jan-leila/nix-config
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

made disko/impermanence config into a module

Browse source
This commit is contained in:
Leyla Becker 2024-12-10 23:43:53 -06:00
parent c28731a1a7
commit 30ad3c91b9
10 changed files with 571 additions and 466 deletions
Download patch file Download diff file Expand all files Collapse all files

34
configurations/nixos/defiant/configuration.nix
View file

@ -1,11 +1,6 @@
# server nas
{
inputs,
pkgs,
...
}: {
{pkgs, ...}: {
imports = [
inputs.disko.nixosModules.disko
# ./services.nix
];
@ -21,6 +16,33 @@
ester.isNormalUser = false;
eve.isNormalUser = false;
};
impermanence.enable = true;
storage = {
enable = true;
encryption = true;
pool = {
drives = [
"ata-ST18000NE000-3G6101_ZVTCXVEB"
"ata-ST18000NE000-3G6101_ZVTCXWSC"
"ata-ST18000NE000-3G6101_ZVTD10EH"
"ata-ST18000NT001-3NF101_ZVTE0S3Q"
"ata-ST18000NT001-3NF101_ZVTEF27J"
"ata-ST18000NT001-3NF101_ZVTEZACV"
];
cache = [
"nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"
];
# extraDatasets = {
# "persist/system/var/lib/jellyfin/media" = {
# type = "zfs_fs";
# mountpoint = "/persist/system/var/lib/jellyfin/media";
# };
# };
};
};
};
networking = {
hostId = "c51763d6";
};
# apps = {

2
configurations/nixos/defiant/default.nix
View file

@ -1,9 +1,7 @@
# server nas
{...}: {
imports = [
./disko-config.nix
./hardware-configuration.nix
./impermanence.nix
./configuration.nix
];
}

181
configurations/nixos/defiant/disko-config.nix
View file

@ -1,181 +0,0 @@
{lib, ...}: let
zfsDisk = devicePath: {
type = "disk";
device = devicePath;
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "rpool";
};
};
};
};
};
cacheDisk = devicePath: {
type = "disk";
device = devicePath;
content = {
type = "gpt";
partitions = {
# We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA
ESP = {
size = "64M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["umask=0077"];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "rpool";
};
};
};
};
};
in {
disko.devices = {
disk = {
hd_18_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB";
hd_18_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC";
hd_18_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH";
hd_18_tb_d = zfsDisk "/dev/disk/by-id/ata-ST18000NT001-3NF101_ZVTE0S3Q";
hd_18_tb_e = zfsDisk "/dev/disk/by-id/ata-ST18000NT001-3NF101_ZVTEF27J";
hd_18_tb_f = zfsDisk "/dev/disk/by-id/ata-ST18000NT001-3NF101_ZVTEZACV";
ssd_4_tb_a = cacheDisk "/dev/disk/by-id/nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F";
};
zpool = {
rpool = {
type = "zpool";
mode = {
topology = {
type = "topology";
vdev = [
{
mode = "raidz2";
members = [
"hd_18_tb_a"
"hd_18_tb_b"
"hd_18_tb_c"
"hd_18_tb_d"
"hd_18_tb_e"
"hd_18_tb_f"
];
}
];
cache = ["ssd_4_tb_a"];
};
};
options = {
ashift = "12";
autotrim = "on";
};
rootFsOptions =
{
canmount = "off";
mountpoint = "none";
xattr = "sa";
acltype = "posixacl";
relatime = "on";
compression = "lz4";
"com.sun:auto-snapshot" = "false";
}
# TODO: have an option to enable encryption
// lib.attrsets.optionalAttrs false {
encryption = "on";
keyformat = "hex";
keylocation = "prompt";
};
datasets = {
# local datasets are for data that should be considered ephemeral
"local" = {
type = "zfs_fs";
options.canmount = "off";
};
# the nix directory is local because its all generable from our configuration
"local/system/nix" = {
type = "zfs_fs";
mountpoint = "/nix";
options = {
atime = "off";
relatime = "off";
canmount = "on";
};
};
"local/system/sops" = {
type = "zfs_fs";
mountpoint = import ../../../const/sops_age_key_directory.nix;
options = {
atime = "off";
relatime = "off";
canmount = "on";
};
};
"local/system/root" = {
type = "zfs_fs";
mountpoint = "/";
options = {
canmount = "on";
};
postCreateHook = ''
zfs snapshot rpool/local/system/root@blank
'';
};
"local/home/leyla" = {
type = "zfs_fs";
mountpoint = "/home/leyla";
options = {
canmount = "on";
};
postCreateHook = ''
zfs snapshot rpool/local/home/leyla@blank
'';
};
# persist datasets are datasets that contain information that we would like to keep around
"persist" = {
type = "zfs_fs";
options.canmount = "off";
};
"persist/system/root" = {
type = "zfs_fs";
mountpoint = "/persist/system/root";
options = {
"com.sun:auto-snapshot" = "true";
mountpoint = "/persist/system/root";
};
};
"persist/home/leyla" = {
type = "zfs_fs";
mountpoint = "/persist/home/leyla";
options = {
"com.sun:auto-snapshot" = "true";
mountpoint = "/persist/home/leyla";
};
};
# TODO: separate dataset for logs that wont participate in snapshots and rollbacks with the rest of the system
};
};
};
};
networking = {
hostId = "c51763d6";
};
}

