1
Fork 0

Do not encrypt zfs root & add lapetus script

This commit is contained in:
Matei Adriel 2024-01-18 02:24:34 +01:00
parent f211bbd63d
commit 53b582118a
No known key found for this signature in database
3 changed files with 50 additions and 13 deletions

View file

@ -8,8 +8,9 @@
# Mark a bunch of paths as needed for boot
fileSystems = lib.attrsets.genAttrs
[ "/" "/nix" "/persist/data" "/persist/state" "/persist/local/cache" "/boot" ]
(_: {
(p: {
neededForBoot = true;
depends = [ "/hermes" ];
# We need the extra check to allow nix to topologically sort everything
depends = lib.mkIf (p != "/") [ "/hermes" ];
});
}

View file

@ -52,28 +52,30 @@
rootFsOptions = {
compression = "lz4";
"com.sun:auto-snapshot" = "false";
encryption = "aes-256-gcm";
keyformat = "passphrase";
keylocation = "file:///hermes/secrets/lapetus/disk.key";
};
# {{{ Datasets
datasets = {
"root/persist/data" = {
"secure" = {
encryption = "aes-256-gcm";
keyformat = "passphrase";
keylocation = "file:///hermes/secrets/lapetus/disk.key";
};
"secure/persist/data" = {
type = "zfs_fs";
mountpoint = "/persist/data";
options."com.sun:auto-snapshot" = "true";
};
"root/persist/state" = {
"secure/persist/state" = {
type = "zfs_fs";
mountpoint = "/persist/state";
options."com.sun:auto-snapshot" = "true";
};
"root/local/nix" = {
"secure/local/nix" = {
type = "zfs_fs";
mountpoint = "/nix";
};
"root/local/cache" = {
"secure/local/cache" = {
type = "zfs_fs";
mountpoint = "/persist/local/cache";
};

View file

@ -1,11 +1,45 @@
# Check if at least one argument is provided
if [ "$#" -eq 0 ]; then
echo "Usage: $0 <disko-mode> [action]"
exit 1
fi
# Ensure correct first argument type
if [ "$1" != "disko" ] && [ "$1" != "mount" ]; then
echo "Disko action must be either 'disko' or 'mount'"
exit 1
fi
# Ensure correct second argument type
if [ "$#" != "1" ] && [ "$2" != "install" ] && [ "$2" != "enter" ]; then
echo "Action must either be empty, 'install' or 'enter'"
exit 1
fi
echo "Entering shells..."
exec nix-shell ./devshells/bootstrap/shell.nix
exec nix shell disko
echo "Mounting keys"
sudo mkdir /hermes
sudo mount /dev/disk/by-uuid/7FE7-CA68 /hermes
echo "Importing zfs pool"
echo "Running disko"
if [ "$1" -eq "mount" ]; then
sudo zpool import -lfR /mnt zroot
echo "Mounting zfs filesystem"
sudo disko --mode mount ./hosts/nixos/lapetus/filesystems/partitions.nix
fi
sudo disko --mode $1 ./hosts/nixos/lapetus/filesystems/partitions.nix
if [ "$2" = "install" ]; then
echo "Installing nixos"
sudo nixos-install --flake ".#lapetus"
fi
if [ "$2" = "enter" ]; then
echo "Entering nixos"
sudo nixos-enter --root /mnt
fi
echo "All done!"