and palatine-hill is booting!

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
2024-08-24 00:34:09 -04:00 · 2024-08-24 00:34:09 -04:00 · 12555ebc3a
commit 12555ebc3a
parent f780780523
5 changed files with 31 additions and 17 deletions
--- a/systems/artemision/configuration.nix
+++ b/systems/artemision/configuration.nix
@ -73,7 +73,6 @@
    fprintd.enable = lib.mkForce false;
    openssh.enable = lib.mkForce false;

-    journald.storage = "volatile";
    spotifyd = {
      enable = true;
      settings = {
--- a/systems/artemision/hardware.nix
+++ b/systems/artemision/hardware.nix
@ -52,7 +52,6 @@
      options = [
        "noatime"
        "nodiratime"
-        "discard"
      ];
    };

@ -62,7 +61,6 @@
      options = [
        "noatime"
        "nodiratime"
-        "discard"
      ];
    };

@ -72,7 +70,6 @@
      options = [
        "noatime"
        "nodiratime"
-        "discard"
      ];
    };

@ -82,7 +79,6 @@
      options = [
        "noatime"
        "nodiratime"
-        "discard"
      ];
    };
  };
--- a/systems/palatine-hill/configuration.nix
+++ b/systems/palatine-hill/configuration.nix
@ -64,7 +64,6 @@
    nfs.server.enable = true;
    openssh.ports = [ 666 ];
    smartd.enable = true;
-    journald.storage = "volatile";

    postgresql = {
      enable = true;
--- a/systems/palatine-hill/hardware-changes.nix
+++ b/systems/palatine-hill/hardware-changes.nix
@ -1,33 +1,53 @@
-{ ... }:
+{ lib, ... }:
 {

-  boot.initrd.services.lvm.enable = true;
+  boot.zfs.requestEncryptionCredentials = lib.mkForce false;

-  boot.initrd.luks.devices = {
-    "nixos-pv" = {
-      device = "/dev/disk/by-uuid/614787a6-784a-4932-b787-cb6424725444";
-      preLVM = true;
-      allowDiscards = true;
+  boot.initrd = {
+    services.lvm.enable = true;
+    luks.devices = {
+      "nixos-pv" = {
+        device = "/dev/disk/by-uuid/614787a6-784a-4932-b787-cb6424725444";
+        preLVM = true;
+        allowDiscards = true;
+      };
    };
+
+    postResumeCommands = ''
+      # let root mount and everything, then manually unlock stuff
+      load_zfs_nix() {
+        local device="/dev/disk/by-uuid/8bfaa32b-09dd-45c8-831e-05e80be82f9e"
+        local mountPoint="/"
+        local options="x-initrd.mount,noatime,nodiratime"
+        local fsType="ext4"
+
+        echo "manually mounting key location, then unmounting"
+        udevadm settle
+
+        mountFS "$device" "$(escapeFstab "$mountPoint")" "$(escapeFstab "$options")" "$fsType"
+
+        zfs load-key -L "file://$targetRoot/crypto/keys/zfs-nix-store-key" "ZFS-primary/nix"
+        umount "$targetRoot/"
+      }
+
+      load_zfs_nix
+    '';
  };

  fileSystems = {
    "/".options = [
      "noatime"
      "nodiratime"
-      "discard"
    ];

    "/home".options = [
      "noatime"
      "nodiratime"
-      "discard"
    ];

    "/boot".options = [
      "noatime"
      "nodiratime"
-      "discard"
      "fmask=0077"
      "dmask=0077"
    ];
--- a/users/alice/default.nix
+++ b/users/alice/default.nix
@ -13,6 +13,6 @@ import ../default.nix {
    name
    ;
  publicKeys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvF14bwJtV3r6O4KPydaIHmeiwJAYBs17nGDQUZgd5P alice@artemision"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7oJjIYNRCRrUlhdGJgst6bzqubbKH0gjZYulQ1eVcZ alice@artemision"
  ];
 }