satellite/hosts/nixos/lapetus/filesystems/zfs.nix

{ config, pkgs, ... }:
let secretMountpoint = "/hermes";
in
{
  # Configure ZFS
  boot.supportedFilesystems = [ "zfs" "ext4" ];
  boot.zfs.extraPools = [ "zroot" ];
  boot.zfs.requestEncryptionCredentials = [ "secure" ];
  boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
  boot.kernelParams = [ "nohibernate" ];

  fileSystems."/hermes" = {
    neededForBoot = true;
    device = "/dev/disk/by-uuid/9f795d9c-5ee0-4c53-a5bf-97767cd9a30b";
    fsType = "ext4";
    options = [ "x-systemd.automount" "nofail" ];
  };

  # # {{{ Mount usb for zfs secrets
  # boot.initrd.systemd.mounts = [{
  #   where = "/hermes";
  #   what = "/dev/sdb";
  #
  #   # The usb contains sensitive data that should only be readable to root
  #   # mountConfig.DirectoryMode = "0750";
  #
  #   wantedBy = [ "zfs-import.target" ];
  #   before = [ "zfs-import.target" ];
  # }];
  # # }}}

  boot.initrd.systemd.services = {
    # # {{{ Rollback 
    # rollback = {
    #   path = [ pkgs.zfs ];
    #   serviceConfig = {
    #     Type = "oneshot";
    #     RemainAfterExit = true;
    #   };
    #   unitConfig.DefaultDependencies = "no";
    #   wantedBy = [ "initrd.target" ];
    #   after = [ "zfs-import.target" ];
    #   before = [ "sysroot.mount" ];
    #   script = "zfs rollback -r zroot@blank";
    # };
    # # }}}
  };
}
Use systemd mounts instead of handwritten script 2024-01-17 11:16:36 +01:00			`{ config, pkgs, ... }:`
			`let secretMountpoint = "/hermes";`
			`in`
			`{`
Missing file + removed option 2023-07-18 16:39:38 +02:00			`# Configure ZFS`
Update hermes mount options 2024-01-18 05:19:53 +01:00			`boot.supportedFilesystems = [ "zfs" "ext4" ];`
Missing file + removed option 2023-07-18 16:39:38 +02:00			`boot.zfs.extraPools = [ "zroot" ];`
Attempt to make zfs not load keys for root 2024-01-18 03:04:56 +01:00			`boot.zfs.requestEncryptionCredentials = [ "secure" ];`
Missing file + removed option 2023-07-18 16:39:38 +02:00			`boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;`
			`boot.kernelParams = [ "nohibernate" ];`

Attempt to use nixos filesystems to mount usb 2024-01-18 01:47:25 +01:00			`fileSystems."/hermes" = {`
			`neededForBoot = true;`
Update hermes mount options 2024-01-18 05:19:53 +01:00			`device = "/dev/disk/by-uuid/9f795d9c-5ee0-4c53-a5bf-97767cd9a30b";`
			`fsType = "ext4";`
			`options = [ "x-systemd.automount" "nofail" ];`
Attempt to use nixos filesystems to mount usb 2024-01-18 01:47:25 +01:00			`};`
Prepare lapetus reinstall 2024-01-17 08:31:33 +01:00
Attempt to use nixos filesystems to mount usb 2024-01-18 01:47:25 +01:00			`# # {{{ Mount usb for zfs secrets`
			`# boot.initrd.systemd.mounts = [{`
			`# where = "/hermes";`
			`# what = "/dev/sdb";`
			`#`
			`# # The usb contains sensitive data that should only be readable to root`
			`# # mountConfig.DirectoryMode = "0750";`
			`#`
			`# wantedBy = [ "zfs-import.target" ];`
			`# before = [ "zfs-import.target" ];`
			`# }];`
			`# # }}}`
Prepare lapetus reinstall 2024-01-17 08:31:33 +01:00
Use systemd mounts instead of handwritten script 2024-01-17 11:16:36 +01:00			`boot.initrd.systemd.services = {`
			`# # {{{ Rollback`
			`# rollback = {`
			`# path = [ pkgs.zfs ];`
			`# serviceConfig = {`
			`# Type = "oneshot";`
			`# RemainAfterExit = true;`
			`# };`
			`# unitConfig.DefaultDependencies = "no";`
			`# wantedBy = [ "initrd.target" ];`
			`# after = [ "zfs-import.target" ];`
			`# before = [ "sysroot.mount" ];`
			`# script = "zfs rollback -r zroot@blank";`
			`# };`
			`# # }}}`
			`};`
Missing file + removed option 2023-07-18 16:39:38 +02:00			`}`