stage 1 boot setup

flake.lock

@@ -76,11 +76,11 @@
       },
       "locked": {
         "dir": "pkgs/firefox-addons",
-        "lastModified": 1775534587,
-        "narHash": "sha256-OLAoGTTwPVTH13C1e2Vcdff4WigTsk6hO5Y3sEcwl/s=",
+        "lastModified": 1776398575,
+        "narHash": "sha256-WArU6WOdWxzbzGqYk4w1Mucg+bw/SCl6MoSp+/cZMio=",
         "owner": "rycee",
         "repo": "nur-expressions",
-        "rev": "9f1e4b7f5443c50cb4ccc2a376ba1058231e64b4",
+        "rev": "05815686caf4e3678f5aeb5fd36e567886ab0d30",
         "type": "gitlab"
       },
       "original": {
@@ -240,11 +240,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1775556024,
-        "narHash": "sha256-j1u/859OVS54rGlsvFqJdwKPEnFYCI+4pyfTiSfv1Xc=",
+        "lastModified": 1776454077,
+        "narHash": "sha256-7zSUFWsU0+jlD7WB3YAxQ84Z/iJurA5hKPm8EfEyGJk=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "4bdfeff1d9b7473e6e58f73f5809576e8a69e406",
+        "rev": "565e5349208fe7d0831ef959103c9bafbeac0681",
         "type": "github"
       },
       "original": {
@@ -281,11 +281,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1774778246,
-        "narHash": "sha256-OX9Oba3/cHq1jMS1/ItCdxNuRBH3291Lg727nHOzYnc=",
+        "lastModified": 1776426061,
+        "narHash": "sha256-3rROoGl8xBsIOM+5m+qZS4GJnsdQPAH3NJJe1OUfJ5o=",
         "owner": "hyprwm",
         "repo": "contrib",
-        "rev": "ca3c381df6018e6c400ceac994066427c98fe323",
+        "rev": "1f71628d86a7701fd5ba0f8aeabe15376f4c6afc",
         "type": "github"
       },
       "original": {
@@ -335,11 +335,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1775365369,
-        "narHash": "sha256-DgH5mveLoau20CuTnaU5RXZWgFQWn56onQ4Du2CqYoI=",
+        "lastModified": 1775970782,
+        "narHash": "sha256-7jt9Vpm48Yy5yAWigYpde+HxtYEpEuyzIQJF4VYehhk=",
         "owner": "Mic92",
         "repo": "nix-index-database",
-        "rev": "cef5cf82671e749ac87d69aadecbb75967e6f6c3",
+        "rev": "bedba5989b04614fc598af9633033b95a937933f",
         "type": "github"
       },
       "original": {
@@ -438,11 +438,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1775331627,
-        "narHash": "sha256-przIxCbTrNgLzcBlNPGZRfZbiPLzUkLUtNS05Ekcogk=",
+        "lastModified": 1776036369,
+        "narHash": "sha256-TxBJY5IwDu3peDIK3b9+A7pwqBaFRCAIllaRSfYMQtI=",
         "owner": "NuschtOS",
         "repo": "nixos-modules",
-        "rev": "b4cc33254b872b286b9fe481e60e3fc2abc78072",
+        "rev": "2bea807180b3931cf8765078205fd9171dbfd2b5",
         "type": "github"
       },
       "original": {
@@ -500,11 +500,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1775423009,
-        "narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=",
+        "lastModified": 1776169885,
+        "narHash": "sha256-l/iNYDZ4bGOAFQY2q8y5OAfBBtrDAaPuRQqWaFHVRXM=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9",
+        "rev": "4bd9165a9165d7b5e33ae57f3eecbcb28fb231c9",
         "type": "github"
       },
       "original": {
@@ -550,11 +550,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1775036584,
-        "narHash": "sha256-zW0lyy7ZNNT/x8JhzFHBsP2IPx7ATZIPai4FJj12BgU=",
+        "lastModified": 1775585728,
+        "narHash": "sha256-8Psjt+TWvE4thRKktJsXfR6PA/fWWsZ04DVaY6PUhr4=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "4e0eb042b67d863b1b34b3f64d52ceb9cd926735",
+        "rev": "580633fa3fe5fc0379905986543fd7495481913d",
         "type": "github"
       },
       "original": {
@@ -594,11 +594,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1775531562,
-        "narHash": "sha256-G83GDxQo6lqO5aeTSD5RFLhnh2g6DzJpSvSju2EjjrQ=",
+        "lastModified": 1776395632,
+        "narHash": "sha256-Mi1uF5f2FsdBIvy+v7MtsqxD3Xjhd0ARJdwoqqqPtJo=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "d8b1b209203665924c81eabf750492530754f27e",
+        "rev": "8087ff1f47fff983a1fba70fa88b759f2fd8ae97",
         "type": "github"
       },
       "original": {
@@ -614,11 +614,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1775365543,
-        "narHash": "sha256-f50qrK0WwZ9z5EdaMGWOTtALgSF7yb7XwuE7LjCuDmw=",
+        "lastModified": 1776119890,
+        "narHash": "sha256-Zm6bxLNnEOYuS/SzrAGsYuXSwk3cbkRQZY0fJnk8a5M=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "a4ee2de76efb759fe8d4868c33dec9937897916f",
+        "rev": "d4971dd58c6627bfee52a1ad4237637c0a2fb0cd",
         "type": "github"
       },
       "original": {
@@ -647,11 +647,11 @@
         "tinted-zed": "tinted-zed"
       },
       "locked": {
-        "lastModified": 1775429060,
-        "narHash": "sha256-wbFF5cRxQOCzL/wHOKYm21t5AHPH2Lfp0mVPCOAvEoc=",
+        "lastModified": 1776170745,
+        "narHash": "sha256-Tl1aZVP5EIlT+k0+iAKH018GLHJpLz3hhJ0LNQOWxCc=",
         "owner": "danth",
         "repo": "stylix",
-        "rev": "d27951a6539951d87f75cf0a7cda8a3a24016019",
+        "rev": "e3861617645a43c9bbefde1aa6ac54dd0a44bfa9",
         "type": "github"
       },
       "original": {

