nix-dotfiles/systems/palatine-hill/hardware-changes.nix

{ lib, pkgs, ... }:
{

  boot = {
    zfs.requestEncryptionCredentials = lib.mkForce false;
    postBootCommands = ''
      ${pkgs.zfs}/bin/zfs load-key -a
    '';
    initrd = {
      services.lvm.enable = true;
      luks.devices = {
        "nixos-pv" = {
          device = "/dev/disk/by-uuid/614787a6-784a-4932-b787-cb6424725444";
          preLVM = true;
          allowDiscards = true;
        };
      };

      postResumeCommands = ''
        # let root mount and everything, then manually unlock stuff
        load_zfs_nix() {
          local device="/dev/disk/by-uuid/8bfaa32b-09dd-45c8-831e-05e80be82f9e"
          local mountPoint="/"
          local options="x-initrd.mount,noatime,nodiratime"
          local fsType="ext4"

          echo "manually mounting key location, then unmounting"
          udevadm settle

          mountFS "$device" "$(escapeFstab "$mountPoint")" "$(escapeFstab "$options")" "$fsType"

          zfs load-key -L "file://$targetRoot/crypto/keys/zfs-nix-store-key" "ZFS-primary/nix"
          umount "$targetRoot/"
        }

        load_zfs_nix
      '';
    };
  };

  fileSystems = {
    "/".options = [
      "noatime"
      "nodiratime"
    ];

    "/home".options = [
      "noatime"
      "nodiratime"
    ];

    "/boot".options = [
      "noatime"
      "nodiratime"
      "fmask=0077"
      "dmask=0077"
    ];

    "/nix".depends = [
      "/"
      "/crypto"
    ];

  };
}
import all the keys Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-24 00:48:40 -04:00			`{ lib, pkgs, ... }:`
rove to luks Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-10-22 23:59:13 -04:00			`{`

import all the keys Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-24 00:48:40 -04:00			`boot = {`
			`zfs.requestEncryptionCredentials = lib.mkForce false;`
			`postBootCommands = ''`
			`${pkgs.zfs}/bin/zfs load-key -a`
			`'';`
			`initrd = {`
			`services.lvm.enable = true;`
			`luks.devices = {`
			`"nixos-pv" = {`
			`device = "/dev/disk/by-uuid/614787a6-784a-4932-b787-cb6424725444";`
			`preLVM = true;`
			`allowDiscards = true;`
			`};`
and palatine-hill is booting! Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-24 00:34:09 -04:00			`};`

import all the keys Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-24 00:48:40 -04:00			`postResumeCommands = ''`
			`# let root mount and everything, then manually unlock stuff`
			`load_zfs_nix() {`
			`local device="/dev/disk/by-uuid/8bfaa32b-09dd-45c8-831e-05e80be82f9e"`
			`local mountPoint="/"`
			`local options="x-initrd.mount,noatime,nodiratime"`
			`local fsType="ext4"`
and palatine-hill is booting! Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-24 00:34:09 -04:00
import all the keys Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-24 00:48:40 -04:00			`echo "manually mounting key location, then unmounting"`
			`udevadm settle`
and palatine-hill is booting! Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-24 00:34:09 -04:00
import all the keys Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-24 00:48:40 -04:00			`mountFS "$device" "$(escapeFstab "$mountPoint")" "$(escapeFstab "$options")" "$fsType"`
and palatine-hill is booting! Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-24 00:34:09 -04:00
import all the keys Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-24 00:48:40 -04:00			`zfs load-key -L "file://$targetRoot/crypto/keys/zfs-nix-store-key" "ZFS-primary/nix"`
			`umount "$targetRoot/"`
			`}`
and palatine-hill is booting! Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-24 00:34:09 -04:00
import all the keys Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-24 00:48:40 -04:00			`load_zfs_nix`
			`'';`
			`};`
rove to luks Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-10-22 23:59:13 -04:00			`};`

			`fileSystems = {`
			`"/".options = [`
			`"noatime"`
			`"nodiratime"`
			`];`

			`"/home".options = [`
			`"noatime"`
			`"nodiratime"`
			`];`

fix hardware 2024-08-22 01:37:20 -04:00			`"/boot".options = [`
rove to luks Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-10-22 23:59:13 -04:00			`"noatime"`
			`"nodiratime"`
lvm stage 1, bwmenu 2024-08-22 09:35:39 -04:00			`"fmask=0077"`
			`"dmask=0077"`
rove to luks Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-10-22 23:59:13 -04:00			`];`

enable lvm in stage 1 2024-08-22 03:04:31 -04:00			`"/nix".depends = [`
			`"/"`
			`"/crypto"`
			`];`

rove to luks Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-10-22 23:59:13 -04:00			`};`
			`}`