diff --git a/beta/install.txt b/beta/install.txt index a05061f..4228b12 100644 --- a/beta/install.txt +++ b/beta/install.txt @@ -25,71 +25,97 @@ efibootmgr -b 3 -B efibootmgr -b 4 -B efibootmgr -# host name to use +# Defining some helper variables (these will be used in later code +# blocks as well, so make sure to use the same terminal session or +# redefine them later) +DISK=/dev/disk/by-id/nvme-SAMSUNG_MZVLB1T0HBLR-000L2_S4DZNX0R362286 HOST=beta -# disks to use -DISK=/dev/disk/by-id/nvme-SAMSUNG_MZVLB1T0HBLR-000L2_S4DZNX0R362286 - -# create partition table on all disks and EFI partition -for D in $DISK; do - # kill old data - sgdisk --zap-all $D - blkdiscard -v $D - wipefs -a $D - sleep 5 - - # create partitions - parted $D -- mklabel gpt - sgdisk -n 1:0:+1024M -c 1:"EFI System Partition" -t 1:EF00 $D - sgdisk -n 2:0:0 -c 2:"Linux" -t 2:8e00 $D - parted $D -- set 1 boot on - sleep 5 - - # boot partition - mkfs.fat -F 32 -n EFIBOOT $D-part1 - sleep 5 -done - -# take a look at the partitions -lsblk - -# create the LUKS container and open it -cryptsetup luksFormat --sector-size 4096 --batch-mode --verify-passphrase $DISK-part2 -cryptsetup luksOpen $DISK-part2 crypt-system sleep 5 -# take a look at the partitions -lsblk +# kill old data +sgdisk --zap-all $DISK +blkdiscard -v $DISK +wipefs -a $DISK +gdisk -l $DISK -# create btrfs with volumes -mkfs.btrfs -f --features block-group-tree --label system /dev/mapper/crypt-system -mount -t btrfs /dev/mapper/crypt-system /mnt -btrfs subvolume create /mnt/data -btrfs subvolume create /mnt/nix -btrfs subvolume create /mnt/tmp -umount /mnt sleep 5 -# take a look at the partitions -lsblk +# create partitions +parted $DISK -- mklabel gpt +sgdisk -n 1:0:+1024M -c 1:"EFI System Partition" -t 1:EF00 $DISK +sgdisk -n 2:0:0 -c 2:"Linux" -t 2:8e00 $DISK +parted $DISK -- set 1 boot on + +sleep 5 + +# take a look +cat /proc/partitions + +# boot partition +mkfs.fat -F 32 -n EFIBOOT $DISK-part1 + +sleep 5 + +# ZFS zpool creation with encryption +zpool create \ + -o ashift=13 \ + -o autotrim=off \ + -O acltype=posixacl \ + -O atime=off \ + -O canmount=off \ + -O compression=on \ + -O dnodesize=auto \ + -O utf8only=on \ + -O normalization=formD \ + -O xattr=sa \ + -O mountpoint=none \ + -O encryption=on \ + -O keylocation=prompt \ + -O keyformat=passphrase \ + zpool $DISK-part2 + +sleep 5 + +# show the pool +zpool status + +sleep 5 + +# create all the volumes +zfs create -o mountpoint=legacy zpool/data +zfs create -o mountpoint=legacy zpool/nix +zfs create -o mountpoint=legacy zpool/tmp + +# we want 64 KB recordsize +zfs set recordsize=64K zpool/data +zfs set recordsize=64K zpool/nix +zfs set recordsize=64K zpool/tmp + +sleep 5 + +# show the pool +zpool status + +sleep 5 # prepare install, tmpfs root mount -t tmpfs none /mnt # Create directories to mount file systems on -mkdir -p /mnt/{data,nix,boot,root,etc/nixos,tmp} +mkdir -p /mnt/{data,nix,home,boot,root,etc/nixos,tmp} # mount the ESP mount $DISK-part1 /mnt/boot # mount volumes -mount -o subvol=data,noatime /dev/mapper/crypt-system /mnt/data -mount -o subvol=nix,noatime /dev/mapper/crypt-system /mnt/nix -mount -o subvol=tmp,noatime /dev/mapper/crypt-system /mnt/tmp +mount -t zfs zpool/data /mnt/data +mount -t zfs zpool/nix /mnt/nix +mount -t zfs zpool/tmp /mnt/tmp # bind mount persistent stuff to data -mkdir -p /mnt/data/{root,nixos/$HOST} +mkdir -p /mnt/data/{home,root,nixos/$HOST} +mount --bind /mnt/data/home /mnt/home mount --bind /mnt/data/root /mnt/root mount --bind /mnt/data/nixos/$HOST /mnt/etc/nixos @@ -107,7 +133,7 @@ nixos-generate-config --root /mnt # copy config data from another machine including secrets -doas scp -r /data/nixos root@192.168.13.102:/mnt/data +sudo scp -r /data/nixos root@192.168.13.102:/mnt/data # install @@ -116,10 +142,8 @@ nixos-install --option experimental-features 'nix-command flakes' --no-root-pass # unmount all stuff and sync umount -Rl /data /mnt -cryptsetup luksClose crypt-system -mdadm --stop /dev/md/system -sync +zpool export -a # shutdown once -shutdown now +shutdown -h now diff --git a/miku/hardware-configuration.nix b/miku/hardware-configuration.nix index bbe0db2..5badc76 100644 --- a/miku/hardware-configuration.nix +++ b/miku/hardware-configuration.nix @@ -16,18 +16,13 @@ # amd graphics hardware.graphics.extraPackages = with pkgs; [ amdvlk rocmPackages.clr.icd ]; - # /boot efi partition to boot in UEFI mode - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/5B5C-07AD"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - neededForBoot = true; - }; + FIXME - # encrypted system - boot.initrd.luks.devices."crypt-system" = { - device = "/dev/disk/by-uuid/38f19fd3-61b4-4a34-a5b8-0059eeff3c8e"; - allowDiscards = true; - bypassWorkqueues = true; - }; + # /boot efi partition to boot in UEFI mode + fileSystems."/boot" = + { device = "/dev/disk/by-id/nvme-KINGSTON_SFYRD4000G_50026B7686EC5F33-part1"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + neededForBoot = true; + }; } diff --git a/miku/install.txt b/miku/install.txt index d7c9c0e..aea5a69 100644 --- a/miku/install.txt +++ b/miku/install.txt @@ -22,89 +22,111 @@ efibootmgr -b 3 -B efibootmgr -b 4 -B efibootmgr -# host name to use -HOST=miku - -# disks to use +# Defining some helper variables (these will be used in later code +# blocks as well, so make sure to use the same terminal session or +# redefine them later) DISK=/dev/disk/by-id/nvme-KINGSTON_SFYRD4000G_50026B7686EC5F33 DISK2=/dev/disk/by-id/nvme-KINGSTON_SFYRD4000G_50026B7686EC6164 +HOST=miku # ensure 4k sector size nvme format --lbaf=1 --force $DISK nvme id-ns -H $DISK -sleep 5 # ensure 4k sector size nvme format --lbaf=1 --force $DISK2 nvme id-ns -H $DISK2 + sleep 5 -# create partition table on all disks and EFI partition -for D in $DISK $DISK2; do - # kill old data - sgdisk --zap-all $D - blkdiscard -v $D - wipefs -a $D - sleep 5 +# kill old data +sgdisk --zap-all $DISK +blkdiscard -v $DISK +wipefs -a $DISK +gdisk -l $DISK - # create partitions - parted $D -- mklabel gpt - sgdisk -n 1:0:+1024M -c 1:"EFI System Partition" -t 1:EF00 $D - sgdisk -n 2:0:0 -c 2:"Linux" -t 2:8e00 $D - parted $D -- set 1 boot on - sleep 5 +# wipe second disk +sgdisk --zap-all $DISK2 +blkdiscard -v $DISK2 +wipefs -a $DISK2 - # boot partition - mkfs.fat -F 32 -n EFIBOOT $D-part1 - sleep 5 -done - -# take a look at the partitions -lsblk - -# create the RAID-0, second partitions on all disks -mdadm --create --verbose --level=0 --raid-devices=2 /dev/md/system $DISK-part2 $DISK2-part2 sleep 5 -# take a look at the partitions -lsblk +# create partitions +parted $DISK -- mklabel gpt +sgdisk -n 1:0:+1024M -c 1:"EFI System Partition" -t 1:EF00 $DISK +sgdisk -n 2:0:0 -c 2:"Linux" -t 2:8e00 $DISK +parted $DISK -- set 1 boot on -# create the LUKS container and open it -cryptsetup luksFormat --sector-size 4096 --batch-mode --verify-passphrase /dev/md/system -cryptsetup luksOpen /dev/md/system crypt-system sleep 5 -# take a look at the partitions -lsblk +# take a look +cat /proc/partitions + +# boot partition +mkfs.fat -F 32 -n EFIBOOT $DISK-part1 -# create btrfs with volumes -mkfs.btrfs -f --features block-group-tree --label system /dev/mapper/crypt-system -mount -t btrfs /dev/mapper/crypt-system /mnt -btrfs subvolume create /mnt/data -btrfs subvolume create /mnt/nix -btrfs subvolume create /mnt/tmp -umount /mnt sleep 5 -# take a look at the partitions -lsblk +# ZFS zpool creation with encryption +zpool create \ + -o ashift=13 \ + -o autotrim=off \ + -O acltype=posixacl \ + -O atime=off \ + -O canmount=off \ + -O compression=on \ + -O dnodesize=auto \ + -O utf8only=on \ + -O normalization=formD \ + -O xattr=sa \ + -O mountpoint=none \ + -O encryption=on \ + -O keylocation=prompt \ + -O keyformat=passphrase \ + zpool $DISK-part2 $DISK2 + +sleep 5 + +# show the pool +zpool status + +sleep 5 + +# create all the volumes +zfs create -o mountpoint=legacy zpool/data +zfs create -o mountpoint=legacy zpool/nix +zfs create -o mountpoint=legacy zpool/tmp + +# we want 