diff --git a/common.nix b/common.nix index 98c2200..a64a3a3 100644 --- a/common.nix +++ b/common.nix @@ -56,23 +56,21 @@ in options = [ "defaults" "size=8G" "mode=755" ]; }; - # nix store file system from encrypted disk + # nix store file system from encrypted ZFS fileSystems."/nix" = - { device = "/dev/mapper/crypt-system"; - fsType = "btrfs"; + { device = "zpool/nix"; + fsType = "zfs"; neededForBoot = true; - options = [ "subvol=nix" "noatime" "nodiratime" ]; }; - # data store file system from encrypted disk + # data store file system from encrypted ZFS fileSystems."/data" = - { device = "/dev/mapper/crypt-system"; - fsType = "btrfs"; + { device = "zpool/data"; + fsType = "zfs"; neededForBoot = true; - options = [ "subvol=data" "noatime" "nodiratime" ]; }; - # bind mount to have homes + # bind mount to have user homes fileSystems."/home" = { device = "/data/home"; fsType = "none"; diff --git a/neko/hardware-configuration.nix b/neko/hardware-configuration.nix index 50fa14c..9c017ad 100644 --- a/neko/hardware-configuration.nix +++ b/neko/hardware-configuration.nix @@ -13,16 +13,13 @@ # don't check for split locks, for KVM and Co. boot.kernelParams = [ "split_lock_detect=off" ]; - # system - boot.initrd.luks.devices."crypt-system".device = "/dev/disk/by-id/nvme-Seagate_FireCuda_530_ZP4000GM30013_7VS01VBM-part2"; - # efi partition fileSystems."/boot" = { device = "/dev/disk/by-id/nvme-Seagate_FireCuda_530_ZP4000GM30013_7VS01VBM-part1"; fsType = "vfat"; neededForBoot = true; }; - +/* # vms boot.initrd.luks.devices."crypt-vms".device = "/dev/disk/by-id/nvme-CT2000P5PSSD8_213330E4ED05"; fileSystems."/home/cullmann/vms" = @@ -41,7 +38,7 @@ neededForBoot = true; options = [ "noatime" "nodiratime" ]; depends = [ "/home" ]; - }; + };*/ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/neko/install.txt b/neko/install.txt index 9b47a76..66bf05c 100644 --- a/neko/install.txt +++ b/neko/install.txt @@ -53,37 +53,35 @@ cat /proc/partitions # boot partition mkfs.fat -F 32 -n EFIBOOT $DISK-part1 -# create the crypto containers -cryptsetup luksFormat --sector-size 4096 --batch-mode --verify-passphrase $DISK-part2 - sleep 5 -# open them, set right options persistently -cryptsetup luksOpen --allow-discards --perf-no_read_workqueue --perf-no_write_workqueue --persistent $DISK-part2 crypt-system +# ZFS zpool creation with encryption +zpool create \ + -o ashift=12 \ + -o autotrim=on \ + -O acltype=posixacl \ + -O atime=off \ + -O canmount=off \ + -O compression=on \ + -O dnodesize=auto \ + -O normalization=formD \ + -O xattr=sa \ + -O mountpoint=none \ + -O encryption=on \ + -O keylocation=prompt \ + -O keyformat=passphrase \ + zpool $DISK-part2 sleep 5 -lsblk --fs - -# create btrfs with fast & strong checksumming and fast mounting -mkfs.btrfs -f --csum xxhash --features block-group-tree /dev/mapper/crypt-system - -sleep 5 -btrfs filesystem show # create all the volumes -mount /dev/mapper/crypt-system /mnt -btrfs subvolume create /mnt/data -btrfs subvolume create /mnt/nix -btrfs subvolume create /mnt/root +zfs create -o mountpoint=legacy zpool/data +zfs create -o mountpoint=legacy zpool/nix sleep 5 -btrfs subvolume list /mnt -# umount again, we will only use explicit subvolumes -umount /mnt - -# prepare install -mount -o subvol=root,noatime,nodiratime /dev/mapper/crypt-system /mnt +# prepare install, tmpfs root +mount -t tmpfs none /mnt # Create directories to mount file systems on mkdir -p /mnt/{data,nix,home,boot,root,etc/nixos} @@ -92,8 +90,8 @@ mkdir -p /mnt/{data,nix,home,boot,root,etc/nixos} mount $DISK-part1 /mnt/boot # mount volumes -mount -o subvol=data,noatime,nodiratime /dev/mapper/crypt-system /mnt/data -mount -o subvol=nix,noatime,nodiratime /dev/mapper/crypt-system /mnt/nix +mount -t zfs zpool/data /mnt/data +mount -t zfs zpool/nix /mnt/nix # bind mount persistent stuff to data mkdir -p /mnt/{data/home,data/root,data/nixos/$HOST}