From 664cb45a083c9b7bbb1c9bc7ae982a1e78eaf41f Mon Sep 17 00:00:00 2001 From: oddlama Date: Fri, 5 Jan 2024 13:29:46 +0100 Subject: [PATCH] refactor: make luks names predictable --- hosts/kroma/fs.nix | 12 ++++++------ hosts/kroma/secrets/local.nix.age | Bin 642 -> 642 bytes hosts/nom/fs.nix | 16 +++++++-------- hosts/nom/secrets/local.nix.age | Bin 751 -> 673 bytes hosts/sentinel/fs.nix | 13 +++++++------ hosts/sentinel/secrets/local.nix.age | Bin 846 -> 837 bytes hosts/sire/default.nix | 25 ++++++++++++++---------- hosts/sire/fs.nix | 27 +++++++++++++------------- hosts/sire/secrets/local.nix.age | Bin 934 -> 881 bytes hosts/ward/fs.nix | 12 ++++++------ hosts/ward/secrets/local.nix.age | Bin 661 -> 695 bytes hosts/zackbiene/fs.nix | 10 ++++++---- hosts/zackbiene/secrets/local.nix.age | Bin 699 -> 637 bytes lib/disko.nix | 14 ++++++------- 14 files changed, 68 insertions(+), 61 deletions(-) diff --git a/hosts/kroma/fs.nix b/hosts/kroma/fs.nix index 6fd90f3..c4c4040 100644 --- a/hosts/kroma/fs.nix +++ b/hosts/kroma/fs.nix @@ -2,19 +2,21 @@ config, lib, ... -}: { +}: let + inherit (config.repo.secrets.local) disks; +in { disko.devices = { disk = { - m2-ssd = { + ${disks.m2-ssd} = { type = "disk"; - device = "/dev/disk/by-id/${config.repo.secrets.local.disk.m2-ssd}"; + device = "/dev/disk/by-id/${disks.m2-ssd}"; content = with lib.disko.gpt; { type = "table"; format = "gpt"; partitions = [ (partEfi "efi" "0%" "1GiB") (partSwap "swap" "1GiB" "17GiB") - (partLuksZfs "rpool" "17GiB" "100%") + (partLuksZfs disks.m2-ssd "rpool" "17GiB" "100%") ]; }; }; @@ -34,6 +36,4 @@ rpool = mkZpool {datasets = impermanenceZfsDatasets;}; }; }; - - boot.initrd.luks.devices.enc-rpool.allowDiscards = true; } diff --git a/hosts/kroma/secrets/local.nix.age b/hosts/kroma/secrets/local.nix.age index 83d42c12005d70748fe09c969b5a1c080c5c6b7c..55a20ee6248c9eef0ab815f69327a61b25a4d4cd 100644 GIT binary patch delta 621 zcmV-z0+RiL1%d^TAb(9$Z**l)Wl>Zsa%n|!NOodJK{Yp4K~{NrL{V%oNK0gBD@ZkM zYE3z6Zwfg^H&13TdRI4XMMpDIGBjCaN;pYmK`}8$Wny_ZZg6T!D^qY|F-&iIV+t)k zAaH4REpRe5HXwL$Q)M_&AVD=pQgv1_bz*FDNlmC|PJDI807$LOD`5 zWKvgaF;y#XaDPDxEiEk|WiTseM{jpWId?a5b1-pGPF6=`L^W|xQdnYYd2%&#S2#3e zIZJXdLpVtaH9mdwO|<%<*Qi8f;x81$>NRdsGdJiW=urPzoa- ztX@OwO@BsrbIPM+r!a{qzDEWs^I(Bh zj)diWUd7G*IKGFRdr^v9Nt|p_y%E+%9-Ws#3T<+#3RX_F_+Mdd-P!iREf!