ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 2 Actions 1 Packages Projects Releases Wiki Activity

Compare commits

base: ahuston-0:update-flake-lock
Branches Tags
ahuston-0:main ahuston-0:update_flake_lock_action ahuston-0:update-flake-lock ahuston-0:feature/mvpf ahuston-0:feature/stoneblock ahuston-0:feature/add-jessica ahuston-0:feature/hetzner-bridge ahuston-0:feature/setting-up-greylog ahuston-0:feature/add-unpackerr ahuston-0:feature/onboarding-kubernetes
..
compare: ahuston-0:update_flake_lock_action
Branches Tags
ahuston-0:update_flake_lock_action ahuston-0:update-flake-lock ahuston-0:main ahuston-0:feature/mvpf ahuston-0:feature/stoneblock ahuston-0:feature/add-jessica ahuston-0:feature/hetzner-bridge ahuston-0:feature/setting-up-greylog ahuston-0:feature/add-unpackerr ahuston-0:feature/onboarding-kubernetes

1 Commits
update-fla ... update_fla

Author SHA1 Message Date
ahuston-0
8f7332b099 stage 1 boot setup 2026-04-17 21:11:18 -04:00
3 changed files with 117 additions and 80 deletions
Expand all files Collapse all files

30
flake.lock generated
View File

@@ -76,11 +76,11 @@
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1776225785,
"narHash": "sha256-yrRZkEEtTwJcIXzxL/nCFpyGsz7VmkOJSoyx/AX6Ri8=",
"lastModified": 1776398575,
"narHash": "sha256-WArU6WOdWxzbzGqYk4w1Mucg+bw/SCl6MoSp+/cZMio=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "c09a1a34c147aefac0ff10017644ca17a3230e8c",
"rev": "05815686caf4e3678f5aeb5fd36e567886ab0d30",
"type": "gitlab"
},
"original": {
@@ -240,11 +240,11 @@
]
},
"locked": {
"lastModified": 1776184304,
"narHash": "sha256-No6QGBmIv5ChiwKCcbkxjdEQ/RO2ZS1gD7SFy6EZ7rc=",
"lastModified": 1776454077,
"narHash": "sha256-7zSUFWsU0+jlD7WB3YAxQ84Z/iJurA5hKPm8EfEyGJk=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3c7524c68348ef79ce48308e0978611a050089b2",
"rev": "565e5349208fe7d0831ef959103c9bafbeac0681",
"type": "github"
},
"original": {
@@ -281,11 +281,11 @@
]
},
"locked": {
"lastModified": 1774778246,
"narHash": "sha256-OX9Oba3/cHq1jMS1/ItCdxNuRBH3291Lg727nHOzYnc=",
"lastModified": 1776426061,
"narHash": "sha256-3rROoGl8xBsIOM+5m+qZS4GJnsdQPAH3NJJe1OUfJ5o=",
"owner": "hyprwm",
"repo": "contrib",
"rev": "ca3c381df6018e6c400ceac994066427c98fe323",
"rev": "1f71628d86a7701fd5ba0f8aeabe15376f4c6afc",
"type": "github"
},
"original": {
@@ -500,11 +500,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1775710090,
"narHash": "sha256-ar3rofg+awPB8QXDaFJhJ2jJhu+KqN/PRCXeyuXR76E=",
"lastModified": 1776169885,
"narHash": "sha256-l/iNYDZ4bGOAFQY2q8y5OAfBBtrDAaPuRQqWaFHVRXM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "4c1018dae018162ec878d42fec712642d214fdfa",
"rev": "4bd9165a9165d7b5e33ae57f3eecbcb28fb231c9",
"type": "github"
},
"original": {
@@ -594,11 +594,11 @@
]
},
"locked": {
"lastModified": 1776222810,
"narHash": "sha256-5TD8MYqLMcJi9yV/9jq2dVUPtnu/lKZPD61esQCgvqs=",
"lastModified": 1776395632,
"narHash": "sha256-Mi1uF5f2FsdBIvy+v7MtsqxD3Xjhd0ARJdwoqqqPtJo=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "4d6fee71fea68418a48992409b47f1183d0dd111",
"rev": "8087ff1f47fff983a1fba70fa88b759f2fd8ae97",
"type": "github"
},
"original": {

1
modules/update.nix
View File

@@ -13,6 +13,7 @@
enable = lib.mkDefault true;
flags = [ "--accept-flake-config" ];
randomizedDelaySec = "1h";
runGarbageCollection = true;
persistent = true;
flake = "git+ssh://nayeonie.com/ahuston-0/nix-dotfiles.git";
};

