From abd60eceefa898d9d8d6e759c5e12d0b5d13bcf7 Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Wed, 4 Sep 2024 10:31:06 -0500 Subject: [PATCH] WIP beefcake disk setup --- disko/default.nix | 249 ++++++++++++++++++++++++++++++++++----------- flake.nix | 2 +- nixos/beefcake.nix | 8 +- 3 files changed, 195 insertions(+), 64 deletions(-) diff --git a/disko/default.nix b/disko/default.nix index f26dabe..d5cc0a0 100644 --- a/disko/default.nix +++ b/disko/default.nix @@ -1,4 +1,6 @@ -{ +{lib, ...}: let + inherit (lib.attrSets) mapAttrs' filterAttrs; +in { standardWithHibernateSwap = { disks ? ["/dev/sda"], swapSize, @@ -138,67 +140,7 @@ }; }; }; - # TODO: figure out what I can't have an optiona/default 'name' attribute here so I can DRY with "standard" - thinker = {disks ? ["/dev/vda"], ...}: { - disko.devices = { - disk = { - vdb = { - type = "disk"; - device = builtins.elemAt disks 0; - content = { - type = "gpt"; - partitions = { - ESP = { - label = "EFI"; - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ - "defaults" - ]; - }; - }; - luks = { - size = "100%"; - content = { - type = "luks"; - name = "crypted"; - extraOpenArgs = ["--allow-discards"]; - # if you want to use the key for interactive login be sure there is no trailing newline - # for example use `echo -n "password" > /tmp/secret.key` - keyFile = "/tmp/secret.key"; # Interactive - # settings.keyFile = "/tmp/password.key"; - # additionalKeyFiles = ["/tmp/additionalSecret.key"]; - content = { - type = "btrfs"; - extraArgs = ["-f"]; - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = ["compress=zstd" "noatime"]; - }; - "/home" = { - mountpoint = "/home"; - mountOptions = ["compress=zstd" "noatime"]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = ["compress=zstd" "noatime"]; - }; - }; - }; - }; - }; - }; - }; - }; - }; - }; - }; + unencrypted = {disks ? ["/dev/vda"], ...}: { disko.devices = { disk = { @@ -249,6 +191,189 @@ }; }; }; + beefcake = {disks, ...}: let + zpools = { + zroot = { + name = "zroot"; + config = { + type = "zpool"; + mode = "mirror"; + rootFsOptions = { + compression = "zstd"; + "com.sun:auto-snapshot" = "false"; + }; + mountpoint = "/"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; + + datasets = { + zfs_fs = { + type = "zfs_fs"; + mountpoint = "/zfs_fs"; + options."com.sun:auto-snapshot" = "true"; + }; + zfs_unmounted_fs = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + zfs_legacy_fs = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/zfs_legacy_fs"; + }; + zfs_testvolume = { + type = "zfs_volume"; + size = "10M"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/ext4onzfs"; + }; + }; + encrypted = { + type = "zfs_fs"; + options = { + mountpoint = "none"; + encryption = "aes-256-gcm"; + keyformat = "passphrase"; + keylocation = "file:///tmp/secret.key"; + }; + # use this to read the key during boot + # postCreateHook = '' + # zfs set keylocation="prompt" "zroot/$name"; + # ''; + }; + "encrypted/test" = { + type = "zfs_fs"; + mountpoint = "/zfs_crypted"; + }; + }; + }; + }; + zstorage = { + name = "zstorage"; + config = {}; + }; + }; + diskClass = { + storage = { + type = "zfs"; + pool = zpools.zroot.name; + }; + boot = { + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = zpools.zroot.name; + }; + }; + }; + }; + }; + }; + bootDisks = { + "/dev/sdi" = { + name = "i"; + enable = true; + }; + "/dev/sdj" = { + name = "j"; + enable = true; + }; # TODO: join current boot drive to new boot pool + }; + storageDisks = { + "/dev/sda" = { + enable = true; + name = "a"; + }; + "/dev/sdb" = { + enable = true; + name = "b"; + }; + "/dev/sdc" = { + enable = true; + name = "c"; + }; + "/dev/sdd" = { + enable = true; + name = "d"; + }; + + # TODO: start small + "/dev/sde" = { + enable = false; + name = "e"; + }; + "/dev/sdf" = { + enable = false; + name = "f"; + }; + "/dev/sdg" = { + enable = false; + name = "g"; + }; + "/dev/sdh" = { + enable = false; + name = "h"; + }; + + # gap for two boot drives + + "/dev/sdk" = { + enable = false; + name = "k"; + }; + "/dev/sdl" = { + enable = false; + name = "l"; + }; + "/dev/sdm" = { + enable = false; + name = "m"; + }; + "/dev/sdn" = { + enable = false; + name = "n"; + }; + }; + + diskoBoot = mapAttrs' (device: {name, ...}: { + name = "boot-${name}"; + value = { + inherit device; + type = "disk"; + content = diskClass.boot.content; + }; + }) (filterAttrs (_: {enable, ...}: enable) bootDisks); + + diskoStorage = mapAttrs' (device: {name, ...}: { + name = "storage-${name}"; + value = { + inherit device; + type = "disk"; + content = diskClass.storage.content; + }; + }) (filterAttrs (_: {enable, ...}: enable) storageDisks); + in { + disko.devices = { + disk = diskoBoot / diskoStorage; + zpool = { + zroot = zpools.zroot.config; + }; + }; + }; legacy = {disks ? ["/dev/vda"], ...}: { disko.devices = { disk = { diff --git a/flake.nix b/flake.nix index 8eb169b..55de280 100644 --- a/flake.nix +++ b/flake.nix @@ -107,7 +107,7 @@ # overlay I did this to work around some recursion problems # TODO: https://discourse.nixos.org/t/infinite-recursion-getting-started-with-overlays/48880 packages = genPkgs (pkgs: {inherit (pkgs) iosevkaLyteTerm iosevkaLyteTermSubset nix-base-container-image;}); - diskoConfigurations = import ./disko; + diskoConfigurations = import ./disko {inherit (nixpkgs) lib;}; templates = import ./templates; formatter = genPkgs (p: p.alejandra); diff --git a/nixos/beefcake.nix b/nixos/beefcake.nix index 3908bb6..7be19a9 100644 --- a/nixos/beefcake.nix +++ b/nixos/beefcake.nix @@ -15,7 +15,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 pkgs, ... }: { - system.stateVersion = "22.05"; + system.stateVersion = "24.05"; home-manager.users.daniel.home.stateVersion = "24.05"; networking.hostName = "beefcake"; @@ -49,6 +49,9 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 # ]; # }; } + { + boot.kernelParams = ["nohibernate"]; + } { # sops secrets stuff sops = { @@ -1345,6 +1348,9 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 # }; }; environment.systemPackages = with pkgs; [ + btrfs-progs + zfs + smartmontools htop bottom curl