From 8f7332b099dca4f0f4720372fa1ec88f8f7cfcda Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Fri, 17 Apr 2026 21:11:18 -0400 Subject: [PATCH] stage 1 boot setup --- flake.lock | 60 ++++++------ modules/update.nix | 1 + systems/palatine-hill/zfs.nix | 166 +++++++++++++++++++++------------- 3 files changed, 132 insertions(+), 95 deletions(-) diff --git a/flake.lock b/flake.lock index 8892bfd..c9cd483 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1775534587, - "narHash": "sha256-OLAoGTTwPVTH13C1e2Vcdff4WigTsk6hO5Y3sEcwl/s=", + "lastModified": 1776398575, + "narHash": "sha256-WArU6WOdWxzbzGqYk4w1Mucg+bw/SCl6MoSp+/cZMio=", "owner": "rycee", "repo": "nur-expressions", - "rev": "9f1e4b7f5443c50cb4ccc2a376ba1058231e64b4", + "rev": "05815686caf4e3678f5aeb5fd36e567886ab0d30", "type": "gitlab" }, "original": { @@ -240,11 +240,11 @@ ] }, "locked": { - "lastModified": 1775556024, - "narHash": "sha256-j1u/859OVS54rGlsvFqJdwKPEnFYCI+4pyfTiSfv1Xc=", + "lastModified": 1776454077, + "narHash": "sha256-7zSUFWsU0+jlD7WB3YAxQ84Z/iJurA5hKPm8EfEyGJk=", "owner": "nix-community", "repo": "home-manager", - "rev": "4bdfeff1d9b7473e6e58f73f5809576e8a69e406", + "rev": "565e5349208fe7d0831ef959103c9bafbeac0681", "type": "github" }, "original": { @@ -281,11 +281,11 @@ ] }, "locked": { - "lastModified": 1774778246, - "narHash": "sha256-OX9Oba3/cHq1jMS1/ItCdxNuRBH3291Lg727nHOzYnc=", + "lastModified": 1776426061, + "narHash": "sha256-3rROoGl8xBsIOM+5m+qZS4GJnsdQPAH3NJJe1OUfJ5o=", "owner": "hyprwm", "repo": "contrib", - "rev": "ca3c381df6018e6c400ceac994066427c98fe323", + "rev": "1f71628d86a7701fd5ba0f8aeabe15376f4c6afc", "type": "github" }, "original": { @@ -335,11 +335,11 @@ ] }, "locked": { - "lastModified": 1775365369, - "narHash": "sha256-DgH5mveLoau20CuTnaU5RXZWgFQWn56onQ4Du2CqYoI=", + "lastModified": 1775970782, + "narHash": "sha256-7jt9Vpm48Yy5yAWigYpde+HxtYEpEuyzIQJF4VYehhk=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "cef5cf82671e749ac87d69aadecbb75967e6f6c3", + "rev": "bedba5989b04614fc598af9633033b95a937933f", "type": "github" }, "original": { @@ -438,11 +438,11 @@ ] }, "locked": { - "lastModified": 1775331627, - "narHash": "sha256-przIxCbTrNgLzcBlNPGZRfZbiPLzUkLUtNS05Ekcogk=", + "lastModified": 1776036369, + "narHash": "sha256-TxBJY5IwDu3peDIK3b9+A7pwqBaFRCAIllaRSfYMQtI=", "owner": "NuschtOS", "repo": "nixos-modules", - "rev": "b4cc33254b872b286b9fe481e60e3fc2abc78072", + "rev": "2bea807180b3931cf8765078205fd9171dbfd2b5", "type": "github" }, "original": { @@ -500,11 +500,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1775423009, - "narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=", + "lastModified": 1776169885, + "narHash": "sha256-l/iNYDZ4bGOAFQY2q8y5OAfBBtrDAaPuRQqWaFHVRXM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9", + "rev": "4bd9165a9165d7b5e33ae57f3eecbcb28fb231c9", "type": "github" }, "original": { @@ -550,11 +550,11 @@ ] }, "locked": { - "lastModified": 1775036584, - "narHash": "sha256-zW0lyy7ZNNT/x8JhzFHBsP2IPx7ATZIPai4FJj12BgU=", + "lastModified": 