modules/update.nix

@@ -13,6 +13,7 @@
     enable = lib.mkDefault true;
     flags = [ "--accept-flake-config" ];
     randomizedDelaySec = "1h";
+    runGarbageCollection = true;
     persistent = true;
     flake = "git+ssh://nayeonie.com/ahuston-0/nix-dotfiles.git";
   };

systems/palatine-hill/zfs.nix

@@ -12,6 +12,107 @@
       options zfs zfs_arc_min=82463372083
       options zfs zfs_arc_max=192414534860
     '';
+
+    initrd.systemd.services = {
+      zfs-import-zfs-primary = {
+        description = "Import ZFS-primary pool in initrd";
+        wantedBy = [ "initrd-root-fs.target" ];
+        wants = [ "systemd-udev-settle.service" ];
+        after = [ "systemd-udev-settle.service" ];
+        before = [
+          "sysroot.mount"
+          "initrd-root-fs.target"
+        ];
+        unitConfig.DefaultDependencies = "no";
+        serviceConfig = {
+          Type = "oneshot";
+          RemainAfterExit = true;
+        };
+        path = with pkgs; [
+          coreutils
+          gawk
+          zfs
+        ];
+        script = ''
+          ZFS_FORCE="-f"
+          msg=""
+
+          for o in $(cat /proc/cmdline); do
+            case "$o" in
+              zfs_force|zfs_force=1|zfs_force=y)
+                ZFS_FORCE="-f"
+                ;;
+            esac
+          done
+
+          pool_ready() {
+            pool="$1"
+            state="$(zpool import -d /dev/disk/by-id/ 2>/dev/null | awk '/pool: '"$pool"'/ { found = 1 }; /state:/ { if (found == 1) { print $2; exit } }; END { if (found == 0) { print "MISSING" } }')"
+            if [ "$state" = "ONLINE" ]; then
+              return 0
+            fi
+            echo "Pool $pool in state $state, waiting"
+            return 1
+          }
+
+          pool_imported() {
+            pool="$1"
+            zpool list "$pool" >/dev/null 2>/dev/null
+          }
+
+          pool_import() {
+            pool="$1"
+            zpool import -d /dev/disk/by-id/ -N $ZFS_FORCE "$pool"
+          }
+
+          echo -n 'importing root ZFS pool "ZFS-primary"...'
+          # Loop until import succeeds, because by-id devices may not be discovered yet.
+          if ! pool_imported "ZFS-primary"; then
+            trial=1
+            while [ "$trial" -le 60 ]; do
+              if pool_ready "ZFS-primary" >/dev/null && msg="$(pool_import "ZFS-primary" 2>&1)"; then
+                break
+              fi
+              sleep 1
+              echo -n .
+              trial=$((trial + 1))
+            done
+            echo
+            if [ -n "$msg" ]; then
+              echo "$msg"
+            fi
+            pool_imported "ZFS-primary" || pool_import "ZFS-primary"  # Try one last time, e.g. to import a degraded pool.
+          fi
+        '';
+      };
+
+      zfs-load-nix-key = {
+        description = "Load ZFS key for ZFS-primary/nix in initrd";
+        wantedBy = [ "initrd-fs.target" ];
+        requires = [
+          "sysroot.mount"
+          "zfs-import-zfs-primary.service"
+        ];
+        after = [
+          "sysroot.mount"
+          "zfs-import-zfs-primary.service"
+        ];
+        before = [
+          "initrd-fs.target"
+          "sysroot-nix.mount"
+        ];
+        unitConfig.DefaultDependencies = "no";
+        serviceConfig = {
+          Type = "oneshot";
+          RemainAfterExit = true;
+        };
+        path = with pkgs; [ zfs ];
+        script = ''
+          key_file="/sysroot/crypto/keys/zfs-nix-store-key"
+          zfs load-key -L "file://$key_file" "ZFS-primary/nix"
+        '';
+      };
+    };
   };
 