%Yvcq%) zC7N1KQ(8YQsH5FC)?A;ex}d%V!zm2k%ILnKFyv1P$OhwoQnIYNmc~Tfg}|G^>s%+h zwE!Lz2xiCD;~<}3ren5SZBt^E*9tA+7`JByk(sUd^JKrR6v*nQQ7W~8IClA4NLQig zXcx>~I$o5bMA%gvGGc?-PKh#7y+@tT-2puO=vY(Fpe{Hc=^`&nmMO8|A-NHMaa;zZ H8<9+8I)nA= delta 621 zcmV-z0+RiL1%d^TAb&48LRV{7VKP{1HFQXFL2yklOG9&EZ)7o0LQg|0M`%$;cxf{= zH&knCSqe*UGI?b(MM^P6HE(QlQZ+?dOK?g=SUGqxRYyv8Mn`Z*L2PM3L}5sIO$seO zAaH4REpRe5HXwL$Q)M_&AVGI8MK*J2YjQF&Z%J`5RAXmmH-AZPM>%O`PEBuGF>!A- zZ8CT^Vo66aVOk0{Mk{MjF;Q1+QBZGYYFc$eSu06tMPxx`O)_~mZg^`mR6#FFLS%Pz zY(WYwJ|I$KK|+2lXL4m>b7deWL@6m?O(1n3YVskMvFJozQF=S>qQDSCB zF==sHb8azKV}Dh0Q3@?BEg*DrQ*APOQEygidP7J!aB4|7SXD<&*IY={8Y*uqk zW_C6=T0?qpXA11a`T?F&UYTAfxb@h|^zGuyG1GCizO=dWnZ7`Jme#_Xl2s5hdCkn^ z%_9#LP0SmAsfPYG#859LO4S&u5-POAQ-OcMZIYS5}Fn#!(Y*q8RK!DJp&WYSYss`-g&jqz@bWxCip^6?4u2O2EU z=pTlxxdyWArus(RWf<_!33OjNUlVQfhu@3ivq!OQLPcR|ZDUVpPIPHENm*BEdSNq5a%^`&Mq+DeSv6BmK?*HC zAaH4REpRe5HXwL$Q)M_&AVD%tVPZ8_I516bRB2=@bZ1U0YJWjTa(63sD>G7hI5|!> zLT*z@G-^k4L3s)?dN*oGbaz5iVl*&#Pf=o2c}PJ@R9bj8MsrIvW=2VIYFA28D_LhT zdO->;J|HJ8XL4m>b7dfLCwU?%esFytQy_CwUkY|wLT6KIL0K*-?2jaUUajF^mFWJv=^d6M7GnPfEbjG=Eh2gYc_r4)r{9rO)Q#+8pcb z+w=j_q`zJn!~jz2R4;a(zf5|^3QkNjz91(?y#i8|;=#Ihr9G1ND4FzI0F+@$&jvljeVqdu5Jw27 delta 731 zcmV<10wn#R1@8rrAb&DRRz@#pG}c zP;+@!X9`I~Zc|J-G(js=LRe8nF*h_&Idy7UGMZB}S(UaWOV9Nk~doc1T59Zc}A>X-q3iVp45-Rzi6} zWO8R@Mqy8FL1|E0N_S~jHVQ2*Eg(l@aavhsbZ%&Faeq^1cuPTUW;0q(O;Rs3VQ^3@ zGB<5CWM)!EZ%TPNLUC0&HaB=fNLe{JWpZ>v zQ&?0(a|%d7M`~b7de{J|KNwAS7pFL_#1dX<>2-dN@aLba^y6Q$tQ@PAg9_ zK{ZixFi%lQDiGYRYh?~H*ipD zS7>l=Hc&573N0-yATLx{SWsv%Ls~O3?Dp$ z(j3q>H2;-T^=xcdETeEWCvJM`uQw%JnHS)qMHd8M1Kv1T`TsFi;lQk4%85eRt)ZKg zQTi5)2Y;1C83s}-)BcsR=ru3!BQPl+cnmLtR!k>;ONoSwDuYD-`vhMz((j?0C|yW^ zUn`$jCd_26=q-O8l=!JyE4<`c zp8EioJWemsDU-!fBV(K#+iX}=JGJ^$;2Z$;v47+r;S^xh)IAs5P}Oi{bEK*mz>z^@JvHZ&!yQneyQU?v^FZhHd410x&ig``qP2><{9 delta 827 zcmV-B1H}Br2F?bMAb(hRWK~xyY-cz)SV&k{OLA0eHdabDPf~egRdz3Lcwb7de^a5iiteQiG=J|r$YOhPkNAZRdoVIWCgFJ(0^3U*{K za(HD#GeI*_M1OQSMK5nPPgXKZQb=QFbwy2cRa!YlNLg`AbXs_JGF5j=Sw?JQN?