try zfs again

with auto rollback
https://ryanseipp.com/post/nixos-encrypted-root/

miku/configuration.nix

@@ -13,7 +13,10 @@
       # Shared config of all machines
       /data/nixos/share/common.nix
     ];
+cchchchc
+chchchchc
 
+SSSSS
   # our hostname and an ID for ZFS
   networking.hostName = "miku";
   networking.hostId = "c132caed";

neko/hardware-configuration.nix

@@ -15,16 +15,9 @@
 
   # /boot efi partition to boot in UEFI mode
   fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/554C-161A";
+    device = "/dev/disk/by-id/nvme-Seagate_FireCuda_530_ZP4000GM30013_7VS01VBM-part1";
     fsType = "vfat";
     options = [ "fmask=0022" "dmask=0022" ];
     neededForBoot = true;
   };
-
-  # encrypted system
-  boot.initrd.luks.devices."crypt-system" = {
-    device = "/dev/disk/by-uuid/91f98284-b0fa-40b9-8a32-37f71968b2dd";
-    allowDiscards = true;
-    bypassWorkqueues = true;
-  };
 }

neko/install.txt

@@ -58,46 +58,64 @@ done
 # take a look at the partitions
 lsblk
 
-# create the RAID-0, second partitions on all disks
+# ZFS zpool creation with compression and encryption
-mdadm --create --verbose --level=0 --raid-devices=3 /dev/md/system $DISK-part2 $DISK2-part2 $DISK3-part2
+zpool create \
+    -o ashift=13 \
+    -o autotrim=off \
+    -O acltype=posixacl \
+    -O atime=off \
+    -O canmount=off \
+    -O compression=on \
+    -O dnodesize=auto \
+    -O utf8only=on \
+    -O normalization=formD \
+    -O xattr=sa \
+    -O mountpoint=none \
+    -O encryption=on \
+    -O keylocation=prompt \
+    -O keyformat=passphrase \
+    zpool $DISK-part2 $DISK2-part2 $DISK3-part2
+
 sleep 5
 
 # take a look at the partitions
 lsblk
 
-# create the LUKS container and open it
+# show the pool
-cryptsetup luksFormat --sector-size 4096 --batch-mode --verify-passphrase /dev/md/system
+zpool status
-cryptsetup luksOpen /dev/md/system crypt-system
+
 sleep 5
 
-# take a look at the partitions
+# create all the volumes
-lsblk
+zfs create -o mountpoint=legacy zpool/data
+zfs create -o mountpoint=legacy zpool/nix
+zfs create -o mountpoint=legacy zpool/root
 
-# create btrfs with volumes
-mkfs.btrfs -f --features block-group-tree --label system /dev/mapper/crypt-system
-mount -t btrfs /dev/mapper/crypt-system /mnt
-btrfs subvolume create /mnt/data
-btrfs subvolume create /mnt/nix
-btrfs subvolume create /mnt/tmp
-umount /mnt
 sleep 5
 
-# take a look at the partitions
+# show the pool
-lsblk
+zpool status
 
-# prepare install, tmpfs root
+sleep 5
-mount -t tmpfs none /mnt
+
+# create ZFS snapshot that we'll rollback to on boot
+# see https://ryanseipp.com/post/nixos-encrypted-root/
+zfs snapshot zpool/root@blank
+
+sleep 5
+
+# prepare install, root
+mount -t zfs zpool/root /mnt
 
 # Create directories to mount file systems on
-mkdir -p /mnt/{data,nix,boot,root,etc/nixos,tmp}
+mkdir -p /mnt/{data,nix,boot,root,etc/nixos}
 
 # mount the ESP
 mount $DISK-part1 /mnt/boot
 
 # mount volumes
-mount -o subvol=data,noatime /dev/mapper/crypt-system /mnt/data
+mount -t zfs zpool/data /mnt/data
-mount -o subvol=nix,noatime /dev/mapper/crypt-system /mnt/nix
+mount -t zfs zpool/nix /mnt/nix
-mount -o subvol=tmp,noatime /dev/mapper/crypt-system /mnt/tmp
 
 # bind mount persistent stuff to data
 mkdir -p /mnt/data/{root,nixos/$HOST}
@@ -127,8 +145,7 @@ nixos-install --option experimental-features 'nix-command flakes' --no-root-pass
 # unmount all stuff and sync
 
 umount -Rl /data /mnt
-cryptsetup luksClose crypt-system
+zpool export -a
-mdadm --stop /dev/md/system
 sync
 
 # shutdown once

share/common.nix

@@ -159,35 +159,38 @@ in
   # swap to RAM
   zramSwap.enable = true;
 
-  # root file system in RAM
+  # root file system, we will rollback that on boot
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "none";
+    device = "zpool/root";
-      fsType = "tmpfs";
+    fsType = "zfs";
-      neededForBoot = true;
+    neededForBoot = true;
-      options = [ "defaults" "size=8G" "mode=755" ];
+  };
-    };
+
+  # root rollback, see https://ryanseipp.com/post/nixos-encrypted-root/
+  boot.initrd.systemd.services.rollback = {
+    description = "Rollback root filesystem to a pristine state";
+    wantedBy = ["initrd.target"];
+    after = ["zfs-import-zpool.service"];
+    before = ["sysroot.mount"];
+    path = with pkgs; [zfs];
+    unitConfig.DefaultDependencies = "no";
+    serviceConfig.Type = "oneshot";
+    script = ''
+      zfs rollback -r zpool/root@blank && echo " >> >> Rollback Complete << <<"
+    '';
+  };
 
   # my data
   fileSystems."/data" = {
-    device = "/dev/mapper/crypt-system";
+    device = "zpool/data";
-    fsType = "btrfs";
+    fsType = "zfs";
-    options = [ "subvol=data" "noatime" "nodiscard" "commit=5" ];
     neededForBoot = true;
   };
 
   # the system
   fileSystems."/nix" = {
-    device = "/dev/mapper/crypt-system";
+    device = "zpool/nix";
-    fsType = "btrfs";
+    fsType = "zfs";
-    options = [ "subvol=nix" "noatime" "nodiscard" "commit=5" ];
-    neededForBoot = true;
-  };
-
-  # tmp to not fill RAM
-  fileSystems."/tmp" = {
-    device = "/dev/mapper/crypt-system";
-    fsType = "btrfs";
-    options = [ "subvol=tmp" "noatime" "nodiscard" "commit=5" ];
     neededForBoot = true;
   };
 
@@ -209,18 +212,6 @@ in
       depends = [ "/data" ];
     };
 
-  # trim the disks weekly
-  services.fstrim = {
-    enable = true;
-    interval = "weekly";
-  };
-
-  # scrub the disks weekly
-  services.btrfs.autoScrub = {
-    enable = true;
-    interval = "weekly";
-  };
-
   # keep some stuff persistent
   environment.persistence."/nix/persistent" = {
     hideMounts = true;
@@ -244,9 +235,6 @@ in
     ];
   };
 
-  # kill the tmp content on reboots, we mount that to /nix/persistent to avoid memory fill-up
-  boot.tmp.cleanOnBoot = true;
-
   # ensure our data is not rotting
   services.zfs.autoScrub = {
     enable = true;