1
Fork 0

Do not encrypt zfs root & add lapetus script

This commit is contained in:
Matei Adriel 2024-01-18 02:24:34 +01:00
parent f211bbd63d
commit 53b582118a
No known key found for this signature in database
3 changed files with 50 additions and 13 deletions

View file

@ -8,8 +8,9 @@
# Mark a bunch of paths as needed for boot # Mark a bunch of paths as needed for boot
fileSystems = lib.attrsets.genAttrs fileSystems = lib.attrsets.genAttrs
[ "/" "/nix" "/persist/data" "/persist/state" "/persist/local/cache" "/boot" ] [ "/" "/nix" "/persist/data" "/persist/state" "/persist/local/cache" "/boot" ]
(_: { (p: {
neededForBoot = true; neededForBoot = true;
depends = [ "/hermes" ]; # We need the extra check to allow nix to topologically sort everything
depends = lib.mkIf (p != "/") [ "/hermes" ];
}); });
} }

View file

@ -52,28 +52,30 @@
rootFsOptions = { rootFsOptions = {
compression = "lz4"; compression = "lz4";
"com.sun:auto-snapshot" = "false"; "com.sun:auto-snapshot" = "false";
encryption = "aes-256-gcm";
keyformat = "passphrase";
keylocation = "file:///hermes/secrets/lapetus/disk.key";
}; };
# {{{ Datasets # {{{ Datasets
datasets = { datasets = {
"root/persist/data" = { "secure" = {
encryption = "aes-256-gcm";
keyformat = "passphrase";
keylocation = "file:///hermes/secrets/lapetus/disk.key";
};
"secure/persist/data" = {
type = "zfs_fs"; type = "zfs_fs";
mountpoint = "/persist/data"; mountpoint = "/persist/data";
options."com.sun:auto-snapshot" = "true"; options."com.sun:auto-snapshot" = "true";
}; };
"root/persist/state" = { "secure/persist/state" = {
type = "zfs_fs"; type = "zfs_fs";
mountpoint = "/persist/state"; mountpoint = "/persist/state";
options."com.sun:auto-snapshot" = "true"; options."com.sun:auto-snapshot" = "true";
}; };
"root/local/nix" = { "secure/local/nix" = {
type = "zfs_fs"; type = "zfs_fs";
mountpoint = "/nix"; mountpoint = "/nix";
}; };
"root/local/cache" = { "secure/local/cache" = {
type = "zfs_fs"; type = "zfs_fs";
mountpoint = "/persist/local/cache"; mountpoint = "/persist/local/cache";
}; };

View file

@ -1,11 +1,45 @@
# Check if at least one argument is provided
if [ "$#" -eq 0 ]; then
echo "Usage: $0 <disko-mode> [action]"
exit 1
fi
# Ensure correct first argument type
if [ "$1" != "disko" ] && [ "$1" != "mount" ]; then
echo "Disko action must be either 'disko' or 'mount'"
exit 1
fi
# Ensure correct second argument type
if [ "$#" != "1" ] && [ "$2" != "install" ] && [ "$2" != "enter" ]; then
echo "Action must either be empty, 'install' or 'enter'"
exit 1
fi
echo "Entering shells..." echo "Entering shells..."
exec nix-shell ./devshells/bootstrap/shell.nix exec nix-shell ./devshells/bootstrap/shell.nix
exec nix shell disko exec nix shell disko
echo "Mounting keys" echo "Mounting keys"
sudo mkdir /hermes sudo mkdir /hermes
sudo mount /dev/disk/by-uuid/7FE7-CA68 /hermes sudo mount /dev/disk/by-uuid/7FE7-CA68 /hermes
echo "Importing zfs pool"
echo "Running disko"
if [ "$1" -eq "mount" ]; then
sudo zpool import -lfR /mnt zroot sudo zpool import -lfR /mnt zroot
echo "Mounting zfs filesystem" fi
sudo disko --mode mount ./hosts/nixos/lapetus/filesystems/partitions.nix
sudo disko --mode $1 ./hosts/nixos/lapetus/filesystems/partitions.nix
if [ "$2" = "install" ]; then
echo "Installing nixos"
sudo nixos-install --flake ".#lapetus"
fi
if [ "$2" = "enter" ]; then
echo "Entering nixos"
sudo nixos-enter --root /mnt
fi
echo "All done!" echo "All done!"