mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-10 14:50:40 +02:00
Code Activity

refactor: make luks names predictable

Browse source
This commit is contained in:
oddlama 2024-01-05 13:29:46 +01:00
parent 490e2ce1a5
commit 664cb45a08
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
14 changed files with 68 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

12
hosts/kroma/fs.nix
View file

@ -2,19 +2,21 @@
config,
lib,
...
}: {
}: let
inherit (config.repo.secrets.local) disks;
in {
disko.devices = {
disk = {
m2-ssd = {
${disks.m2-ssd} = {
type = "disk";
device = "/dev/disk/by-id/${config.repo.secrets.local.disk.m2-ssd}";
device = "/dev/disk/by-id/${disks.m2-ssd}";
content = with lib.disko.gpt; {
type = "table";
format = "gpt";
partitions = [
(partEfi "efi" "0%" "1GiB")
(partSwap "swap" "1GiB" "17GiB")
(partLuksZfs "rpool" "17GiB" "100%")
(partLuksZfs disks.m2-ssd "rpool" "17GiB" "100%")
];
};
};
@ -34,6 +36,4 @@
rpool = mkZpool {datasets = impermanenceZfsDatasets;};
};
};
boot.initrd.luks.devices.enc-rpool.allowDiscards = true;
}

BIN
hosts/kroma/secrets/local.nix.age
View file

Binary file not shown.

16
hosts/nom/fs.nix
View file

@ -2,23 +2,25 @@
config,
lib,
...
}: {
}: let
inherit (config.repo.secrets.local) disks;
in {
disko.devices = {
disk = {
m2-ssd = {
${disks.m2-ssd} = {
type = "disk";
device = "/dev/disk/by-id/${config.repo.secrets.local.disk.m2-ssd}";
device = "/dev/disk/by-id/${disks.m2-ssd}";
content = with lib.disko.gpt; {
type = "table";
format = "gpt";
partitions = [
(partLuksZfs "rpool" "0%" "100%")
(partLuksZfs disks.m2-ssd "rpool" "0%" "100%")
];
};
};
boot-ssd = {
${disks.boot-ssd} = {
type = "disk";
device = "/dev/disk/by-id/${config.repo.secrets.local.disk.boot-ssd}";
device = "/dev/disk/by-id/${disks.boot-ssd}";
content = with lib.disko.gpt; {
type = "table";
format = "gpt";
@ -33,6 +35,4 @@
rpool = mkZpool {datasets = impermanenceZfsDatasets;};
};
};
boot.initrd.luks.devices.enc-rpool.allowDiscards = true;
}

BIN
hosts/nom/secrets/local.nix.age
View file

Binary file not shown.

13
hosts/sentinel/fs.nix
View file

@ -2,19 +2,21 @@
config,
lib,
...
}: {
}: let
inherit (config.repo.secrets.local) disks;
in {
disko.devices = {
disk = {
main = {
${disks.main} = {
type = "disk";
device = "/dev/disk/by-id/${config.repo.secrets.local.disk.main}";
device = "/dev/disk/by-id/${disks.main}";
content = with lib.disko.gpt; {
type = "table";
format = "gpt";
partitions = [
(partGrub "grub" "0%" "1MiB")
(partEfi "bios" "1MiB" "512MiB")
(partLuksZfs "rpool" "512MiB" "100%")
(partLuksZfs disks.main "rpool" "512MiB" "100%")
];
};
};
@ -24,6 +26,5 @@
};
};
boot.loader.grub.devices = ["/dev/disk/by-id/${config.repo.secrets.local.disk.main}"];
boot.initrd.luks.devices.enc-rpool.allowDiscards = true;
boot.loader.grub.devices = ["/dev/disk/by-id/${disks.main}"];
}

BIN
hosts/sentinel/secrets/local.nix.age
View file

Binary file not shown.

25
hosts/sire/default.nix
View file

@ -44,9 +44,10 @@
# services.telegraf.extraConfig.inputs.github = {};
guests = let
mkGuest = guestName: {
mkGuest = guestName: {enableStorageDataset ? false, ...}: {
autostart = true;
zfs."/state" = {
# TODO make one option out of that? and split into two readonly options automatically?
pool = "rpool";
dataset = "local/guests/${guestName}";
};
@ -54,6 +55,10 @@
pool = "rpool";
dataset = "safe/guests/${guestName}";
};
zfs."/storage" = lib.mkIf enableStorageDataset {
pool = "storage";
dataset = "safe/guests/${guestName}";
};
modules = [
../../modules
./guests/common.nix
@ -62,9 +67,9 @@
];
};
mkMicrovm = guestName: {
mkMicrovm = guestName: opts: {
${guestName} =
mkGuest guestName
mkGuest guestName opts
// {
backend = "microvm";
microvm = {
@ -76,9 +81,9 @@
};
# deadnix: skip
mkContainer = guestName: {
mkContainer = guestName: opts: {
${guestName} =
mkGuest guestName
mkGuest guestName opts
// {
backend = "container";
container.macvlan = "lan";
@ -87,11 +92,11 @@
in
lib.mkIf (!minimal) (
{}
// mkMicrovm "samba"
// mkMicrovm "grafana"
// mkMicrovm "influxdb"
// mkMicrovm "loki"
// mkMicrovm "paperless"
// mkMicrovm "samba" {enableStorageDataset = true;}
// mkMicrovm "grafana" {}
// mkMicrovm "influxdb" {}
// mkMicrovm "loki" {}
// mkMicrovm "paperless" {}
#// mkMicrovm "minecraft"
#// mkMicrovm "immich"
#// mkMicrovm "firefly"

