1
Fork 0
satellite/hosts/nixos/lapetus/filesystems/zfs.nix

42 lines
1.1 KiB
Nix
Raw Normal View History

{ config, pkgs, ... }:
let secretMountpoint = "/hermes";
in
{
2023-07-18 16:39:38 +02:00
# Configure ZFS
boot.supportedFilesystems = [ "zfs" ];
boot.zfs.extraPools = [ "zroot" ];
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
boot.kernelParams = [ "nohibernate" ];
# {{{ Mount usb for zfs secrets
boot.initrd.systemd.systemd.mounts.hermes = {
where = "/hermes";
what = "/dev/sdb";
type = "exfat";
2024-01-17 08:31:33 +01:00
# The usb contains sensitive data that should only be readable to root
mountConfig.DirectoryMode = "0750";
2024-01-17 08:31:33 +01:00
wantedBy = [ "zfs-import.target" ];
before = [ "zfs-import.target" ];
};
# }}}
2024-01-17 08:31:33 +01:00
boot.initrd.systemd.services = {
# # {{{ Rollback
# rollback = {
# path = [ pkgs.zfs ];
# serviceConfig = {
# Type = "oneshot";
# RemainAfterExit = true;
# };
# unitConfig.DefaultDependencies = "no";
# wantedBy = [ "initrd.target" ];
# after = [ "zfs-import.target" ];
# before = [ "sysroot.mount" ];
# script = "zfs rollback -r zroot@blank";
# };
# # }}}
};
2023-07-18 16:39:38 +02:00
}