1775585728, + "narHash": "sha256-8Psjt+TWvE4thRKktJsXfR6PA/fWWsZ04DVaY6PUhr4=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "4e0eb042b67d863b1b34b3f64d52ceb9cd926735", + "rev": "580633fa3fe5fc0379905986543fd7495481913d", "type": "github" }, "original": { @@ -594,11 +594,11 @@ ] }, "locked": { - "lastModified": 1775531562, - "narHash": "sha256-G83GDxQo6lqO5aeTSD5RFLhnh2g6DzJpSvSju2EjjrQ=", + "lastModified": 1776395632, + "narHash": "sha256-Mi1uF5f2FsdBIvy+v7MtsqxD3Xjhd0ARJdwoqqqPtJo=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "d8b1b209203665924c81eabf750492530754f27e", + "rev": "8087ff1f47fff983a1fba70fa88b759f2fd8ae97", "type": "github" }, "original": { @@ -614,11 +614,11 @@ ] }, "locked": { - "lastModified": 1775365543, - "narHash": "sha256-f50qrK0WwZ9z5EdaMGWOTtALgSF7yb7XwuE7LjCuDmw=", + "lastModified": 1776119890, + "narHash": "sha256-Zm6bxLNnEOYuS/SzrAGsYuXSwk3cbkRQZY0fJnk8a5M=", "owner": "Mic92", "repo": "sops-nix", - "rev": "a4ee2de76efb759fe8d4868c33dec9937897916f", + "rev": "d4971dd58c6627bfee52a1ad4237637c0a2fb0cd", "type": "github" }, "original": { @@ -647,11 +647,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1775429060, - "narHash": "sha256-wbFF5cRxQOCzL/wHOKYm21t5AHPH2Lfp0mVPCOAvEoc=", + "lastModified": 1776170745, + "narHash": "sha256-Tl1aZVP5EIlT+k0+iAKH018GLHJpLz3hhJ0LNQOWxCc=", "owner": "danth", "repo": "stylix", - "rev": "d27951a6539951d87f75cf0a7cda8a3a24016019", + "rev": "e3861617645a43c9bbefde1aa6ac54dd0a44bfa9", "type": "github" }, "original": { diff --git a/modules/update.nix b/modules/update.nix index 52f9fe1..bc57e62 100644 --- a/modules/update.nix +++ b/modules/update.nix @@ -13,6 +13,7 @@ enable = lib.mkDefault true; flags = [ "--accept-flake-config" ]; randomizedDelaySec = "1h"; + runGarbageCollection = true; persistent = true; flake = "git+ssh://nayeonie.com/ahuston-0/nix-dotfiles.git"; }; diff --git a/systems/palatine-hill/zfs.nix b/systems/palatine-hill/zfs.nix index 8d1ca4a..20fad62 100644 --- a/systems/palatine-hill/zfs.nix +++ b/systems/palatine-hill/zfs.nix @@ -12,6 +12,107 @@ options zfs zfs_arc_min=82463372083 options zfs zfs_arc_max=192414534860 ''; + + initrd.systemd.services = { + zfs-import-zfs-primary = { + description = "Import ZFS-primary pool in initrd"; + wantedBy = [ "initrd-root-fs.target" ]; + wants = [ "systemd-udev-settle.service" ]; + after = [ "systemd-udev-settle.service" ]; + before = [ + "sysroot.mount" + "initrd-root-fs.target" + ]; + unitConfig.DefaultDependencies = "no"; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + path = with pkgs; [ + coreutils + gawk + zfs + ]; + script = '' + ZFS_FORCE="-f" + msg="" + + for o in $(cat /proc/cmdline); do + case "$o" in + zfs_force|zfs_force=1|zfs_force=y) + ZFS_FORCE="-f" + ;; + esac + done + + pool_ready() { + pool="$1" + state="$(zpool import -d /dev/disk/by-id/ 2>/dev/null | awk '/pool: '"$pool"'/ { found = 1 }; /state:/ { if (found == 1) { print $2; exit } }; END { if (found == 0) { print "MISSING" } }')" + if [ "$state" = "ONLINE" ]; then + return 0 + fi + echo "Pool $pool in state $state, waiting" + return 1 + } + + pool_imported() { + pool="$1" + zpool list "$pool" >/dev/null 2>/dev/null + } + + pool_import() { + pool="$1" + zpool import -d /dev/disk/by-id/ -N $ZFS_FORCE "$pool" + } + + echo -n 'importing root ZFS pool "ZFS-primary"...' + # Loop until import succeeds, because by-id devices may not be discovered yet. + if ! pool_imported "ZFS-primary"; then + trial=1 + while [ "$trial" -le 60 ]; do + if pool_ready "ZFS-primary" >/dev/null && msg="$(pool_import "ZFS-primary" 2>&1)"; then + break + fi + sleep 1 + echo -n . + trial=$((trial + 1)) + done + echo + if [ -n "$msg" ]; then + echo "$msg" + fi + pool_imported "ZFS-primary" || pool_import "ZFS-primary" # Try one last time, e.g. to import a degraded pool. + fi + ''; + }; + + zfs-load-nix-key = { + description = "Load ZFS key for ZFS-primary/nix in initrd"; + wantedBy = [ "initrd-fs.target" ]; + requires = [ + "sysroot.mount" + "zfs-import-zfs-primary.service" + ]; + after = [ + "sysroot.mount" + "zfs-import-zfs-primary.service" + ]; + before = [ + "initrd-fs.target" + "sysroot-nix.mount" + ]; + unitConfig.DefaultDependencies = "no"; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + path = with pkgs; [ zfs ]; + script = '' + key_file="/sysroot/crypto/keys/zfs-nix-store-key" + zfs load-key -L "file://$key_file" "ZFS-primary/nix" + ''; + }; + }; }; services = { @@ -81,69 +182,4 @@ }; }; - # hack to make sure pool is imported before keys are loaded, - # and also keys are imported before things get mounted - # note to self: move zfs encryption over to luks lol - boot.initrd.postResumeCommands = '' - ZFS_FORCE="-f" - - for o in $(cat /proc/cmdline); do - case $o in - zfs_force|zfs_force=1|zfs_force=y) - ZFS_FORCE="-f" - ;; - esac - done - poolReady() { - pool="$1" - state="$("zpool" import -d "/dev/disk/by-id/" 2>/dev/null | "awk" "/pool: $pool/ { found = 1 }; /state:/ { if (found == 1) { print \$2; exit } }; END { if (found == 0) { print \"MISSING\" } }")" - if [[ "$state" = "ONLINE" ]]; then - return 0 - else - echo "Pool $pool in state $state, waiting" - return 1 - fi - } - poolImported() { - pool="$1" - "zpool" list "$pool" >/dev/null 2>/dev/null - } - poolImport() { - pool="$1" - "zpool" import -d "/dev/disk/by-id/" -N $ZFS_FORCE "$pool" - } - - echo -n "importing root ZFS pool \"ZFS-primary\"..." - # Loop across the import until it succeeds, because the devices needed may not be discovered yet. - if ! poolImported "ZFS-primary"; then - for trial in `seq 1 60`; do - poolReady "ZFS-primary" > /dev/null && msg="$(poolImport "ZFS-primary" 2>&1)" && break - sleep 1 - echo -n . - done - echo - if [[ -n "$msg" ]]; then - echo "$msg"; - fi - poolImported "ZFS-primary" || poolImport "ZFS-primary" # Try one last time, e.g. to import a degraded pool. - fi - - # let root mount and everything, then manually unlock stuff - load_zfs_nix() { - local device="/dev/disk/by-uuid/8bfaa32b-09dd-45c8-831e-05e80be82f9e" - local mountPoint="/" - local options="x-initrd.mount,noatime,nodiratime" - local fsType="ext4" - - echo "manually mounting key location, then unmounting" - udevadm settle - - mountFS "$device" "$(escapeFstab "$mountPoint")" "$(escapeFstab "$options")" "$fsType" - - zfs load-key -L "file://$targetRoot/crypto/keys/zfs-nix-store-key" "ZFS-primary/nix" - umount "$targetRoot/" - } - - load_zfs_nix - ''; }