more zfs

2024-05-30 11:18:56 +02:00 · 2024-05-30 11:18:56 +02:00 · 41009b53cb
parent 166d4504c6
commit 41009b53cb
3 changed files with 51 additions and 30 deletions
--- a/common.nix
+++ b/common.nix
@ -97,24 +97,6 @@ in
      depends = [ "/data" ];
    };

-  # keep some stuff persistent
-  environment.persistence."/nix/persistent" = {
-    hideMounts = true;
-    directories = [
-      # systemd timers
-      { directory = "/var/lib/systemd/timers"; user = "root"; group = "root"; mode = "u=rwx,g=rx,o=rx"; }
-
-      # clamav database
-      { directory = "/var/lib/clamav"; user = "clamav"; group = "clamav"; mode = "u=rwx,g=rx,o=rx"; }
-
-      # alsa state for persistent sound settings
-      { directory = "/var/lib/alsa"; user = "root"; group = "root"; mode = "u=rwx,g=rx,o=rx"; }
-    ];
-    files = [
-      "/etc/machine-id"
-    ];
-  };
-
  # enable fast dbus
  services.dbus.implementation = "broker";

@ -301,6 +283,7 @@ in
    pciutils
    pdftk
    pulseaudio
+    pwgen
    qmk
    ssh-audit
    starship
--- a/neko/hardware-configuration.nix
+++ b/neko/hardware-configuration.nix
@ -19,26 +19,20 @@
      fsType = "vfat";
      neededForBoot = true;
    };
-/*
+
  # vms
-  boot.initrd.luks.devices."crypt-vms".device = "/dev/disk/by-id/nvme-CT2000P5PSSD8_213330E4ED05";
  fileSystems."/home/cullmann/vms" =
-    { device = "/dev/mapper/crypt-vms";
-      fsType = "btrfs";
-      neededForBoot = true;
-      options = [ "noatime" "nodiratime" ];
+    { device = "vpool/vms";
+      fsType = "zfs";
      depends = [ "/home" ];
    };

  # projects
-  boot.initrd.luks.devices."crypt-projects".device = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S69ENF0R846614L";
  fileSystems."/home/cullmann/projects" =
-    { device = "/dev/mapper/crypt-projects";
-      fsType = "btrfs";
-      neededForBoot = true;
-      options = [ "noatime" "nodiratime" ];
+    { device = "ppool/projects";
+      fsType = "zfs";
      depends = [ "/home" ];
-    };*/
+    };

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
--- a/neko/install.txt
+++ b/neko/install.txt
@ -149,6 +149,28 @@ wipefs -a $DD

 sleep 5

+# ZFS zpool creation with encryption
+zpool create \
+    -o ashift=12 \
+    -o autotrim=on \
+    -O acltype=posixacl \
+    -O atime=off \
+    -O canmount=off \
+    -O compression=on \
+    -O dnodesize=auto \
+    -O normalization=formD \
+    -O xattr=sa \
+    -O mountpoint=none \
+    -O encryption=on \
+    -O keylocation=file:///data/nixos/key-vms.secret \
+    -O keyformat=passphrase \
+    vpool $DD
+
+sleep 5
+
+# create all the volumes
+zfs create -o mountpoint=legacy vpool/vms
+
 # create projects disk

 DD=/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S69ENF0R846614L
@ -157,3 +179,25 @@ blkdiscard -v $DD
 wipefs -a $DD

 sleep 5
+
+# ZFS zpool creation with encryption
+zpool create \
+    -o ashift=12 \
+    -o autotrim=on \
+    -O acltype=posixacl \
+    -O atime=off \
+    -O canmount=off \
+    -O compression=on \
+    -O dnodesize=auto \
+    -O normalization=formD \
+    -O xattr=sa \
+    -O mountpoint=none \
+    -O encryption=on \
+    -O keylocation=file:///data/nixos/key-projects.secret \
+    -O keyformat=passphrase \
+    ppool $DD
+
+sleep 5
+
+# create all the volumes
+zfs create -o mountpoint=legacy ppool/projects