got impermanence to wipe drive

2024-12-08 21:58:11 -06:00 · 2024-12-08 21:58:11 -06:00 · 848c57caa0
commit 848c57caa0
parent d2b3f0116e
10 changed files with 281 additions and 234 deletions
--- a/configurations/nixos/defiant/disko-config.nix
+++ b/configurations/nixos/defiant/disko-config.nix
@ -1,26 +1,4 @@
-{...}: let
-  bootDisk = devicePath: {
-    type = "disk";
-    device = devicePath;
-    content = {
-      type = "gpt";
-      partitions = {
-        boot = {
-          size = "1M";
-          type = "EF02"; # for grub MBR
-        };
-        ESP = {
-          size = "1G";
-          type = "EF00";
-          content = {
-            type = "filesystem";
-            format = "vfat";
-            mountpoint = "/boot";
-          };
-        };
-      };
-    };
-  };
+{lib, ...}: let
  zfsDisk = devicePath: {
    type = "disk";
    device = devicePath;
@ -37,41 +15,41 @@
      };
    };
  };
-  # cacheDisk = devicePath: swapSize: {
-  #   type = "disk";
-  #   device = devicePath;
-  #   content = {
-  #     type = "gpt";
-  #     partitions = {
-  #       encryptedSwap = {
-  #         size = swapSize;
-  #         content = {
-  #           type = "swap";
-  #           randomEncryption = true;
-  #           discardPolicy = "both";
-  #           resumeDevice = true;
-  #         };
-  #       };
-  #       zfs = {
-  #         size = "100%";
-  #         content = {
-  #           type = "zfs";
-  #           pool = "rpool";
-  #         };
-  #       };
-  #     };
-  #   };
-  # };
+  cacheDisk = devicePath: {
+    type = "disk";
+    device = devicePath;
+    content = {
+      type = "gpt";
+      partitions = {
+        # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA
+        ESP = {
+          size = "64M";
+          type = "EF00";
+          content = {
+            type = "filesystem";
+            format = "vfat";
+            mountpoint = "/boot";
+            mountOptions = ["umask=0077"];
+          };
+        };
+        zfs = {
+          size = "100%";
+          content = {
+            type = "zfs";
+            pool = "rpool";
+          };
+        };
+      };
+    };
+  };
 in {
  disko.devices = {
    disk = {
-      boot = bootDisk "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0";
+      hd_18_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB";
+      hd_18_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC";
+      hd_18_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH";

-      hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB";
-      hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC";
-      hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH";
-
-      # ssd_2_tb_a = cacheDisk "64G" "/dev/disk/by-id/XXX";
+      ssd_4_tb_a = cacheDisk "/dev/disk/by-id/nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F";
    };
    zpool = {
      rpool = {
@ -84,58 +62,106 @@ in {
                # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs???
                mode = "mirror";
                members = [
-                  "hd_13_tb_a"
-                  "hd_13_tb_b"
-                  "hd_13_tb_c"
+                  "hd_18_tb_a"
+                  "hd_18_tb_b"
+                  "hd_18_tb_c"
                ];
              }
            ];
-            cache = [];
-            # cache = [ "ssd_2_tb_a" ];z
+            cache = ["ssd_4_tb_a"];
          };
        };

        options = {
          ashift = "12";
+          autotrim = "on";
        };

-        rootFsOptions = {
-          # encryption = "on";
-          # keyformat = "hex";
-          # keylocation = "prompt";
-          compression = "lz4";
-          xattr = "sa";
-          acltype = "posixacl";
-          canmount = "off";
-          "com.sun:auto-snapshot" = "false";
-        };
+        rootFsOptions =
+          {
+            canmount = "off";
+            mountpoint = "none";
+
+            xattr = "sa";
+            acltype = "posixacl";
+            relatime = "on";
+
+            compression = "lz4";
+
+            "com.sun:auto-snapshot" = "false";
+          }
+          # TODO: have an option to enable encryption
+          // lib.attrsets.optionalAttrs false {
+            encryption = "on";
+            keyformat = "hex";
+            keylocation = "prompt";
+          };

        datasets = {
-          root = {
+          # local datasets are for data that should be considered ephemeral
+          "local" = {
            type = "zfs_fs";
-            mountpoint = "/";
-            options.mountpoint = "legacy";
-            postCreateHook = "zfs snapshot rpool/root@blank";
+            options.canmount = "off";
          };
-          home = {
-            type = "zfs_fs";
-            options.mountpoint = "legacy";
-            mountpoint = "/home";
-            postCreateHook = "zfs snapshot rpool/home@blank";
-          };
-          nix = {
+          # the nix directory is local because its all generable from our configuration
+          "local/system/nix" = {
            type = "zfs_fs";
            mountpoint = "/nix";
-          };
-          persistent = {
-            type = "zfs_fs";
-            mountpoint = "/persistent";
            options = {
-              "com.sun:auto-snapshot" = "true";
+              atime = "off";
+              relatime = "off";
+              canmount = "on";
            };
          };
+          "local/system/root" = {
+            type = "zfs_fs";
+            mountpoint = "/";
+            options = {
+              canmount = "on";
+            };
+            postCreateHook = ''
+              zfs snapshot rpool/local/system/root@blank
+            '';
+          };
+          "local/home/leyla" = {
+            type = "zfs_fs";
+            mountpoint = "/home/leyla";
+            options = {
+              canmount = "on";
+            };
+            postCreateHook = ''
+              zfs snapshot rpool/local/home/leyla@blank
+            '';
+          };
+
+          # persist datasets are datasets that contain information that we would like to keep around
+          "persist" = {
+            type = "zfs_fs";
+            options.canmount = "off";
+          };
+          "persist/system/root" = {
+            type = "zfs_fs";
+            mountpoint = "/persist/system/root";
+            options = {
+              "com.sun:auto-snapshot" = "true";
+              mountpoint = "/persist/system/root";
+            };
+          };
+          "persist/home/leyla" = {
+            type = "zfs_fs";
+            mountpoint = "/persist/home/leyla";
+            options = {
+              "com.sun:auto-snapshot" = "true";
+              mountpoint = "/persist/home/leyla";
+            };
+          };
+
+          # TODO: separate dataset for logs that wont participate in snapshots and rollbacks with the rest of the system
        };
      };
    };
  };
+  networking = {
+    hostId = "c51763d6";
+  };
 }