refactor: make luks names predictable

hosts/kroma/fs.nix

@@ -2,19 +2,21 @@
   config,
   lib,
   ...
-}: {
+}: let
+  inherit (config.repo.secrets.local) disks;
+in {
   disko.devices = {
     disk = {
-      m2-ssd = {
+      ${disks.m2-ssd} = {
         type = "disk";
-        device = "/dev/disk/by-id/${config.repo.secrets.local.disk.m2-ssd}";
+        device = "/dev/disk/by-id/${disks.m2-ssd}";
         content = with lib.disko.gpt; {
           type = "table";
           format = "gpt";
           partitions = [
             (partEfi "efi" "0%" "1GiB")
             (partSwap "swap" "1GiB" "17GiB")
-            (partLuksZfs "rpool" "17GiB" "100%")
+            (partLuksZfs disks.m2-ssd "rpool" "17GiB" "100%")
           ];
         };
       };
@@ -34,6 +36,4 @@
       rpool = mkZpool {datasets = impermanenceZfsDatasets;};
     };
   };
-
-  boot.initrd.luks.devices.enc-rpool.allowDiscards = true;
 }

hosts/nom/fs.nix

@@ -2,23 +2,25 @@
   config,
   lib,
   ...
-}: {
+}: let
+  inherit (config.repo.secrets.local) disks;
+in {
   disko.devices = {
     disk = {
-      m2-ssd = {
+      ${disks.m2-ssd} = {
         type = "disk";
-        device = "/dev/disk/by-id/${config.repo.secrets.local.disk.m2-ssd}";
+        device = "/dev/disk/by-id/${disks.m2-ssd}";
         content = with lib.disko.gpt; {
           type = "table";
           format = "gpt";
           partitions = [
-            (partLuksZfs "rpool" "0%" "100%")
+            (partLuksZfs disks.m2-ssd "rpool" "0%" "100%")
           ];
         };
       };
-      boot-ssd = {
+      ${disks.boot-ssd} = {
         type = "disk";
-        device = "/dev/disk/by-id/${config.repo.secrets.local.disk.boot-ssd}";
+        device = "/dev/disk/by-id/${disks.boot-ssd}";
         content = with lib.disko.gpt; {
           type = "table";
           format = "gpt";
@@ -33,6 +35,4 @@
       rpool = mkZpool {datasets = impermanenceZfsDatasets;};
     };
   };
-
-  boot.initrd.luks.devices.enc-rpool.allowDiscards = true;
 }

hosts/sentinel/fs.nix

@@ -2,19 +2,21 @@
   config,
   lib,
   ...
-}: {
+}: let
+  inherit (config.repo.secrets.local) disks;
+in {
   disko.devices = {
     disk = {
-      main = {
+      ${disks.main} = {
         type = "disk";
-        device = "/dev/disk/by-id/${config.repo.secrets.local.disk.main}";
+        device = "/dev/disk/by-id/${disks.main}";
         content = with lib.disko.gpt; {
           type = "table";
           format = "gpt";
           partitions = [
             (partGrub "grub" "0%" "1MiB")
             (partEfi "bios" "1MiB" "512MiB")
-            (partLuksZfs "rpool" "512MiB" "100%")
+            (partLuksZfs disks.main "rpool" "512MiB" "100%")
           ];
         };
       };
@@ -24,6 +26,5 @@
     };
   };
 
-  boot.loader.grub.devices = ["/dev/disk/by-id/${config.repo.secrets.local.disk.main}"];
+  boot.loader.grub.devices = ["/dev/disk/by-id/${disks.main}"];
-  boot.initrd.luks.devices.enc-rpool.allowDiscards = true;
 }

hosts/sire/default.nix

@@ -44,9 +44,10 @@
   # services.telegraf.extraConfig.inputs.github = {};
 
   guests = let
-    mkGuest = guestName: {
+    mkGuest = guestName: {enableStorageDataset ? false, ...}: {
       autostart = true;
       zfs."/state" = {
+        # TODO make one option out of that? and split into two readonly options automatically?
         pool = "rpool";
         dataset = "local/guests/${guestName}";
       };
@@ -54,6 +55,10 @@
         pool = "rpool";
         dataset = "safe/guests/${guestName}";
       };
+      zfs."/storage" = lib.mkIf enableStorageDataset {
+        pool = "storage";
+        dataset = "safe/guests/${guestName}";
+      };
       modules = [
         ../../modules
         ./guests/common.nix
@@ -62,9 +67,9 @@
       ];
     };
 
-    mkMicrovm = guestName: {
+    mkMicrovm = guestName: opts: {
       ${guestName} =
-        mkGuest guestName
+        mkGuest guestName opts
         // {
           backend = "microvm";
           microvm = {
@@ -76,9 +81,9 @@
     };
 
