From 53b582118aa50cb91845903efb9c668d5eabbe41 Mon Sep 17 00:00:00 2001
From: Matei Adriel <rafaeladriel11@gmail.com>
Date: Thu, 18 Jan 2024 02:24:34 +0100
Subject: [PATCH] Do not encrypt zfs root & add lapetus script
---
hosts/nixos/lapetus/filesystems/default.nix | 5 ++-
.../nixos/lapetus/filesystems/partitions.nix | 16 +++----
scripts/emergency-lapetus.sh | 42 +++++++++++++++++--
3 files changed, 50 insertions(+), 13 deletions(-)
diff --git a/hosts/nixos/lapetus/filesystems/default.nix b/hosts/nixos/lapetus/filesystems/default.nix
index 46e5520..c809b1d 100644
--- a/hosts/nixos/lapetus/filesystems/default.nix
+++ b/hosts/nixos/lapetus/filesystems/default.nix
@@ -8,8 +8,9 @@
# Mark a bunch of paths as needed for boot
fileSystems = lib.attrsets.genAttrs
[ "/" "/nix" "/persist/data" "/persist/state" "/persist/local/cache" "/boot" ]
- (_: {
+ (p: {
neededForBoot = true;
- depends = [ "/hermes" ];
+ # We need the extra check to allow nix to topologically sort everything
+ depends = lib.mkIf (p != "/") [ "/hermes" ];
});
}
diff --git a/hosts/nixos/lapetus/filesystems/partitions.nix b/hosts/nixos/lapetus/filesystems/partitions.nix
index 4950ba6..2308197 100644
--- a/hosts/nixos/lapetus/filesystems/partitions.nix
+++ b/hosts/nixos/lapetus/filesystems/partitions.nix
@@ -52,28 +52,30 @@
rootFsOptions = {
compression = "lz4";
"com.sun:auto-snapshot" = "false";
- encryption = "aes-256-gcm";
- keyformat = "passphrase";
- keylocation = "file:///hermes/secrets/lapetus/disk.key";
};
# {{{ Datasets
datasets = {
- "root/persist/data" = {
+ "secure" = {
+ encryption = "aes-256-gcm";
+ keyformat = "passphrase";
+ keylocation = "file:///hermes/secrets/lapetus/disk.key";
+ };
+ "secure/persist/data" = {
type = "zfs_fs";
mountpoint = "/persist/data";
options."com.sun:auto-snapshot" = "true";
};
- "root/persist/state" = {
+ "secure/persist/state" = {
type = "zfs_fs";
mountpoint = "/persist/state";
options."com.sun:auto-snapshot" = "true";
};
- "root/local/nix" = {
+ "secure/local/nix" = {
type = "zfs_fs";
mountpoint = "/nix";
};
- "root/local/cache" = {
+ "secure/local/cache" = {
type = "zfs_fs";
mountpoint = "/persist/local/cache";
};
diff --git a/scripts/emergency-lapetus.sh b/scripts/emergency-lapetus.sh
index 3e9db6a..bfa2caa 100755
--- a/scripts/emergency-lapetus.sh
+++ b/scripts/emergency-lapetus.sh
@@ -1,11 +1,45 @@
+# Check if at least one argument is provided
+if [ "$#" -eq 0 ]; then
+ echo "Usage: $0 <disko-mode> [action]"
+ exit 1
+fi
+
+# Ensure correct first argument type
+if [ "$1" != "disko" ] && [ "$1" != "mount" ]; then
+ echo "Disko action must be either 'disko' or 'mount'"
+ exit 1
+fi
+
+# Ensure correct second argument type
+if [ "$#" != "1" ] && [ "$2" != "install" ] && [ "$2" != "enter" ]; then
+ echo "Action must either be empty, 'install' or 'enter'"
+ exit 1
+fi
+
echo "Entering shells..."
exec nix-shell ./devshells/bootstrap/shell.nix
exec nix shell disko
+
echo "Mounting keys"
sudo mkdir /hermes
sudo mount /dev/disk/by-uuid/7FE7-CA68 /hermes
-echo "Importing zfs pool"
-sudo zpool import -lfR /mnt zroot
-echo "Mounting zfs filesystem"
-sudo disko --mode mount ./hosts/nixos/lapetus/filesystems/partitions.nix
+
+echo "Running disko"
+
+if [ "$1" -eq "mount" ]; then
+ sudo zpool import -lfR /mnt zroot
+fi
+
+sudo disko --mode $1 ./hosts/nixos/lapetus/filesystems/partitions.nix
+
+if [ "$2" = "install" ]; then
+ echo "Installing nixos"
+ sudo nixos-install --flake ".#lapetus"
+fi
+
+if [ "$2" = "enter" ]; then
+ echo "Entering nixos"
+ sudo nixos-enter --root /mnt
+fi
+
echo "All done!"