diff --git a/hosts/kroma/fs.nix b/hosts/kroma/fs.nix index 6fd90f3..c4c4040 100644 --- a/hosts/kroma/fs.nix +++ b/hosts/kroma/fs.nix @@ -2,19 +2,21 @@ config, lib, ... -}: { +}: let + inherit (config.repo.secrets.local) disks; +in { disko.devices = { disk = { - m2-ssd = { + ${disks.m2-ssd} = { type = "disk"; - device = "/dev/disk/by-id/${config.repo.secrets.local.disk.m2-ssd}"; + device = "/dev/disk/by-id/${disks.m2-ssd}"; content = with lib.disko.gpt; { type = "table"; format = "gpt"; partitions = [ (partEfi "efi" "0%" "1GiB") (partSwap "swap" "1GiB" "17GiB") - (partLuksZfs "rpool" "17GiB" "100%") + (partLuksZfs disks.m2-ssd "rpool" "17GiB" "100%") ]; }; }; @@ -34,6 +36,4 @@ rpool = mkZpool {datasets = impermanenceZfsDatasets;}; }; }; - - boot.initrd.luks.devices.enc-rpool.allowDiscards = true; } diff --git a/hosts/kroma/secrets/local.nix.age b/hosts/kroma/secrets/local.nix.age index 83d42c1..55a20ee 100644 Binary files a/hosts/kroma/secrets/local.nix.age and b/hosts/kroma/secrets/local.nix.age differ diff --git a/hosts/nom/fs.nix b/hosts/nom/fs.nix index bdd86f4..53d355c 100644 --- a/hosts/nom/fs.nix +++ b/hosts/nom/fs.nix @@ -2,23 +2,25 @@ config, lib, ... -}: { +}: let + inherit (config.repo.secrets.local) disks; +in { disko.devices = { disk = { - m2-ssd = { + ${disks.m2-ssd} = { type = "disk"; - device = "/dev/disk/by-id/${config.repo.secrets.local.disk.m2-ssd}"; + device = "/dev/disk/by-id/${disks.m2-ssd}"; content = with lib.disko.gpt; { type = "table"; format = "gpt"; partitions = [ - (partLuksZfs "rpool" "0%" "100%") + (partLuksZfs disks.m2-ssd "rpool" "0%" "100%") ]; }; }; - boot-ssd = { + ${disks.boot-ssd} = { type = "disk"; - device = "/dev/disk/by-id/${config.repo.secrets.local.disk.boot-ssd}"; + device = "/dev/disk/by-id/${disks.boot-ssd}"; content = with lib.disko.gpt; { type = "table"; format = "gpt"; @@ -33,6 +35,4 @@ rpool = mkZpool {datasets = impermanenceZfsDatasets;}; }; }; - - boot.initrd.luks.devices.enc-rpool.allowDiscards = true; } diff --git a/hosts/nom/secrets/local.nix.age b/hosts/nom/secrets/local.nix.age index 8b1ed2b..ad048f4 100644 Binary files a/hosts/nom/secrets/local.nix.age and b/hosts/nom/secrets/local.nix.age differ diff --git a/hosts/sentinel/fs.nix b/hosts/sentinel/fs.nix index d8fc102..d06e304 100644 --- a/hosts/sentinel/fs.nix +++ b/hosts/sentinel/fs.nix @@ -2,19 +2,21 @@ config, lib, ... -}: { +}: let + inherit (config.repo.secrets.local) disks; +in { disko.devices = { disk = { - main = { + ${disks.main} = { type = "disk"; - device = "/dev/disk/by-id/${config.repo.secrets.local.disk.main}"; + device = "/dev/disk/by-id/${disks.main}"; content = with lib.disko.gpt; { type = "table"; format = "gpt"; partitions = [ (partGrub "grub" "0%" "1MiB") (partEfi "bios" "1MiB" "512MiB") - (partLuksZfs "rpool" "512MiB" "100%") + (partLuksZfs disks.main "rpool" "512MiB" "100%") ]; }; }; @@ -24,6 +26,5 @@ }; }; - boot.loader.grub.devices = ["/dev/disk/by-id/${config.repo.secrets.local.disk.main}"]; - boot.initrd.luks.devices.enc-rpool.allowDiscards = true; + boot.loader.grub.devices = ["/dev/disk/by-id/${disks.main}"]; } diff --git a/hosts/sentinel/secrets/local.nix.age