diff --git a/README.md b/README.md index 7df4f86..e5e3f83 100644 --- a/README.md +++ b/README.md @@ -149,12 +149,9 @@ niv add nix-community/NUR -n NUR ## disko and nixos-anywhere: Remote installation -* Introductory presentation: https://pad.lassul.us/cccamp-workshop -* disko: https://github.com/nix-community/disko - * See [hosts/yodaYoga/disko-config.nix](hosts/yodaYoga/disko-config.nix) -* nixos-anywhere: https://github.com/numtide/nixos-anywhere/ +Install NixOS via SSH everywhere. -TODO. This is at low priority as I don't install new systems too often. And it is a quite fast process with the graphical NixOS installer. +There is a separate repository for these steps. Its README can be found here: https://codeberg.org/privacy1st/nixos-anywhere-example/src/template/README.md ## Colmena: Deployment and secret management diff --git a/hosts/yodaYoga/disko-config.nix b/hosts/yodaYoga/disko-config.nix deleted file mode 100644 index f52ac13..0000000 --- a/hosts/yodaYoga/disko-config.nix +++ /dev/null @@ -1,74 +0,0 @@ -# TODO: I haven't used this config file yet. - -# Example taken form https://github.com/nix-community/disko/blob/master/example/luks-btrfs-subvolumes.nix - -# cryptsetup luksOpen --allow-discards -# -# https://wiki.gentoo.org/wiki/Dm-crypt_full_disk_encryption#Dm-crypt_on_SSDs_and_hybrid_drives -# Cryptsetup can transparently forward discard operations to an SSD. This feature is activated by using the --allow-discards option in combination with cryptsetup open. Enabling discards on an encrypted SSD can be a measure to ensure effective wear leveling and longevity, especially if the full disk is encrypted. For an in detail discussion about the security implications, have a look at the cryptsetup FAQ and the man page of cryptsetup. -# -# https://man.archlinux.org/man/cryptsetup-luksOpen.8.en -# Can make filesystem-level operations visible on the physical device. For example, information leaking filesystem type, used space, etc. may be extractable from the physical device. - -{ - disko.devices = { - disk = { - "256GB1" = { - type = "disk"; - # Device nickname: 256GB1 - device = "/dev/disk/by-id/ata-SanDisk_SD7TB6S256G1001_161418401077"; - content = { - type = "gpt"; - partitions = { - ESP = { - label = "EFI"; - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ - "defaults" - ]; - }; - }; - luks = { - size = "100%"; - content = { - type = "luks"; - name = "256GB1"; - extraOpenArgs = [ "--allow-discards" ]; - # if you want to use the key for interactive login be sure there is no trailing newline - # for example use `echo -n "password" > /tmp/secret.key` - passwordFile = "/tmp/secret.key"; # Interactive login. - #settings.keyFile = "/tmp/secret.key"; - #additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/@" = { - mountpoint = "/"; - mountOptions = [ "compress=zstd" "noatime" "commit=120" ]; - }; - "/@home" = { - mountpoint = "/home"; - mountOptions = [ "compress=zstd" "noatime" "commit=120" ]; - }; - # For snapshots created with e.g. `btrbk`. - "/@snap" = { - mountpoint = "/snap"; - mountOptions = [ "compress=zstd" "noatime" "commit=120" ]; - }; - }; - }; - }; - }; - }; - }; - }; - }; - }; -}