diff options
| author | makefu <github@syntax-fehler.de> | 2023-06-14 23:37:38 +0200 |
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2023-06-14 23:38:41 +0200 |
| commit | a2040ce915a4e8a2ae9f0897a13f77d6592dd81e (patch) | |
| tree | bda6ff26e479e638410d421d5edf3b3dcc3de1bb | |
| parent | b9a5d97bf892bd046afb670e4d362b0e1386f184 (diff) | |
fs: single-disk-encrypted-zfs takes hostId as parameter
| -rw-r--r-- | 1systems/tsp/config.nix | 3 | ||||
| -rw-r--r-- | 1systems/x/x13/disk.nix | 70 | ||||
| -rw-r--r-- | 2configs/fs/disko/single-disk-encrypted-zfs.nix | 7 | ||||
| -rw-r--r-- | flake.lock | 4 | ||||
| -rw-r--r-- | flake.nix | 3 |
5 files changed, 12 insertions, 75 deletions
diff --git a/1systems/tsp/config.nix b/1systems/tsp/config.nix index 587d5f83d..74c4e5616 100644 --- a/1systems/tsp/config.nix +++ b/1systems/tsp/config.nix @@ -13,7 +13,8 @@ (self + "/2configs/editor/neovim") (self + "/2configs/tools/core.nix") # (self + "/2configs/tools/all.nix") - (self + "/2configs/fs/disko/single-disk-bcachefs.nix") + + ((import ../../2configs/fs/disko/single-disk-encrypted-zfs.nix ) { disks = ["/dev/sda" ]; hostId = "f8b8e0a2"; }) # hardware specifics are in here (self + "/2configs/hw/bluetooth.nix") (self + "/2configs/hw/network-manager.nix") diff --git a/1systems/x/x13/disk.nix b/1systems/x/x13/disk.nix deleted file mode 100644 index 3fae8d410..000000000 --- a/1systems/x/x13/disk.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ ... }: -let - disk = "/dev/nvme0n1"; -in { - disko.devices = { - disk = { - nvme = { - type = "disk"; - device = disk; - content = { - type = "table"; - format = "gpt"; - partitions = [ - { - name = "ESP"; - start = "0"; - end = "512MiB"; - fs-type = "fat32"; - bootable = true; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - } - { - name = "zfs"; - start = "512MiB"; - end = "100%"; - content = { - type = "zfs"; - pool = "tank"; - }; - } - ]; - }; - }; - }; - zpool = { - tank = { - type = "zpool"; - rootFsOptions = { - compression = "lz4"; - #reservation = "5G"; - "com.sun:auto-snapshot" = "false"; - }; - mountpoint = null; - postCreateHook = "zfs snapshot tank@blank"; - - datasets = { - - root = { - type = "zfs_fs"; - mountpoint = "/"; - options = { - encryption = "aes-256-gcm"; - keyformat = "passphrase"; - "com.sun:auto-snapshot" = "true"; - }; - #keylocation = "file:///tmp/secret.key"; - }; - "root/home" = { - type = "zfs_fs"; - mountpoint = "/home"; - }; - }; - }; - }; - }; -} diff --git a/2configs/fs/disko/single-disk-encrypted-zfs.nix b/2configs/fs/disko/single-disk-encrypted-zfs.nix index 1b35e5b2b..9454c9892 100644 --- a/2configs/fs/disko/single-disk-encrypted-zfs.nix +++ b/2configs/fs/disko/single-disk-encrypted-zfs.nix @@ -1,8 +1,13 @@ -{ disks ? [ "/dev/nvme0n1" ], ... }: +{ disks ? [ "/dev/nvme0n1" ], hostId, ... }: let disk = builtins.elemAt disks 0; in { + boot.zfs.requestEncryptionCredentials = true; boot.supportedFilesystems = [ "zfs" ]; + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.systemd-boot.enable = true; + networking.hostId = hostId; + disko.devices = { disk = { nvme = { diff --git a/flake.lock b/flake.lock index de9b56e81..790ccbeff 100644 --- a/flake.lock +++ b/flake.lock @@ -169,8 +169,8 @@ ] }, "locked": { - "lastModified": 1686400260, - "narHash": "sha256-nW2GqH3yYZl5XRYHN4MpaaO4r01GNEMSPjklJmdIUic=", + "lastModified": 1686598920, + "narHash": "sha256-kLTqf7tiND/siBJUwOPfCQ02HVyOtxju47PNbeU5Ef4=", "path": "/home/makefu/stockholm-flakes", "type": "path" }, @@ -38,6 +38,7 @@ (name: !lib.hasPrefix "." name) (lib.attrNames (builtins.readDir ./3modules)))); + overlays.default = import ./5pkgs/default.nix; nixosConfigurations = lib.genAttrs ["x" "tsp" ] (host: nixpkgs.lib.nixosSystem rec { system = "x86_64-linux"; specialArgs = { @@ -45,7 +46,7 @@ pkgs = import nixpkgs { inherit system; config.allowUnfree = true; - overlays = [(self: super: { stockholm.lib = stockholm.lib; })] ; + overlays = [(self: super: { inherit (self.writers) writeDash writeDashBin; stockholm.lib = stockholm.lib; }) self.overlays.default] ; }; }; modules = [ |