From 41009b53cb29e548062cdc3e9e470ebe047fd5ba Mon Sep 17 00:00:00 2001 From: Christoph Cullmann Date: Thu, 30 May 2024 11:18:56 +0200 Subject: [PATCH] more zfs --- common.nix | 19 +------------- neko/hardware-configuration.nix | 18 +++++--------- neko/install.txt | 44 +++++++++++++++++++++++++++++++++ 3 files changed, 51 insertions(+), 30 deletions(-) diff --git a/common.nix b/common.nix index a64a3a3..45b8cf4 100644 --- a/common.nix +++ b/common.nix @@ -97,24 +97,6 @@ in depends = [ "/data" ]; }; - # keep some stuff persistent - environment.persistence."/nix/persistent" = { - hideMounts = true; - directories = [ - # systemd timers - { directory = "/var/lib/systemd/timers"; user = "root"; group = "root"; mode = "u=rwx,g=rx,o=rx"; } - - # clamav database - { directory = "/var/lib/clamav"; user = "clamav"; group = "clamav"; mode = "u=rwx,g=rx,o=rx"; } - - # alsa state for persistent sound settings - { directory = "/var/lib/alsa"; user = "root"; group = "root"; mode = "u=rwx,g=rx,o=rx"; } - ]; - files = [ - "/etc/machine-id" - ]; - }; - # enable fast dbus services.dbus.implementation = "broker"; @@ -301,6 +283,7 @@ in pciutils pdftk pulseaudio + pwgen qmk ssh-audit starship diff --git a/neko/hardware-configuration.nix b/neko/hardware-configuration.nix index 9c017ad..af44b41 100644 --- a/neko/hardware-configuration.nix +++ b/neko/hardware-configuration.nix @@ -19,26 +19,20 @@ fsType = "vfat"; neededForBoot = true; }; -/* + # vms - boot.initrd.luks.devices."crypt-vms".device = "/dev/disk/by-id/nvme-CT2000P5PSSD8_213330E4ED05"; fileSystems."/home/cullmann/vms" = - { device = "/dev/mapper/crypt-vms"; - fsType = "btrfs"; - neededForBoot = true; - options = [ "noatime" "nodiratime" ]; + { device = "vpool/vms"; + fsType = "zfs"; depends = [ "/home" ]; }; # projects - boot.initrd.luks.devices."crypt-projects".device = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S69ENF0R846614L"; fileSystems."/home/cullmann/projects" = - { device = "/dev/mapper/crypt-projects"; - fsType = "btrfs"; - neededForBoot = true; - options = [ "noatime" "nodiratime" ]; + { device = "ppool/projects"; + fsType = "zfs"; depends = [ "/home" ]; - };*/ + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/neko/install.txt b/neko/install.txt index 042d073..a794e13 100644 --- a/neko/install.txt +++ b/neko/install.txt @@ -149,6 +149,28 @@ wipefs -a $DD sleep 5 +# ZFS zpool creation with encryption +zpool create \ + -o ashift=12 \ + -o autotrim=on \ + -O acltype=posixacl \ + -O atime=off \ + -O canmount=off \ + -O compression=on \ + -O dnodesize=auto \ + -O normalization=formD \ + -O xattr=sa \ + -O mountpoint=none \ + -O encryption=on \ + -O keylocation=file:///data/nixos/key-vms.secret \ + -O keyformat=passphrase \ + vpool $DD + +sleep 5 + +# create all the volumes +zfs create -o mountpoint=legacy vpool/vms + # create projects disk DD=/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S69ENF0R846614L @@ -157,3 +179,25 @@ blkdiscard -v $DD wipefs -a $DD sleep 5 + +# ZFS zpool creation with encryption +zpool create \ + -o ashift=12 \ + -o autotrim=on \ + -O acltype=posixacl \ + -O atime=off \ + -O canmount=off \ + -O compression=on \ + -O dnodesize=auto \ + -O normalization=formD \ + -O xattr=sa \ + -O mountpoint=none \ + -O encryption=on \ + -O keylocation=file:///data/nixos/key-projects.secret \ + -O keyformat=passphrase \ + ppool $DD + +sleep 5 + +# create all the volumes +zfs create -o mountpoint=legacy ppool/projects