fs: single-disk-encrypted-zfs takes hostId as parameter

This commit is contained in:
makefu 2023-06-14 23:37:38 +02:00
parent b9a5d97bf8
commit a2040ce915
5 changed files with 12 additions and 75 deletions

View file

@ -13,7 +13,8 @@
(self + "/2configs/editor/neovim") (self + "/2configs/editor/neovim")
(self + "/2configs/tools/core.nix") (self + "/2configs/tools/core.nix")
# (self + "/2configs/tools/all.nix") # (self + "/2configs/tools/all.nix")
(self + "/2configs/fs/disko/single-disk-bcachefs.nix")
((import ../../2configs/fs/disko/single-disk-encrypted-zfs.nix ) { disks = ["/dev/sda" ]; hostId = "f8b8e0a2"; })
# hardware specifics are in here # hardware specifics are in here
(self + "/2configs/hw/bluetooth.nix") (self + "/2configs/hw/bluetooth.nix")
(self + "/2configs/hw/network-manager.nix") (self + "/2configs/hw/network-manager.nix")

View file

@ -1,70 +0,0 @@
{ ... }:
let
disk = "/dev/nvme0n1";
in {
disko.devices = {
disk = {
nvme = {
type = "disk";
device = disk;
content = {
type = "table";
format = "gpt";
partitions = [
{
name = "ESP";
start = "0";
end = "512MiB";
fs-type = "fat32";
bootable = true;
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
}
{
name = "zfs";
start = "512MiB";
end = "100%";
content = {
type = "zfs";
pool = "tank";
};
}
];
};
};
};
zpool = {
tank = {
type = "zpool";
rootFsOptions = {
compression = "lz4";
#reservation = "5G";
"com.sun:auto-snapshot" = "false";
};
mountpoint = null;
postCreateHook = "zfs snapshot tank@blank";
datasets = {
root = {
type = "zfs_fs";
mountpoint = "/";
options = {
encryption = "aes-256-gcm";
keyformat = "passphrase";
"com.sun:auto-snapshot" = "true";
};
#keylocation = "file:///tmp/secret.key";
};
"root/home" = {
type = "zfs_fs";
mountpoint = "/home";
};
};
};
};
};
}

View file

@ -1,8 +1,13 @@
{ disks ? [ "/dev/nvme0n1" ], ... }: { disks ? [ "/dev/nvme0n1" ], hostId, ... }:
let let
disk = builtins.elemAt disks 0; disk = builtins.elemAt disks 0;
in { in {
boot.zfs.requestEncryptionCredentials = true;
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ];
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot.enable = true;
networking.hostId = hostId;
disko.devices = { disko.devices = {
disk = { disk = {
nvme = { nvme = {

View file

@ -169,8 +169,8 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1686400260, "lastModified": 1686598920,
"narHash": "sha256-nW2GqH3yYZl5XRYHN4MpaaO4r01GNEMSPjklJmdIUic=", "narHash": "sha256-kLTqf7tiND/siBJUwOPfCQ02HVyOtxju47PNbeU5Ef4=",
"path": "/home/makefu/stockholm-flakes", "path": "/home/makefu/stockholm-flakes",
"type": "path" "type": "path"
}, },

View file

@ -38,6 +38,7 @@
(name: !lib.hasPrefix "." name) (name: !lib.hasPrefix "." name)
(lib.attrNames (builtins.readDir ./3modules)))); (lib.attrNames (builtins.readDir ./3modules))));
overlays.default = import ./5pkgs/default.nix;
nixosConfigurations = lib.genAttrs ["x" "tsp" ] (host: nixpkgs.lib.nixosSystem rec { nixosConfigurations = lib.genAttrs ["x" "tsp" ] (host: nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = {
@ -45,7 +46,7 @@
pkgs = import nixpkgs { pkgs = import nixpkgs {
inherit system; inherit system;
config.allowUnfree = true; config.allowUnfree = true;
overlays = [(self: super: { stockholm.lib = stockholm.lib; })] ; overlays = [(self: super: { inherit (self.writers) writeDash writeDashBin; stockholm.lib = stockholm.lib; }) self.overlays.default] ;
}; };
}; };
modules = [ modules = [