  fileSystems."/home" = {
+    device = "/dev/disk/by-uuid/${cryptroot}";
+    fsType = "btrfs";
+    options = [ "subvol=@home" ];
+  };
+
+  fileSystems."/nix" = {
+    device = "/dev/disk/by-uuid/${cryptroot}";
+    fsType = "btrfs";
+    options = [ "subvol=@nix" ];
+  };
+
+  fileSystems."/var/cache" = {
+    device = "/dev/disk/by-uuid/${cryptroot}";
+    fsType = "btrfs";
+    options = [ "subvol=@var_cache" ];
+  };
+
+  fileSystems."/var/log" = {
+    device = "/dev/disk/by-uuid/${cryptroot}";
+    fsType = "btrfs";
+    options = [ "subvol=@var_log" ];
+  };
+
+  fileSystems."/var/spool" = {
+    device = "/dev/disk/by-uuid/${cryptroot}";
+    fsType = "btrfs";
+    options = [ "subvol=@var_spool" ];
+  };
+
+  fileSystems."/var/tmp" = {
+    device = "/dev/disk/by-uuid/${cryptroot}";
+    fsType = "btrfs";
+    options = [ "subvol=@var_tmp" ];
+  };
+
+  fileSystems."/var/lib/machines" = {
+    device = "/dev/disk/by-uuid/${cryptroot}";
+    fsType = "btrfs";
+    options = [ "subvol=@var_lib_machines" ];
+  };
+
+  fileSystems."/var/lib/portables" = {
+    device = "/dev/disk/by-uuid/${cryptroot}";
+    fsType = "btrfs";
+    options = [ "subvol=@var_lib_portables" ];
+  };
+
+  networking.useDHCP = mkDefault true;
+
+  services.avahi.enable = true;
+  services.openssh.enable = true;
+
+  swapDevices = [ ];
+
+  hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware;
+
+  nixpkgs.hostPlatform = mkDefault "x86_64-linux";
+}