more ZFS preparations

common.nix

@@ -56,23 +56,21 @@ in
       options = [ "defaults" "size=8G" "mode=755" ];
     };
 
-  # nix store file system from encrypted disk
+  # nix store file system from encrypted ZFS
   fileSystems."/nix" =
-    { device = "/dev/mapper/crypt-system";
-      fsType = "btrfs";
+    { device = "zpool/nix";
+      fsType = "zfs";
       neededForBoot = true;
-      options = [ "subvol=nix" "noatime" "nodiratime" ];
     };
 
-  # data store file system from encrypted disk
+  # data store file system from encrypted ZFS
   fileSystems."/data" =
-    { device = "/dev/mapper/crypt-system";
-      fsType = "btrfs";
+    { device = "zpool/data";
+      fsType = "zfs";
       neededForBoot = true;
-      options = [ "subvol=data" "noatime" "nodiratime" ];
     };
 
-  # bind mount to have homes
+  # bind mount to have user homes
   fileSystems."/home" =
     { device = "/data/home";
       fsType = "none";

neko/hardware-configuration.nix

@@ -13,16 +13,13 @@
   # don't check for split locks, for KVM and Co.
   boot.kernelParams = [ "split_lock_detect=off" ];
 
-  # system
-  boot.initrd.luks.devices."crypt-system".device = "/dev/disk/by-id/nvme-Seagate_FireCuda_530_ZP4000GM30013_7VS01VBM-part2";
-
   # efi partition
   fileSystems."/boot" =
     { device = "/dev/disk/by-id/nvme-Seagate_FireCuda_530_ZP4000GM30013_7VS01VBM-part1";
       fsType = "vfat";
       neededForBoot = true;
     };
-
+/*
   # vms
   boot.initrd.luks.devices."crypt-vms".device = "/dev/disk/by-id/nvme-CT2000P5PSSD8_213330E4ED05";
   fileSystems."/home/cullmann/vms" =
@@ -41,7 +38,7 @@
       neededForBoot = true;
       options = [ "noatime" "nodiratime" ];
       depends = [ "/home" ];
-    };
+    };*/
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

neko/install.txt

@@ -53,37 +53,35 @@ cat /proc/partitions
 # boot partition
 mkfs.fat -F 32 -n EFIBOOT $DISK-part1
 
-# create the crypto containers
-cryptsetup luksFormat --sector-size 4096 --batch-mode --verify-passphrase $DISK-part2
-
 sleep 5
 
-# open them, set right options persistently
-cryptsetup luksOpen --allow-discards --perf-no_read_workqueue --perf-no_write_workqueue --persistent $DISK-part2 crypt-system
+# ZFS zpool creation with encryption
+zpool create \
+    -o ashift=12 \
+    -o autotrim=on \
+    -O acltype=posixacl \
+    -O atime=off \
+    -O canmount=off \
+    -O compression=on \
+    -O dnodesize=auto \
+    -O normalization=formD \
+    -O xattr=sa \
+    -O mountpoint=none \
+    -O encryption=on \
+    -O keylocation=prompt \
+    -O keyformat=passphrase \
+    zpool $DISK-part2
 
 sleep 5
-lsblk --fs
-
-# create btrfs with fast & strong checksumming and fast mounting
-mkfs.btrfs -f --csum xxhash --features block-group-tree /dev/mapper/crypt-system
-
-sleep 5
-btrfs filesystem show
 
 # create all the volumes
-mount /dev/mapper/crypt-system /mnt
-btrfs subvolume create /mnt/data
-btrfs subvolume create /mnt/nix
-btrfs subvolume create /mnt/root
+zfs create -o mountpoint=legacy zpool/data
+zfs create -o mountpoint=legacy zpool/nix
 
 sleep 5
-btrfs subvolume list /mnt
 
-# umount again, we will only use explicit subvolumes
-umount /mnt
-
-# prepare install
-mount -o subvol=root,noatime,nodiratime /dev/mapper/crypt-system /mnt
+# prepare install, tmpfs root
+mount -t tmpfs none /mnt
 
 # Create directories to mount file systems on
 mkdir -p /mnt/{data,nix,home,boot,root,etc/nixos}
@@ -92,8 +90,8 @@ mkdir -p /mnt/{data,nix,home,boot,root,etc/nixos}
 mount $DISK-part1 /mnt/boot
 
 # mount volumes
-mount -o subvol=data,noatime,nodiratime /dev/mapper/crypt-system /mnt/data
-mount -o subvol=nix,noatime,nodiratime /dev/mapper/crypt-system /mnt/nix
+mount -t zfs zpool/data /mnt/data
+mount -t zfs zpool/nix /mnt/nix
 
 # bind mount persistent stuff to data
 mkdir -p /mnt/{data/home,data/root,data/nixos/$HOST}