ppetru/alo-cluster
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make the disko config a module.

Browse Source
This commit is contained in:
Petru
2024-08-06 07:36:56 +01:00
parent 258b8e1fdf
commit bcd1a5c0d5
4 changed files with 101 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

93
common/encrypted-btrfs-layout.nix Normal file
View File

@@ -0,0 +1,93 @@
{ lib, config, ... }:
let
cfg = config.diskLayout;
in
{
options.diskLayout = {
mainDiskDevice = lib.mkOption {
type = lib.types.str;
description = "The device ID for the main disk";
};
keyDiskDevice = lib.mkOption {
type = lib.types.str;
description = "The device ID for the key disk";
};
};
config = {
disko.devices = {
disk.main = {
device = cfg.mainDiskDevice;
type = "disk";
content = {
type = "gpt";
partitions = {
esp = {
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
luksroot = {
end = "-8G";
content = {
type = "luks";
name = "luksroot";
settings = {
allowDiscards = true;
keyFile = cfg.keyDiskDevice;
keyFileSize = 4096;
};
content = {
type = "btrfs";
subvolumes = {
"root" = {
mountpoint = "/";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"nix" = {
mountpoint = "/nix";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"persist" = {
mountpoint = "/persist";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"log" = {
mountpoint = "/var/log";
mountOptions = [
"compress=zstd"
"noatime"
];
};
};
};
};
};
swap = {
size = "8G";
content = {
type = "swap";
randomEncryption = true;
};
};
};
};
};
};
};
}

8
hosts/chilly/default.nix
View File

@@ -3,10 +3,16 @@
imports = [ imports = [
../../common/global ../../common/global
../../common/base-node.nix ../../common/base-node.nix
./disk-config.nix ../../common/encrypted-btrfs-layout.nix
./hardware.nix ./hardware.nix
]; ];
diskLayout = {
mainDiskDevice = "/dev/disk/by-id/ata-FORESEE_512GB_SSD_MP15B03900928";
#keyDiskDevice = "/dev/disk/by-id/usb-Intenso_Micro_Line_22080777660586-0:0";
keyDiskDevice = "/dev/sdb";
};
networking.hostName = "chilly"; networking.hostName = "chilly";
services.tailscaleAutoconnect.authkey = "tskey-auth-kRXS9oPyPm11CNTRL-BE6YnbP9J6ZZuV9dHkX17ZMnm1JGdu93"; services.tailscaleAutoconnect.authkey = "tskey-auth-kRXS9oPyPm11CNTRL-BE6YnbP9J6ZZuV9dHkX17ZMnm1JGdu93";
services.consul.interface.advertise = lib.mkForce "enp1s0"; services.consul.interface.advertise = lib.mkForce "enp1s0";

77
hosts/chilly/disk-config.nix
View File

@@ -1,77 +0,0 @@
{ lib, ... }:
{
disko.devices = {
disk.main = {
device = "/dev/disk/by-id/ata-FORESEE_512GB_SSD_MP15B03900928";
type = "disk";
content = {
type = "gpt";
partitions = {
esp = {
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
luksroot = {
end = "-8G";
content = {
type = "luks";
name = "luksroot";
settings = {
allowDiscards = true;
#keyFile = "/dev/disk/by-id/usb-Intenso_Micro_Line_22080777660586-0:0";
keyFile = "/dev/sdb";
keyFileSize = 4096;
};
content = {
type = "btrfs";
subvolumes = {
"root" = {
mountpoint = "/";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"nix" = {
mountpoint = "/nix";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"persist" = {
mountpoint = "/persist";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"log" = {
mountpoint = "/var/log";
mountOptions = [
"compress=zstd"
"noatime"
];
};
};
};
};
};
swap = {
size = "8G";
content = {
type = "swap";
randomEncryption = true;
};
};
};
};
};
};
}

2
setup-host.txt
View File

@@ -6,6 +6,6 @@
* on target: dd if=/dev/disk/by-id/<usb drive for encryption key> of=key.bin bs=4096 count=1 * on target: dd if=/dev/disk/by-id/<usb drive for encryption key> of=key.bin bs=4096 count=1
* copy key.bin to hosts/<target>/ * copy key.bin to hosts/<target>/
* use the generated config to create new config in hosts/<target> * use the generated config to create new config in hosts/<target>
* set the actual device IDs in hosts/<target>/disk-config.nix * set the actual device IDs in hosts/<target>/default.nix
* on base host: nix run github:nix-community/nixos-anywhere -- --flake '.#<target>' nixos@<target IP> * on base host: nix run github:nix-community/nixos-anywhere -- --flake '.#<target>' nixos@<target IP>
* after confirmed working, update hosts/<target>disk-config.nix to set keyFile to /dev/sdX (otherwise when the USB drive fails it's harder to replace) * after confirmed working, update hosts/<target>disk-config.nix to set keyFile to /dev/sdX (otherwise when the USB drive fails it's harder to replace)