Do not encrypt zfs root & add lapetus script
This commit is contained in:
Matei Adriel
parent
f211bbd63d
commit
53b582118a
|
|
@ -8,8 +8,9 @@
|
|||
# Mark a bunch of paths as needed for boot
|
||||
fileSystems = lib.attrsets.genAttrs
|
||||
[ "/" "/nix" "/persist/data" "/persist/state" "/persist/local/cache" "/boot" ]
|
||||
(_: {
|
||||
(p: {
|
||||
neededForBoot = true;
|
||||
depends = [ "/hermes" ];
|
||||
# We need the extra check to allow nix to topologically sort everything
|
||||
depends = lib.mkIf (p != "/") [ "/hermes" ];
|
||||
});
|
||||
}
|
||||
|
|
|
|||
|
|
@ -52,28 +52,30 @@
|
|||
rootFsOptions = {
|
||||
compression = "lz4";
|
||||
"com.sun:auto-snapshot" = "false";
|
||||
encryption = "aes-256-gcm";
|
||||
keyformat = "passphrase";
|
||||
keylocation = "file:///hermes/secrets/lapetus/disk.key";
|
||||
};
|
||||
|
||||
# {{{ Datasets
|
||||
datasets = {
|
||||
"root/persist/data" = {
|
||||
"secure" = {
|
||||
encryption = "aes-256-gcm";
|
||||
keyformat = "passphrase";
|
||||
keylocation = "file:///hermes/secrets/lapetus/disk.key";
|
||||
};
|
||||
"secure/persist/data" = {
|
||||
type = "zfs_fs";
|
||||
mountpoint = "/persist/data";
|
||||
options."com.sun:auto-snapshot" = "true";
|
||||
};
|
||||
"root/persist/state" = {
|
||||
"secure/persist/state" = {
|
||||
type = "zfs_fs";
|
||||
mountpoint = "/persist/state";
|
||||
options."com.sun:auto-snapshot" = "true";
|
||||
};
|
||||
"root/local/nix" = {
|
||||
"secure/local/nix" = {
|
||||
type = "zfs_fs";
|
||||
mountpoint = "/nix";
|
||||
};
|
||||
"root/local/cache" = {
|
||||
"secure/local/cache" = {
|
||||
type = "zfs_fs";
|
||||
mountpoint = "/persist/local/cache";
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,11 +1,45 @@
|
|||
# Check if at least one argument is provided
|
||||
if [ "$#" -eq 0 ]; then
|
||||
echo "Usage: $0 <disko-mode> [action]"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Ensure correct first argument type
|
||||
if [ "$1" != "disko" ] && [ "$1" != "mount" ]; then
|
||||
echo "Disko action must be either 'disko' or 'mount'"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Ensure correct second argument type
|
||||
if [ "$#" != "1" ] && [ "$2" != "install" ] && [ "$2" != "enter" ]; then
|
||||
echo "Action must either be empty, 'install' or 'enter'"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Entering shells..."
|
||||
exec nix-shell ./devshells/bootstrap/shell.nix
|
||||
exec nix shell disko
|
||||
|
||||
echo "Mounting keys"
|
||||
sudo mkdir /hermes
|
||||
sudo mount /dev/disk/by-uuid/7FE7-CA68 /hermes
|
||||
echo "Importing zfs pool"
|
||||
sudo zpool import -lfR /mnt zroot
|
||||
echo "Mounting zfs filesystem"
|
||||
sudo disko --mode mount ./hosts/nixos/lapetus/filesystems/partitions.nix
|
||||
|
||||
echo "Running disko"
|
||||
|
||||
if [ "$1" -eq "mount" ]; then
|
||||
sudo zpool import -lfR /mnt zroot
|
||||
fi
|
||||
|
||||
sudo disko --mode $1 ./hosts/nixos/lapetus/filesystems/partitions.nix
|
||||
|
||||
if [ "$2" = "install" ]; then
|
||||
echo "Installing nixos"
|
||||
sudo nixos-install --flake ".#lapetus"
|
||||
fi
|
||||
|
||||
if [ "$2" = "enter" ]; then
|
||||
echo "Entering nixos"
|
||||
sudo nixos-enter --root /mnt
|
||||
fi
|
||||
|
||||
echo "All done!"
|
||||
|
|
|
|||
Loading…
Reference in a new issue