64 KB recordsize +zfs set recordsize=64K zpool/data +zfs set recordsize=64K zpool/nix +zfs set recordsize=64K zpool/tmp + +sleep 5 + +# show the pool +zpool status + +sleep 5 # prepare install, tmpfs root mount -t tmpfs none /mnt # Create directories to mount file systems on -mkdir -p /mnt/{data,nix,boot,root,etc/nixos,tmp} +mkdir -p /mnt/{data,nix,home,boot,root,etc/nixos,tmp} # mount the ESP mount $DISK-part1 /mnt/boot # mount volumes -mount -o subvol=data,noatime /dev/mapper/crypt-system /mnt/data -mount -o subvol=nix,noatime /dev/mapper/crypt-system /mnt/nix -mount -o subvol=tmp,noatime /dev/mapper/crypt-system /mnt/tmp +mount -t zfs zpool/data /mnt/data +mount -t zfs zpool/nix /mnt/nix +mount -t zfs zpool/tmp /mnt/tmp # bind mount persistent stuff to data -mkdir -p /mnt/data/{root,nixos/$HOST} +mkdir -p /mnt/data/{home,root,nixos/$HOST} +mount --bind /mnt/data/home /mnt/home mount --bind /mnt/data/root /mnt/root mount --bind /mnt/data/nixos/$HOST /mnt/etc/nixos @@ -131,13 +153,11 @@ nixos-install --option experimental-features 'nix-command flakes' --no-root-pass # unmount all stuff and sync umount -Rl /data /mnt -cryptsetup luksClose crypt-system -mdadm --stop /dev/md/system -sync +zpool export -a # shutdown once -shutdown now +shutdown -h now # sync all /data after the install diff --git a/neko/hardware-configuration.nix b/neko/hardware-configuration.nix index 988bd89..385e178 100644 --- a/neko/hardware-configuration.nix +++ b/neko/hardware-configuration.nix @@ -16,18 +16,13 @@ # intel graphics hardware.graphics.extraPackages = with pkgs; [ intel-media-driver intel-compute-runtime ]; - # /boot efi partition to boot in UEFI mode - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/554C-161A"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - neededForBoot = true; - }; + FIXME - # encrypted system - boot.initrd.luks.devices."crypt-system" = { - device = "/dev/disk/by-uuid/91f98284-b0fa-40b9-8a32-37f71968b2dd"; - allowDiscards = true; - bypassWorkqueues = true; - }; + # /boot efi partition to boot in UEFI mode + fileSystems."/boot" = + { device = "/dev/disk/by-id/nvme-Seagate_FireCuda_530_ZP4000GM30013_7VS01VBM-part1"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + neededForBoot = true; + }; } diff --git a/share/common.nix b/share/common.nix index 9934be5..6b20bdd 100644 --- a/share/common.nix +++ b/share/common.nix @@ -27,21 +27,15 @@ in boot.kernelPackages = pkgs.linuxPackages_latest; # allow md devices - boot.swraid = { - enable = true; - mdadmConf = '' - MAILADDR=christoph@cullmann.io - ''; - }; + boot.swraid.enable = true; + boot.swraid.mdadmConf = '' + MAILADDR=christoph@cullmann.io + ''; # my kernel parameters boot.kernelParams = [ # don't check for split locks, for KVM and Co. "split_lock_detect=off" - - # fix igc 0000:0a:00.0 eno1: PCIe link lost, device now detached - "pcie_port_pm=off" - "pcie_aspm.policy=performance" ]; # Use the systemd-boot EFI boot loader. @@ -116,18 +110,6 @@ in depends = [ "/data" ]; }; - # trim the disks weekly - services.fstrim = { - enable = true; - interval = "weekly"; - }; - - # scrub the disks weekly - services.btrfs.autoScrub = { - enable = true; - interval = "weekly"; - }; - # keep some stuff persistent environment.persistence."/nix/persistent" = { hideMounts = true; diff --git a/share/home.nix b/share/home.nix index f629968..d441568 100644 --- a/share/home.nix +++ b/share/home.nix @@ -38,7 +38,6 @@ gc = "doas nix-collect-garbage --delete-older-than 7d"; verify = "doas nix --extra-experimental-features nix-command store verify --all"; optimize = "doas nix --extra-experimental-features nix-command store optimise"; - scrub = "doas btrfs scrub start -B /data"; # list latest files last ltr = "eza -l -s modified"; @@ -54,8 +53,6 @@ mikuroot = "ssh root@miku.fritz.box"; mini = "ssh mini.fritz.box"; miniroot = "ssh root@mini.fritz.box"; - moon = "ssh moon.babylon2k.com"; - moonroot = "ssh root@moon.babylon2k.com"; neko = "ssh neko.fritz.box"; nekoroot = "ssh root@neko.fritz.box"; };