85
configurations/nixos/defiant/impermanence.nix
View file

@ -1,83 +1,4 @@
{lib, ...}: {
boot.initrd.postResumeCommands = lib.mkAfter ''
zfs rollback -r rpool/local/system/root@blank
zfs rollback -r rpool/local/home/leyla@blank
'';
# systemd.services = {
# # https://github.com/openzfs/zfs/issues/10891
# systemd-udev-settle.enable = false;
# # Snapshots are not accessible on boot for some reason this should fix it
# # https://github.com/NixOS/nixpkgs/issues/257505
# zfs-mount = {
# serviceConfig = {
# ExecStart = ["zfs mount -a -o remount"];
# # ExecStart = [
# # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/local -o remount"
# # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/persistent -o remount"
# # ];
# };
# };
# };
# boot.initrd.systemd.services.rollback = {
# description = "Rollback filesystem to a pristine state on boot";
# wantedBy = [
# "initrd.target"
# ];
# after = [
# "zfs-import-rpool.service"
# ];
# before = [
# "sysroot.mount"
# ];
# requiredBy = [
# "sysroot.mount"
# ];
# serviceConfig = {
# Type = "oneshot";
# ExecStart = ''
# zfs rollback -r rpool/local/system/root@blank
# zfs rollback -r rpool/local/home@blank
# '';
# };
# };
fileSystems."/".neededForBoot = true;
fileSystems."/home/leyla".neededForBoot = true;
fileSystems."/persist/system/root".neededForBoot = true;
fileSystems."/persist/home/leyla".neededForBoot = true;
fileSystems.${import ../../../const/sops_age_key_directory.nix}.neededForBoot = true;
environment.persistence."/persist/system/root" = {
enable = true;
hideMounts = true;
directories = [
"/run/secrets"
"/etc/ssh"
"/var/log"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
# config.apps.pihole.directory.root
# config.apps.jellyfin.mediaDirectory
# config.services.jellyfin.configDir
# config.services.jellyfin.cacheDir
# config.services.jellyfin.dataDir
# "/var/hass" # config.users.users.hass.home
# "/var/postgresql" # config.users.users.postgresql.home
# "/var/forgejo" # config.users.users.forgejo.home
# "/var/nextcloud" # config.users.users.nextcloud.home
# "/var/headscale" # config.users.users.headscale.home
];
files = [
"/etc/machine-id"
];
};
security.sudo.extraConfig = "Defaults lecture=never";
{...}: {
# fileSystems."/home/leyla".neededForBoot = true;
# fileSystems."/persist/home/leyla".neededForBoot = true;
}