     # deadnix: skip
-    mkContainer = guestName: {
+    mkContainer = guestName: opts: {
       ${guestName} =
-        mkGuest guestName
+        mkGuest guestName opts
         // {
           backend = "container";
           container.macvlan = "lan";
@@ -87,11 +92,11 @@
   in
     lib.mkIf (!minimal) (
       {}
-      // mkMicrovm "samba"
+      // mkMicrovm "samba" {enableStorageDataset = true;}
-      // mkMicrovm "grafana"
+      // mkMicrovm "grafana" {}
-      // mkMicrovm "influxdb"
+      // mkMicrovm "influxdb" {}
-      // mkMicrovm "loki"
+      // mkMicrovm "loki" {}
-      // mkMicrovm "paperless"
+      // mkMicrovm "paperless" {}
       #// mkMicrovm "minecraft"
       #// mkMicrovm "immich"
       #// mkMicrovm "firefly"

hosts/sire/fs.nix

@@ -2,32 +2,34 @@
   config,
   lib,
   ...
-}: {
+}: let
+  inherit (config.repo.secrets.local) disks;
+in {
   disko.devices = {
     disk =
       {
-        m2-ssd-1 = {
+        ${disks.m2-ssd-1} = {
           type = "disk";
-          device = "/dev/disk/by-id/${config.repo.secrets.local.disk.m2-ssd-1}";
+          device = "/dev/disk/by-id/${disks.m2-ssd-1}";
           content = with lib.disko.gpt; {
             type = "table";
             format = "gpt";
             partitions = [
               (partEfi "efi" "0%" "1GiB")
-              (partLuksZfs "rpool" "1GiB" "100%")
+              (partLuksZfs disks.m2-ssd-1 "rpool" "1GiB" "100%")
             ];
           };
         };
-        m2-ssd-2 = {
+        ${disks.m2-ssd-2} = {
           type = "disk";
-          device = "/dev/disk/by-id/${config.repo.secrets.local.disk.m2-ssd-2}";
+          device = "/dev/disk/by-id/${disks.m2-ssd-2}";
-          content = lib.disko.content.luksZfs "rpool";
+          content = lib.disko.content.luksZfs disks.m2-ssd-2 "rpool";
         };
       }
-      // lib.genAttrs config.repo.secrets.local.disk.hdds-tank (disk: {
+      // lib.genAttrs disks.hdds-storage (disk: {
         type = "disk";
         device = "/dev/disk/by-id/${disk}";
-        content = lib.disko.content.luksZfs "tank";
+        content = lib.disko.content.luksZfs disk "storage";
       });
     zpool = with lib.disko.zfs; {
       rpool = mkZpool {
@@ -38,7 +40,7 @@
             "safe/guests" = unmountable;
           };
       };
-      tank = mkZpool {
+      storage = mkZpool {
         mode = "raidz1";
         datasets = {
           "safe/guests" = unmountable;
@@ -75,7 +77,7 @@
           filesystems = {
             "rpool/local/state<" = true;
             "rpool/safe<" = true;
-            "tank/safe<" = true;
+            "storage/safe<" = true;
           };
           snapshotting = {
             type = "periodic";
@@ -112,7 +114,4 @@
       ];
     };
   };
-
-  boot.initrd.luks.devices.enc-rpool.allowDiscards = true;
-  boot.initrd.luks.devices.enc-tank.allowDiscards = true;
 }

hosts/ward/fs.nix

@@ -2,19 +2,21 @@
   config,
   lib,
   ...
-}: {
+}: let
+  inherit (config.repo.secrets.local) disks;
+in {
   disko.devices = {
     disk = {
-      m2-ssd = {
+      ${disks.m2-ssd} = {
         type = "disk";
-        device = "/dev/disk/by-id/${config.repo.secrets.local.disk.m2-ssd}";
+        device = "/dev/disk/by-id/${disks.m2-ssd}";
         content = with lib.disko.gpt; {
           type = "table";
           format = "gpt";
           partitions = [
             (partEfi "efi" "0%" "1GiB")
             (partSwap "swap" "1GiB" "17GiB")
-            (partLuksZfs "rpool" "17GiB" "100%")
+            (partLuksZfs disks.m2-ssd "rpool" "17GiB" "100%")
           ];
         };
       };
@@ -94,6 +96,4 @@
       ];
     };
   };
-
-  boot.initrd.luks.devices.enc-rpool.allowDiscards = true;
 }

hosts/zackbiene/fs.nix

@@ -2,19 +2,21 @@
   config,
   lib,
   ...
-}: {
+}: let
+  inherit (config.repo.secrets.local) disks;
+in {
   disko.devices = {
     disk = {
-      mmc = {
+      ${disks.mmc} = {
         type = "disk";
-        device = "/dev/disk/by-id/${config.repo.secrets.local.disk.mmc}";
+        device = "/dev/disk/by-id/${disks.mmc}";
         content = with lib.disko.gpt; {
           type = "table";
           format = "gpt";
           partitions = [
             (partEfi "efi" "0%" "1GiB")
             (partSwap "swap" "1GiB" "9GiB")
-            (partLuksZfs "rpool" "9GiB" "100%")
+            (partLuksZfs disks.mmc "rpool" "9GiB" "100%")
           ];
         };
       };

lib/disko.nix

@@ -4,13 +4,13 @@ _inputs: final: prev: {
     // {
       disko = {
         content = {
-          luksZfs = name: {
+          luksZfs = luksName: pool: {
             type = "luks";
-            name = "enc-${name}";
+            name = "${pool}_${luksName}";
-            extraOpenArgs = ["--allow-discards"];
+            settings.allowDiscards = true;
             content = {
               type = "zfs";
-              pool = name;
+              inherit pool;
             };
           };
         };
@@ -38,10 +38,10 @@ _inputs: final: prev: {
               randomEncryption = true;
             };
           };
-          partLuksZfs = name: start: end: {
+          partLuksZfs = luksName: pool: start: end: {
             inherit start end;
-            name = "enc-${name}";
+            name = "${pool}_${luksName}";
-            content = final.lib.disko.content.luksZfs name;
+            content = final.lib.disko.content.luksZfs luksName pool;
           };
         };
         zfs = rec {