   services = {
@@ -81,69 +182,4 @@
     };
   };
 
-  # hack to make sure pool is imported before keys are loaded,
-  # and also keys are imported before things get mounted
-  # note to self: move zfs encryption over to luks lol
-  boot.initrd.postResumeCommands = ''
-    ZFS_FORCE="-f"
-
-    for o in $(cat /proc/cmdline); do
-      case $o in
-        zfs_force|zfs_force=1|zfs_force=y)
-          ZFS_FORCE="-f"
-          ;;
-      esac
-    done
-    poolReady() {
-      pool="$1"
-      state="$("zpool" import -d "/dev/disk/by-id/" 2>/dev/null | "awk" "/pool: $pool/ { found = 1 }; /state:/ { if (found == 1) { print \$2; exit } }; END { if (found == 0) { print \"MISSING\" } }")"
-      if [[ "$state" = "ONLINE" ]]; then
-        return 0
-      else
-        echo "Pool $pool in state $state, waiting"
-        return 1
-      fi
-    }
-    poolImported() {
-      pool="$1"
-      "zpool" list "$pool" >/dev/null 2>/dev/null
-    }
-    poolImport() {
-      pool="$1"
-      "zpool" import -d "/dev/disk/by-id/" -N $ZFS_FORCE "$pool"
-    }
-
-    echo -n "importing root ZFS pool \"ZFS-primary\"..."
-    # Loop across the import until it succeeds, because the devices needed may not be discovered yet.
-    if ! poolImported "ZFS-primary"; then
-      for trial in `seq 1 60`; do
-        poolReady "ZFS-primary" > /dev/null && msg="$(poolImport "ZFS-primary" 2>&1)" && break
-        sleep 1
-        echo -n .
-      done
-      echo
-      if [[ -n "$msg" ]]; then
-        echo "$msg";
-      fi
-      poolImported "ZFS-primary" || poolImport "ZFS-primary"  # Try one last time, e.g. to import a degraded pool.
-    fi
-
-    # let root mount and everything, then manually unlock stuff
-    load_zfs_nix() {
-      local device="/dev/disk/by-uuid/8bfaa32b-09dd-45c8-831e-05e80be82f9e"
-      local mountPoint="/"
-      local options="x-initrd.mount,noatime,nodiratime"
-      local fsType="ext4"
-
-      echo "manually mounting key location, then unmounting"
-      udevadm settle
-
-      mountFS "$device" "$(escapeFstab "$mountPoint")" "$(escapeFstab "$options")" "$fsType"
-
-      zfs load-key -L "file://$targetRoot/crypto/keys/zfs-nix-store-key" "ZFS-primary/nix"
-      umount "$targetRoot/"
-    }
-
-    load_zfs_nix
-  '';
 }