}uN zVNx|zcW7ocIZz5vR7EsFNKSB0P;N;!Hc?4sO*JxPM0agNT2gglGC@L3H#2HaGH-Wx zYEWZgO;2xkNOw4Rb9GQFOK%D-EiE8sZ8ubCX)sbRWq)j0S!QNgMM`ojbxuY$PE=1; zXHr;eSW$XwW=&IiaBWQrs7ptKrgU>beqZPk-YR}H(QPbjL|p62L7g*)M=D<@;fu^! zxS#h)tC_dNo|M{EYh8a5Y(34;pn)2Leaxh6 z##@37Qh;mn%gM8#Au^mq!|yJ%*6S$waYE{Y(tlB(3|){b09?`|Ti24AJJwdhGI*~O zq5V3fADGF4HxN_Gb%LHezp00bF6D0xeTU+Zz*72l>KUz0p^@rT3gK FUbSvAP0auR diff --git a/hosts/sire/default.nix b/hosts/sire/default.nix index 1119781..3c50ee6 100644 --- a/hosts/sire/default.nix +++ b/hosts/sire/default.nix @@ -44,9 +44,10 @@ # services.telegraf.extraConfig.inputs.github = {}; guests = let - mkGuest = guestName: { + mkGuest = guestName: {enableStorageDataset ? false, ...}: { autostart = true; zfs."/state" = { + # TODO make one option out of that? and split into two readonly options automatically? pool = "rpool"; dataset = "local/guests/${guestName}"; }; @@ -54,6 +55,10 @@ pool = "rpool"; dataset = "safe/guests/${guestName}"; }; + zfs."/storage" = lib.mkIf enableStorageDataset { + pool = "storage"; + dataset = "safe/guests/${guestName}"; + }; modules = [ ../../modules ./guests/common.nix @@ -62,9 +67,9 @@ ]; }; - mkMicrovm = guestName: { + mkMicrovm = guestName: opts: { ${guestName} = - mkGuest guestName + mkGuest guestName opts // { backend = "microvm"; microvm = { @@ -76,9 +81,9 @@ }; # deadnix: skip - mkContainer = guestName: { + mkContainer = guestName: opts: { ${guestName} = - mkGuest guestName + mkGuest guestName opts // { backend = "container"; container.macvlan = "lan"; @@ -87,11 +92,11 @@ in lib.mkIf (!minimal) ( {} - // mkMicrovm "samba" - // mkMicrovm "grafana" - // mkMicrovm "influxdb" - // mkMicrovm "loki" - // mkMicrovm "paperless" + // mkMicrovm "samba" {enableStorageDataset = true;} + // mkMicrovm "grafana" {} + // mkMicrovm "influxdb" {} + // mkMicrovm "loki" {} + // mkMicrovm "paperless" {} #// mkMicrovm "minecraft" #// mkMicrovm "immich" #// mkMicrovm "firefly" diff --git a/hosts/sire/fs.nix b/hosts/sire/fs.nix index 3e4f91d..625554e 