diff --git a/mini/install.txt b/mini/install.txt index eadc355..cf9f74d 100644 --- a/mini/install.txt +++ b/mini/install.txt @@ -64,16 +64,45 @@ mkfs.fat -F 32 -n EFIBOOT $DISK-part1 sleep 5 -# create the crypto containers with proper 4k sectors -cryptsetup luksFormat --sector-size 4096 --batch-mode --verify-passphrase $DISK-part2 -cryptsetup luksFormat --sector-size 4096 --batch-mode --verify-passphrase $DISK2 +# ZFS zpool creation with encryption +zpool create \ + -o ashift=13 \ + -o autotrim=off \ + -O acltype=posixacl \ + -O atime=off \ + -O canmount=off \ + -O compression=on \ + -O dnodesize=auto \ + -O utf8only=on \ + -O normalization=formD \ + -O xattr=sa \ + -O mountpoint=none \ + -O encryption=on \ + -O keylocation=prompt \ + -O keyformat=passphrase \ + zpool $DISK-part2 $DISK2 -# open the containers -cryptsetup luksOpen $DISK-part2 crypt0 -cryptsetup luksOpen $DISK2 crypt1 +sleep 5 -# create one large btrfs on them, RAID0 with strong checksum -mkfs.btrfs -f -d raid0 -m raid0 --checksum blake2 --features block-group-tree --label nix /dev/mapper/crypt0 /dev/mapper/crypt1 +# show the pool +zpool status + +sleep 5 + +# create all the volumes +zfs create -o mountpoint=legacy zpool/data +zfs create -o mountpoint=legacy zpool/nix +zfs create -o mountpoint=legacy zpool/tmp + +# we want 64 KB recordsize +zfs set recordsize=64K zpool/data +zfs set recordsize=64K zpool/nix +zfs set recordsize=64K zpool/tmp + +sleep 5 + +# show the pool +zpool status sleep 5 @@ -81,27 +110,25 @@ sleep 5 mount -t tmpfs none /mnt # Create directories to mount file systems on -mkdir -p /mnt/{nix,home,boot,root,etc/nixos} +mkdir -p /mnt/{data,nix,home,boot,root,etc/nixos,tmp} # mount the ESP mount $DISK-part1 /mnt/boot -# mount large btrfs -mount -t btrfs /dev/mapper/crypt0 -o device=/dev/mapper/crypt1 /mnt/nix - -# ensure tmp fills not the RAM -mkdir -p /mnt/tmp /mnt/nix/tmp -mount --bind /mnt/nix/tmp /mnt/tmp +# mount volumes +mount -t zfs zpool/data /mnt/data +mount -t zfs zpool/nix /mnt/nix +mount -t zfs zpool/tmp /mnt/tmp # bind mount persistent stuff to data -mkdir -p /mnt/nix/data/{home,root,nixos/$HOST} -mount --bind /mnt/nix/data/home /mnt/home -mount --bind /mnt/nix/data/root /mnt/root -mount --bind /mnt/nix/data/nixos/$HOST /mnt/etc/nixos +mkdir -p /mnt/data/{home,root,nixos/$HOST} +mount --bind /mnt/data/home /mnt/home +mount --bind /mnt/data/root /mnt/root +mount --bind /mnt/data/nixos/$HOST /mnt/etc/nixos -# create fake /nix/data to have the right paths -mkdir -p /nix/data -mount --bind /mnt/nix/data /nix/data +# create fake /data to have the right paths +mkdir -p /data +mount --bind /mnt/data /data # take a look mount @@ -113,7 +140,7 @@ nixos-generate-config --root /mnt # copy config data from another machine including secrets -sudo scp -r /nix/data/nixos root@192.168.13.100:/mnt/nix/data +sudo scp -r /data/nixos root@192.168.13.100:/mnt/data # install @@ -121,10 +148,8 @@ nixos-install --option experimental-features 'nix-command flakes' --no-root-pass # unmount all stuff and sync -umount -Rl /nix/data /mnt -cryptsetup luksClose crypt0 -cryptsetup luksClose crypt1 -sync +umount -Rl /data /mnt +zpool export -a # shutdown once @@ -132,4 +157,4 @@ shutdown -h now # sync all /data after the install -sudo -E rsync -va --delete --one-file-system /nix/data/ root@192.168.13.100:/nix/data/ +sudo -E rsync -va --delete --one-file-system /data/ root@192.168.13.100:/data/