166
systems/palatine-hill/zfs.nix
View File

@@ -12,6 +12,107 @@
options zfs zfs_arc_min=82463372083
options zfs zfs_arc_max=192414534860
'';
initrd.systemd.services = {
zfs-import-zfs-primary = {
description = "Import ZFS-primary pool in initrd";
wantedBy = [ "initrd-root-fs.target" ];
wants = [ "systemd-udev-settle.service" ];
after = [ "systemd-udev-settle.service" ];
before = [
"sysroot.mount"
"initrd-root-fs.target"
];
unitConfig.DefaultDependencies = "no";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
path = with pkgs; [
coreutils
gawk
zfs
];
script = ''
ZFS_FORCE="-f"
msg=""
for o in $(cat /proc/cmdline); do
case "$o" in
zfs_force|zfs_force=1|zfs_force=y)
ZFS_FORCE="-f"
;;
esac
done
pool_ready() {
pool="$1"
state="$(zpool import -d /dev/disk/by-id/ 2>/dev/null | awk '/pool: '"$pool"'/ { found = 1 }; /state:/ { if (found == 1) { print $2; exit } }; END { if (found == 0) { print "MISSING" } }')"
if [ "$state" = "ONLINE" ]; then
return 0
fi
echo "Pool $pool in state $state, waiting"
return 1
}
pool_imported() {
pool="$1"
zpool list "$pool" >/dev/null 2>/dev/null
}
pool_import() {
pool="$1"
zpool import -d /dev/disk/by-id/ -N $ZFS_FORCE "$pool"
}
echo -n 'importing root ZFS pool "ZFS-primary"...'
# Loop until import succeeds, because by-id devices may not be discovered yet.
if ! pool_imported "ZFS-primary"; then
trial=1
while [ "$trial" -le 60 ]; do
if pool_ready "ZFS-primary" >/dev/null && msg="$(pool_import "ZFS-primary" 2>&1)"; then
break
fi
sleep 1
echo -n .
trial=$((trial + 1))
done
echo
if [ -n "$msg" ]; then
echo "$msg"
fi
pool_imported "ZFS-primary" || pool_import "ZFS-primary" # Try one last time, e.g. to import a degraded pool.
fi
'';
};
zfs-load-nix-key = {
description = "Load ZFS key for ZFS-primary/nix in initrd";
wantedBy = [ "initrd-fs.target" ];
requires = [
"sysroot.mount"
"zfs-import-zfs-primary.service"
];
after = [
"sysroot.mount"
"zfs-import-zfs-primary.service"
];
before = [
"initrd-fs.target"
"sysroot-nix.mount"
];
unitConfig.DefaultDependencies = "no";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
path = with pkgs; [ zfs ];
script = ''
key_file="/sysroot/crypto/keys/zfs-nix-store-key"
zfs load-key -L "file://$key_file" "ZFS-primary/nix"
'';
};
};
};
services = {
@@ -81,69 +182,4 @@
};
};
# hack to make sure pool is imported before keys are loaded,
# and also keys are imported before things get mounted
# note to self: move zfs encryption over to luks lol
boot.initrd.postResumeCommands = ''
ZFS_FORCE="-f"
for o in $(cat /proc/cmdline); do
case $o in
zfs_force|zfs_force=1|zfs_force=y)
ZFS_FORCE="-f"
;;
esac
done
poolReady() {
pool="$1"
state="$("zpool" import -d "/dev/disk/by-id/" 2>/dev/null | "awk" "/pool: $pool/ { found = 1 }; /state:/ { if (found == 1) { print \$2; exit } }; END { if (found == 0) { print \"MISSING\" } }")"
if [[ "$state" = "ONLINE" ]]; then
return 0
else
echo "Pool $pool in state $state, waiting"
return 1
fi
}
poolImported() {
pool="$1"
"zpool" list "$pool" >/dev/null 2>/dev/null
}
poolImport() {
pool="$1"
"zpool" import -d "/dev/disk/by-id/" -N $ZFS_FORCE "$pool"
}
echo -n "importing root ZFS pool \"ZFS-primary\"..."
# Loop across the import until it succeeds, because the devices needed may not be discovered yet.
if ! poolImported "ZFS-primary"; then
for trial in `seq 1 60`; do
poolReady "ZFS-primary" > /dev/null && msg="$(poolImport "ZFS-primary" 2>&1)" && break
sleep 1
echo -n .
done
echo
if [[ -n "$msg" ]]; then
echo "$msg";
fi
poolImported "ZFS-primary" || poolImport "ZFS-primary" # Try one last time, e.g. to import a degraded pool.
fi
# let root mount and everything, then manually unlock stuff
load_zfs_nix() {
local device="/dev/disk/by-uuid/8bfaa32b-09dd-45c8-831e-05e80be82f9e"
local mountPoint="/"
local options="x-initrd.mount,noatime,nodiratime"
local fsType="ext4"
echo "manually mounting key location, then unmounting"
udevadm settle
mountFS "$device" "$(escapeFstab "$mountPoint")" "$(escapeFstab "$options")" "$fsType"
zfs load-key -L "file://$targetRoot/crypto/keys/zfs-nix-store-key" "ZFS-primary/nix"
umount "$targetRoot/"
}
load_zfs_nix
'';
}