100644 --- a/hosts/sire/fs.nix +++ b/hosts/sire/fs.nix @@ -2,32 +2,34 @@ config, lib, ... -}: { +}: let + inherit (config.repo.secrets.local) disks; +in { disko.devices = { disk = { - m2-ssd-1 = { + ${disks.m2-ssd-1} = { type = "disk"; - device = "/dev/disk/by-id/${config.repo.secrets.local.disk.m2-ssd-1}"; + device = "/dev/disk/by-id/${disks.m2-ssd-1}"; content = with lib.disko.gpt; { type = "table"; format = "gpt"; partitions = [ (partEfi "efi" "0%" "1GiB") - (partLuksZfs "rpool" "1GiB" "100%") + (partLuksZfs disks.m2-ssd-1 "rpool" "1GiB" "100%") ]; }; }; - m2-ssd-2 = { + ${disks.m2-ssd-2} = { type = "disk"; - device = "/dev/disk/by-id/${config.repo.secrets.local.disk.m2-ssd-2}"; - content = lib.disko.content.luksZfs "rpool"; + device = "/dev/disk/by-id/${disks.m2-ssd-2}"; + content = lib.disko.content.luksZfs disks.m2-ssd-2 "rpool"; }; } - // lib.genAttrs config.repo.secrets.local.disk.hdds-tank (disk: { + // lib.genAttrs disks.hdds-storage (disk: { type = "disk"; device = "/dev/disk/by-id/${disk}"; - content = lib.disko.content.luksZfs "tank"; + content = lib.disko.content.luksZfs disk "storage"; }); zpool = with lib.disko.zfs; { rpool = mkZpool { @@ -38,7 +40,7 @@ "safe/guests" = unmountable; }; }; - tank = mkZpool { + storage = mkZpool { mode = "raidz1"; datasets = { "safe/guests" = unmountable; @@ -75,7 +77,7 @@ filesystems = { "rpool/local/state<" = true; "rpool/safe<" = true; - "tank/safe<" = true; + "storage/safe<" = true; }; snapshotting = { type = "periodic"; @@ -112,7 +114,4 @@ ]; }; }; - - boot.initrd.luks.devices.enc-rpool.allowDiscards = true; - boot.initrd.luks.devices.enc-tank.allowDiscards = true; } diff --git a/hosts/sire/secrets/local.nix.age b/hosts/sire/secrets/local.nix.age index 187b48579b7198b548c34f1c2d7558763be3c491..02e9d08a55917d2208af5b13473c27713ed29a8d 100644 GIT binary patch delta 862 zcmV-k1EKt;2k{1wAb)yMQ!hthK{Pd1FfVpFK{j%8R8Dy`M>KeGZgpcwXhC^!Vn}2; zadKEkSqgYdD_3!JbZc@{PI*vEN_s?LM^8sqL~2<>FGo0UHAYEIP*ZDFQ#ej!MG7rG zAaH4REpRe5HXwL$Q)M_&AVGIURBSa_QZqSZS2l1kFilN4bAK^cQ8_bFYc@z?NNjOM zL1#sAG*onIH){$rY-2<#OJg%*XKZQgJ|KNnEoX9NVRL05b0<^^PcK?