b/hosts/sentinel/secrets/local.nix.age index 16aa17f..5575df7 100644 Binary files a/hosts/sentinel/secrets/local.nix.age and b/hosts/sentinel/secrets/local.nix.age differ diff --git a/hosts/sire/default.nix b/hosts/sire/default.nix index 1119781..3c50ee6 100644 --- a/hosts/sire/default.nix +++ b/hosts/sire/default.nix @@ -44,9 +44,10 @@ # services.telegraf.extraConfig.inputs.github = {}; guests = let - mkGuest = guestName: { + mkGuest = guestName: {enableStorageDataset ? false, ...}: { autostart = true; zfs."/state" = { + # TODO make one option out of that? and split into two readonly options automatically? pool = "rpool"; dataset = "local/guests/${guestName}"; }; @@ -54,6 +55,10 @@ pool = "rpool"; dataset = "safe/guests/${guestName}"; }; + zfs."/storage" = lib.mkIf enableStorageDataset { + pool = "storage"; + dataset = "safe/guests/${guestName}"; + }; modules = [ ../../modules ./guests/common.nix @@ -62,9 +67,9 @@ ]; }; - mkMicrovm = guestName: { + mkMicrovm = guestName: opts: { ${guestName} = - mkGuest guestName + mkGuest guestName opts // { backend = "microvm"; microvm = { @@ -76,9 +81,9 @@ }; # deadnix: skip - mkContainer = guestName: { + mkContainer = guestName: opts: { ${guestName} = - mkGuest guestName + mkGuest guestName opts // { backend = "container"; container.macvlan = "lan"; @@ -87,11 +92,11 @@ in lib.mkIf (!minimal) ( {} - // mkMicrovm "samba" - // mkMicrovm "grafana" - // mkMicrovm "influxdb" - // mkMicrovm "loki" - // mkMicrovm "paperless" + // mkMicrovm "samba" {enableStorageDataset = true;} + // mkMicrovm "grafana" {} + // mkMicrovm "influxdb" {} + // mkMicrovm "loki" {} + // mkMicrovm "paperless" {} #// mkMicrovm "minecraft" #// mkMicrovm "immich" #// mkMicrovm "firefly" diff --git a/hosts/sire/fs.nix b/hosts/sire/fs.nix index 3e4f91d..625554e 100644 --- a/hosts/sire/fs.nix +++ b/hosts/sire/fs.nix @@ -2,32 +2,34 @@ config, lib, ... -}: { +}: let + inherit (config.repo.secrets.local) disks; +in { disko.devices = { disk = { - m2-ssd-1 = { + ${disks.m2-ssd-1} = { type = "disk"; - device = "/dev/disk/by-id/${config.repo.secrets.local.disk.m2-ssd-1}"; + device = "/dev/disk/by-id/${disks.m2-ssd-1}"; content = with lib.disko.gpt; { type = "table"; format = "gpt"; partitions = [ (partEfi "efi" "0%" "1GiB") - (partLuksZfs "rpool" "1GiB" "100%") + (partLuksZfs disks.m2-ssd-1 "rpool" "1GiB" "100%") ]; }; }; - m2-ssd-2 = { + ${disks.m2-ssd-2} = { type = "disk"; - device = "/dev/disk/by-id/${config.repo.secrets.local.disk.m2-ssd-2}"; - content = lib.disko.content.luksZfs "rpool"; + device = "/dev/disk/by-id/${disks.m2-ssd-2}"; + content = lib.disko.content.luksZfs disks.m2-ssd-2 "rpool"; }; } - // lib.genAttrs config.repo.secrets.local.disk.hdds-tank (disk: { + // lib.genAttrs disks.hdds-storage (disk: { type = "disk"; device = "/dev/disk/by-id/${disk}"; - content = lib.disko.content.luksZfs "tank"; + content = lib.disko.content.luksZfs disk "storage"; }); zpool = with lib.disko.zfs; { rpool = mkZpool { @@ -38,7 +40,7 @@ "safe/guests" = unmountable; }; }; - tank = mkZpool { + storage = mkZpool { mode = "raidz1"; datasets = { "safe/guests" = unmountable; @@ -75,7 +77,7 @@ filesystems = { "rpool/local/state<" = true; "rpool/safe<" = true; - "tank/safe<" = true; + "storage/safe<" = true; }; snapshotting = { type = "periodic"; @@ -112,7 +114,4 @@ ]; }; }; - - boot.initrd.luks.devices.enc-rpool.allowDiscards = true; - boot.initrd.luks.devices.enc-tank.allowDiscards = true; } diff --git a/hosts/sire/secrets/local.nix.age b/hosts/sire/secrets/local.nix.age index 187b485..02e9d08 100644 Binary files a/hosts/sire/secrets/local.nix.age and b/hosts/sire/secrets/local.nix.age differ diff --git a/hosts/ward/fs.nix b/hosts/ward/fs.nix index 9181022..fa1ac1d 100644 --- a/hosts/ward/fs.nix +++ b/hosts/ward/fs.nix @@ -2,19 +2,21 @@ config, lib, ... -}: { +}: let + inherit (config.repo.secrets.local) disks; +in { disko.devices = { disk = { - m2-ssd = { + ${disks.m2-ssd} = { type = "disk"; - device = "/dev/disk/by-id/${config.repo.secrets.local.disk.m2-ssd}"; + device = "/dev/disk/by-id/${disks.m2-ssd}"; content = with lib.disko.gpt; { type = "table"; format = "gpt"; partitions = [ (partEfi "efi" "0%" "1GiB") (partSwap "swap" "1GiB" "17GiB") - (partLuksZfs "rpool" "17GiB" "100%") + (partLuksZfs disks.m2-ssd "rpool" "17GiB" "100%") ]; }; }; @@ -94,6 +96,4 @@ ]; }; }; - - boot.initrd.luks.devices.enc-rpool.allowDiscards = true; } diff --git a/hosts/ward/secrets/local.nix.age b/hosts/ward/secrets/local.nix.age index 0a172af..47287ed 100644 Binary files a/hosts/ward/secrets/local.nix.age and b/hosts/ward/secrets/local.nix.age differ diff --git a/hosts/zackbiene/fs.nix b/hosts/zackbiene/fs.nix index 306920e..881dd3e 100644 --- a/hosts/zackbiene/fs.nix +++ b/hosts/zackbiene/fs.nix @@ -2,19 +2,21 @@ config, lib, ... -}: { +}: let + inherit (config.repo.secrets.local) disks; +in { disko.devices = { disk = { - mmc = { + ${disks.mmc} = { type = "disk"; - device = "/dev/disk/by-id/${config.repo.secrets.local.disk.mmc}"; + device = "/dev/disk/by-id/${disks.mmc}"; content = with lib.disko.gpt; { type = "table"; format = "gpt"; partitions = [ (partEfi "efi" "0%" "1GiB") (partSwap "swap" "1GiB" "9GiB") - (partLuksZfs "rpool" "9GiB" "100%") + (partLuksZfs disks.mmc "rpool" "9GiB" "100%") ]; }; }; diff --git a/hosts/zackbiene/secrets/local.nix.age b/hosts/zackbiene/secrets/local.nix.age index 6883a8d..8fdcd2f 100644 Binary files a/hosts/zackbiene/secrets/local.nix.age and b/hosts/zackbiene/secrets/local.nix.age differ diff --git a/lib/disko.nix b/lib/disko.nix index 4d7cb53..91fc188 100644 --- a/lib/disko.nix +++ b/lib/disko.nix @@ -4,13 +4,13 @@ _inputs: final: prev: { // { disko = { content = { - luksZfs = name: { + luksZfs = luksName: pool: { type = "luks"; - name = "enc-${name}"; - extraOpenArgs = ["--allow-discards"]; + name = "${pool}_${luksName}"; + settings.allowDiscards = true; content = { type = "zfs"; - pool = name; + inherit pool; }; }; }; @@ -38,10 +38,10 @@ _inputs: final: prev: { randomEncryption = true; }; }; - partLuksZfs = name: start: end: { + partLuksZfs = luksName: pool: start: end: { inherit start end; - name = "enc-${name}"; - content = final.lib.disko.content.luksZfs name; + name = "${pool}_${luksName}"; + content = final.lib.disko.content.luksZfs luksName pool; }; }; zfs = rec {