From f043a00d51675296037cd2d281af0368a50b1093 Mon Sep 17 00:00:00 2001
From: ahuston-0 <aliceghuston@gmail.com>
Date: Mon, 29 Apr 2024 15:42:44 -0400
Subject: [PATCH] initial nix migration changes

configuration for moving /nix to ZFS

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
---
 systems/palatine-hill/configuration.nix | 75 ++++++++++++++-----------
 systems/palatine-hill/hardware.nix      |  5 ++
 2 files changed, 46 insertions(+), 34 deletions(-)

diff --git a/systems/palatine-hill/configuration.nix b/systems/palatine-hill/configuration.nix
index 8db2e17..d1baaf1 100644
--- a/systems/palatine-hill/configuration.nix
+++ b/systems/palatine-hill/configuration.nix
@@ -1,13 +1,32 @@
-{ config, pkgs, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 let
   keygen = key: {
-    "${key}" = {
-      format = "binary";
-      sopsFile = ./keys/${key};
-      mode = "0400";
-      path = "/crypto/keys/${key}";
-    };
+    format = "binary";
+    sopsFile = ./keys/${key};
+    mode = "0400";
+    path = "/crypto/keys/${key}";
   };
+  bootkey = key: { "/crypto/keys/${key}" = /crypto/keys/${key}; };
+  zfskeys = [
+    "zfs-attic-key"
+    "zfs-backup-key"
+    "zfs-calibre-key"
+    "zfs-db-key"
+    "zfs-docker-key"
+    "zfs-games-key"
+    "zfs-hydra-key"
+    "zfs-libvirt-key"
+    "zfs-main-key"
+    "zfs-nxtcld-key"
+    "zfs-torr-key"
+    "zfs-var-docker-key"
+    "zfs-nix-store-key"
+  ];
 in
 {
 
@@ -37,6 +56,7 @@ in
       "vm.swappiness" = 10;
     };
     binfmt.emulatedSystems = [ "aarch64-linux" ];
+    initrd.secrets = lib.mergeAttrsList (map bootkey zfskeys);
   };
 
   nix = {
@@ -253,33 +273,20 @@ in
 
   sops = {
     defaultSopsFile = ./secrets.yaml;
-    secrets =
-      {
-        "hydra/environment".owner = "hydra";
-        "nix-serve/secret-key".owner = "root";
-        "attic/secret-key".owner = "root";
-        "attic/database-url".owner = "root";
-        "postgres/init".owner = "postgres";
-        "alice/gha-hydra-token" = {
-          sopsFile = ../../users/alice/secrets.yaml;
-          owner = "hydra";
-          group = "hydra";
-          mode = "440";
-        };
-        "upsmon/password".owner = "root";
-      }
-      // keygen "zfs-attic-key"
-      // keygen "zfs-backup-key"
-      // keygen "zfs-calibre-key"
-      // keygen "zfs-db-key"
-      // keygen "zfs-docker-key"
-      // keygen "zfs-games-key"
-      // keygen "zfs-hydra-key"
-      // keygen "zfs-libvirt-key"
-      // keygen "zfs-main-key"
-      // keygen "zfs-nxtcld-key"
-      // keygen "zfs-torr-key"
-      // keygen "zfs-var-docker-key";
+    secrets = {
+      "hydra/environment".owner = "hydra";
+      "nix-serve/secret-key".owner = "root";
+      "attic/secret-key".owner = "root";
+      "attic/database-url".owner = "root";
+      "postgres/init".owner = "postgres";
+      "alice/gha-hydra-token" = {
+        sopsFile = ../../users/alice/secrets.yaml;
+        owner = "hydra";
+        group = "hydra";
+        mode = "440";
+      };
+      "upsmon/password".owner = "root";
+    };
   };
 
   system.stateVersion = "23.05";
diff --git a/systems/palatine-hill/hardware.nix b/systems/palatine-hill/hardware.nix
index 4cc92ef..31e7cd4 100644
--- a/systems/palatine-hill/hardware.nix
+++ b/systems/palatine-hill/hardware.nix
@@ -38,5 +38,10 @@
       device = "/dev/disk/by-uuid/4CBA-2451";
       fsType = "vfat";
     };
+    "/nix" = {
+      device = "ZFS-primary/nix";
+      fsType = "zfs";
+      depends = [ "/crypto/keys" ];
+    };
   };
 }