_SwcB8GfXl|Ok^}eSu{~vOl50RWldRSGIujF zV|GhXP;ob8SAS|NPc?aDFi9(83N0-yATKpIadl2tS1&k1c0nscH*$GZcy2XMVrpYX zMlf(oRdrEuNpoajIdCsy3XmU0F<8C;Dwjp94}Tdk6eqcM1bE&!@34eqc&aS`?R4aR zka{~5wr_tKc(X4pR93IuK(-5QL(TEZupI8g*47O%gMU5Dvxn7_mK7z97|(ND%2Y12 z@U##mPC#tj&1Yh+$xSfrA6VV$);yWLNBTyZKtm~}F5cl=GYzjy#L3A}2T^QJK5Q_6 z?~u~D$hQf_U^f7I?Zn9Wxu76l_E+17&fd8Ojet15( z$Zh~XW2Ic}%rt z%@TC$F$aU^&Xty%qQcJj-eXs(w8I1J;hX3_!6<-z@v!Q@KuoE{`{$aNw;rAp*NEU` zMOTB!2eGVhO)O0vK=Hrs0S`RrXVGZT(UL*$H5^BO!GD)4<2>_zEf%_H2q<|ZsMl*$ oNU_!jXlo6n;yV$BKovPD*ajopGp6fF``bAS8vLf}h^%r3Q;3vqPyhe` delta 916 zcmV;F18e;82Brs)Ab)i^SZio`SW-tTMp9E|XIWWFcyu#Pc6DuXG&M$UOj>S2a5PVN zD`GQvSqf`-M>%jbaBWp`GEQ`Md2dc?VOnlEHBfPHId^3^Z%=P=L18yqLS;5^MG7rG zAaH4REpRe5HXwL$Q)M_&AVD{2MS5yuI4?;uSW!|ocUW{$GJi%+bY^ThZcAZpN^Wvy za6v;&ctmMJWMv9wFGp=Oc{fB$S4DJGXG}v>V`Fe_L}^THYDhO!Id*t4ayW5NK}=Y0 zS$7I8J|JXQG9_JQcP(dfWnpt=AZbfYAV*XjMC6EFgDEHfIV%ODi!-SW;S8 zX?QbYVMt*(Lw`_XN_96mHA**Rd2C2dNKRukS5#**VMJGKNLWH~QC2rXOLWD^zN1c~oamV>V|}Gii7;c5*pU3N0-yAT&g2a#dPmRY_KJH%(_+YHxNp zR!mnja4~UWM`$-wLN!WdSvEyiYELnD3L)LyxQL;0&wrWAa5sv!$;Lb5Wd?hnN8TJn z6Oz=_1Sc%iFAu%*5=|XMWx|m1$OZ2G~VlkUU)t(1c*n%*S>*o&_H7cSnk{6xDQ% z!rxlmY4uV`5H3FQWEG`gV)bq$3k!)tT!r5q)PFwnw(9>d4?>0$^9m}A5>2F^bRhse^mW#uiVzt=wVz3Mvtk0 zwto<@$)Sa}Z5}Q8>USx1H@l=s--_vC0|~Wio7W4Xpvs!O!PMyc{!ZbjkV`QHP@G1g zxblyBpr{5Ud`mN{S_kBU71ZD;4|YZ$PYpC!)XnN*X*4;hQ?5|8PTQS68-p-6l_L92 q$Ha_@5_pDVzrQJ;vs^9`Dy-$w7%am7ObzE=Xz*j~bh{A7fp1ULaDIRQ diff --git a/hosts/ward/fs.nix b/hosts/ward/fs.nix index 9181022..fa1ac1d 100644 --- a/hosts/ward/fs.nix +++ b/hosts/ward/fs.nix @@ -2,19 +2,21 @@ config, lib, ... -}: { +}: let + inherit (config.repo.secrets.local) disks; +in { disko.devices = { disk = { - m2-ssd = { + ${disks.m2-ssd} = { type = "disk"; - device = "/dev/disk/by-id/${config.repo.secrets.local.disk.m2-ssd}"; + device = "/dev/disk/by-id/${disks.m2-ssd}"; content = with lib.disko.gpt; { type = "table"; format = "gpt"; partitions = [ (partEfi "efi" "0%" "1GiB") (partSwap "swap" "1GiB" "17GiB") - (partLuksZfs "rpool" "17GiB" "100%") + (partLuksZfs disks.m2-ssd "rpool" "17GiB" "100%") ]; }; }; @@ -94,6 +96,4 @@ ]; }; }; - - boot.initrd.luks.devices.enc-rpool.allowDiscards = true; } diff --git a/hosts/ward/secrets/local.nix.age b/hosts/ward/secrets/local.nix.age index 0a172af65e68ecf43dcc847be8adff7880f400c9..47287eda601aa8a73166d8f553e84c1abdd25c6c 100644 GIT binary patch delta 675 zcmV;U0$lx-1-Au|Ab)d6SxhuVS43-cFimnnMs71Xby;UJbTL|Lc1JlYG(l)EXku?i zXhceAO$uvdPIPB*P+BiSVq;5IM^JfKIeIT|M=NqwHe+^8WOr9tGgx_3NK<%jO$seO zAaH4REpRe5HXwL$Q)M_&AVF?=Sz}j0Z(&AFRBmHUR&h&XOn*~yR7^2MRBmH$Ojmkl zNicdsY;STxN>vJDdPrq$LvAurF=i`yP*FHHM?+>sI5==+ZEIOsWj1JdNmeyRQBP}1 zdPNE?J|Iw0J#%I`Xeljca%Ew2Wgt3cAS+NJEnIAQAbBBrAXqVUY(sc@3M)%)YiCD9 zNN!?nVpB3qFMn2fSW_@dNO)*xL~eCxb7MkjXLdwvRZllzSavXYQ8PzEWi@PeWJ+;T zWO*wvHggJXXI4uub8loXbT&0oMKxtoL1j;Oa&}lRFEC>=R5wv*Q)z5fGg?z{ZF5dm zM|wDLX){=QX=yPpbWCqiZD%(MWp@fKEiE8vMNV;QMt?~`Y;H1icr;>GS#eV@WKB=Z73=*Gl0gcQYvpl8o=h#Q)%)K=U>v;`Asek6D`fCmW6j>4kF}Q^>cn9OFoyXVQvH82TP7;fZ2e>fxFA}R_wU`uLJW;=8 z?Eu)m2*>=XXaDZC_CrVi6Un{#v3w|WEUA|qqt8_vZo1Mcpxk%U7UjrK#Gu8AKzn>D zInZ}Cak~C#;YiAQ>B!ZFNQi|vf5Er|5kt|RaHYUQF<~_a|$g! zAaH4REpRe5HXwL$Q)M_&AVD)SG)Z+>Vs3FoYIIt5bT}|hR)23XFlSRSadm1$O-5^O zMK&-mK}vWlL30XMW_eddP;G8VV|PzfVlYcIWK=>pc1SN{GcrXlT6i@$N-r=(XGkw$ zLU#%+J|J>zEoX9NVRL05KY4T@DoaUwGa!3WQ&T@6VOBqUK|Mixav1J7tZx5LaqmaC;sW4k( zkZ;)WC?P8>yiAb0!!s*fiX#vqew#j$Jincnq%_bY33v1W_E2jM{QDSaAhwrNijxZK}1V7Q#D#iIbnEGH)BjsIcsWRI0`L3 zAaH4REpRe5HXwL$Q)M_&AVG38IcPCWRxvR*Oh`8|Z+S~MYkzA(a7#*dG;}doc|>wf zcvnwLHe*3eR7?tZYf*YZXh%46Zc-~kD?)m9F;7WZQ)6>%Lryn&OKUP|O?FpEFIRa| zZ8QokJ|JL6CQ39#EoX9NVRL05H9>bxV_iNVRA+2HYB5?m3P)3DXJTtuMs{v=NkUa( zdNN^CXEaerSAS$oc6oSHX9_JXEg*D3QA=e~VM20Gcw{$sZf<5xZZb_XHdkzMdPYWU zH%D4{VQV*cRcmJ}a|-rj2m_PfKbsyvhxB|t!h4*JcAGEo4+WX3`x@Q*yrsp|#R)0q3TC0iii<)wu(=^)|eKF%v zS`eD5Gx+r}6M}%0hYg0=r(4we(NoLhB#V!qeQNjNUsk_UW%q4Sd}#5VI8<`nE$#R_{U?N38Gg$z8yhF^@5Vt?QJ?QOuEwZ) z2YYysSYcrGCg*WTlW2FdsDZNOE#cX>2QHWn*hiFKRYfGAl@D zX?jO^YYI4GYBo`1WNI8{=3XlFMt zF*SH^Q$uM`Z#N1xF?VV=Qgv2PaByRENJU0-K{+)@Ra$OkPi$d!NjPR2nYC|$hQffywl8z*0clm~T=Pt{mabaFu#z(W%<-Wx1^LTRdbXTdS!I-9>+K``e24`jzap!1@ zL++lkyxO=s)DMWtiRq&%*Kh9J`TJccpxP7AzQVtl2Mfh`t z4yPra)~+Mepv*PZ^N5As2h^b7=Ioj@@Nq5hG$5REwPJSo5k