27
hosts/sire/fs.nix
View file

@ -2,32 +2,34 @@
config,
lib,
...
}: {
}: let
inherit (config.repo.secrets.local) disks;
in {
disko.devices = {
disk =
{
m2-ssd-1 = {
${disks.m2-ssd-1} = {
type = "disk";
device = "/dev/disk/by-id/${config.repo.secrets.local.disk.m2-ssd-1}";
device = "/dev/disk/by-id/${disks.m2-ssd-1}";
content = with lib.disko.gpt; {
type = "table";
format = "gpt";
partitions = [
(partEfi "efi" "0%" "1GiB")
(partLuksZfs "rpool" "1GiB" "100%")
(partLuksZfs disks.m2-ssd-1 "rpool" "1GiB" "100%")
];
};
};
m2-ssd-2 = {
${disks.m2-ssd-2} = {
type = "disk";
device = "/dev/disk/by-id/${config.repo.secrets.local.disk.m2-ssd-2}";
content = lib.disko.content.luksZfs "rpool";
device = "/dev/disk/by-id/${disks.m2-ssd-2}";
content = lib.disko.content.luksZfs disks.m2-ssd-2 "rpool";
};
}
// lib.genAttrs config.repo.secrets.local.disk.hdds-tank (disk: {
// lib.genAttrs disks.hdds-storage (disk: {
type = "disk";
device = "/dev/disk/by-id/${disk}";
content = lib.disko.content.luksZfs "tank";
content = lib.disko.content.luksZfs disk "storage";
});
zpool = with lib.disko.zfs; {
rpool = mkZpool {
@ -38,7 +40,7 @@
"safe/guests" = unmountable;
};
};
tank = mkZpool {
storage = mkZpool {
mode = "raidz1";
datasets = {
"safe/guests" = unmountable;
@ -75,7 +77,7 @@
filesystems = {
"rpool/local/state<" = true;
"rpool/safe<" = true;
"tank/safe<" = true;
"storage/safe<" = true;
};
snapshotting = {
type = "periodic";
@ -112,7 +114,4 @@
];
};
};
boot.initrd.luks.devices.enc-rpool.allowDiscards = true;
boot.initrd.luks.devices.enc-tank.allowDiscards = true;
}

BIN
hosts/sire/secrets/local.nix.age
View file

Binary file not shown.

12
hosts/ward/fs.nix
View file

@ -2,19 +2,21 @@
config,
lib,
...
}: {
}: let
inherit (config.repo.secrets.local) disks;
in {
disko.devices = {
disk = {
m2-ssd = {
${disks.m2-ssd} = {
type = "disk";
device = "/dev/disk/by-id/${config.repo.secrets.local.disk.m2-ssd}";
device = "/dev/disk/by-id/${disks.m2-ssd}";
content = with lib.disko.gpt; {
type = "table";
format = "gpt";
partitions = [
(partEfi "efi" "0%" "1GiB")
(partSwap "swap" "1GiB" "17GiB")
(partLuksZfs "rpool" "17GiB" "100%")
(partLuksZfs disks.m2-ssd "rpool" "17GiB" "100%")
];
};
};
@ -94,6 +96,4 @@
];
};
};
boot.initrd.luks.devices.enc-rpool.allowDiscards = true;
}

BIN
hosts/ward/secrets/local.nix.age
View file

Binary file not shown.

10
hosts/zackbiene/fs.nix
View file

@ -2,19 +2,21 @@
config,
lib,
...
}: {
}: let
inherit (config.repo.secrets.local) disks;
in {
disko.devices = {
disk = {
mmc = {
${disks.mmc} = {
type = "disk";
device = "/dev/disk/by-id/${config.repo.secrets.local.disk.mmc}";
device = "/dev/disk/by-id/${disks.mmc}";
content = with lib.disko.gpt; {
type = "table";
format = "gpt";
partitions = [
(partEfi "efi" "0%" "1GiB")
(partSwap "swap" "1GiB" "9GiB")
(partLuksZfs "rpool" "9GiB" "100%")
(partLuksZfs disks.mmc "rpool" "9GiB" "100%")
];
};
};

BIN
hosts/zackbiene/secrets/local.nix.age
View file

Binary file not shown.

14
lib/disko.nix
View file

@ -4,13 +4,13 @@ _inputs: final: prev: {
// {
disko = {
content = {
luksZfs = name: {
luksZfs = luksName: pool: {
type = "luks";
name = "enc-${name}";
extraOpenArgs = ["--allow-discards"];
name = "${pool}_${luksName}";
settings.allowDiscards = true;
content = {
type = "zfs";
pool = name;
inherit pool;
};
};
};
@ -38,10 +38,10 @@ _inputs: final: prev: {
randomEncryption = true;
};
};
partLuksZfs = name: start: end: {
partLuksZfs = luksName: pool: start: end: {
inherit start end;
name = "enc-${name}";
content = final.lib.disko.content.luksZfs name;
name = "${pool}_${luksName}";
content = final.lib.disko.content.luksZfs luksName pool;
};
};
zfs = rec {