49 lines
1.3 KiB
Nix
49 lines
1.3 KiB
Nix
{ config, pkgs, ... }:
|
|
let secretMountpoint = "/hermes";
|
|
in
|
|
{
|
|
# Configure ZFS
|
|
boot.supportedFilesystems = [ "zfs" "ext4" ];
|
|
boot.zfs.extraPools = [ "zroot" ];
|
|
boot.zfs.requestEncryptionCredentials = [ "secure" ];
|
|
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
|
boot.kernelParams = [ "nohibernate" ];
|
|
|
|
fileSystems."/hermes" = {
|
|
neededForBoot = true;
|
|
device = "/dev/disk/by-uuid/9f795d9c-5ee0-4c53-a5bf-97767cd9a30b";
|
|
fsType = "ext4";
|
|
options = [ "x-systemd.automount" "nofail" ];
|
|
};
|
|
|
|
# # {{{ Mount usb for zfs secrets
|
|
# boot.initrd.systemd.mounts = [{
|
|
# where = "/hermes";
|
|
# what = "/dev/sdb";
|
|
#
|
|
# # The usb contains sensitive data that should only be readable to root
|
|
# # mountConfig.DirectoryMode = "0750";
|
|
#
|
|
# wantedBy = [ "zfs-import.target" ];
|
|
# before = [ "zfs-import.target" ];
|
|
# }];
|
|
# # }}}
|
|
|
|
boot.initrd.systemd.services = {
|
|
# # {{{ Rollback
|
|
# rollback = {
|
|
# path = [ pkgs.zfs ];
|
|
# serviceConfig = {
|
|
# Type = "oneshot";
|
|
# RemainAfterExit = true;
|
|
# };
|
|
# unitConfig.DefaultDependencies = "no";
|
|
# wantedBy = [ "initrd.target" ];
|
|
# after = [ "zfs-import.target" ];
|
|
# before = [ "sysroot.mount" ];
|
|
# script = "zfs rollback -r zroot@blank";
|
|
# };
|
|
# # }}}
|
|
};
|
|
}
|