.github
.vscode
docs
hydra
keys
lib
modules
pkgs
systems
artemision
palatine-hill
attic
docker
haproxy
acme.nix
configuration.nix
default.nix
firewall.nix
gitea.nix
hardware-changes.nix
hardware.nix
hydra.nix
loki.nix
minio.nix
networking.nix
nextcloud.nix
postgresql.nix
samba.nix
secrets.yaml
typhon.nix
vars.nix
zfs.nix
users
utils
.envrc
.gitconfig
.gitignore
.sops.yaml
CONTRIBUTING.md
README.md
checks.nix
flake.lock
flake.nix
shell.nix
statix.toml
treefmt.toml
ZFS moved import from postDeviceCommands to postResumeCommands and now my key import doesnt work :( Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
150 lines
4.2 KiB
Nix
150 lines
4.2 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
{
|
|
boot = {
|
|
zfs.extraPools = [ "ZFS-primary" ];
|
|
filesystem = "zfs";
|
|
extraModprobeConfig = ''
|
|
options zfs zfs_arc_min=82463372083
|
|
options zfs zfs_arc_max=192414534860
|
|
'';
|
|
};
|
|
|
|
services = {
|
|
zfs = {
|
|
trim.enable = true;
|
|
autoScrub.enable = true;
|
|
};
|
|
|
|
sanoid = {
|
|
enable = true;
|
|
|
|
datasets = {
|
|
"ZFS-primary/attic".useTemplate = [ "nix-prod" ];
|
|
"ZFS-primary/backups".useTemplate = [ "production" ];
|
|
"ZFS-primary/calibre".useTemplate = [ "production" ];
|
|
"ZFS-primary/db".useTemplate = [ "production" ];
|
|
"ZFS-primary/docker".useTemplate = [ "production" ];
|
|
"ZFS-primary/hydra".useTemplate = [ "nix-prod" ];
|
|
"ZFS-primary/nextcloud".useTemplate = [ "production" ];
|
|
# all docker containers should have a bind mount if they expect lasting zfs snapshots
|
|
"ZFS-primary/vardocker".useTemplate = [ "nix-prod" ];
|
|
"ZFS-primary/minio".useTemplate = [ "nix-prod" ];
|
|
"ZFS-primary/games" = {
|
|
useTemplate = [ "games" ];
|
|
recursive = true;
|
|
processChildrenOnly = true;
|
|
};
|
|
};
|
|
|
|
templates = {
|
|
# full resiliency
|
|
production = {
|
|
frequently = 0;
|
|
hourly = 36;
|
|
daily = 30;
|
|
weekly = 0;
|
|
monthly = 6;
|
|
yearly = 3;
|
|
autosnap = true;
|
|
autoprune = true;
|
|
};
|
|
# some resiliency, but not much
|
|
# common option for things like nix store and attic where there is
|
|
# already a lot of resiliency built in
|
|
nix-prod = {
|
|
frequently = 4;
|
|
hourly = 24;
|
|
daily = 7;
|
|
weekly = 0;
|
|
monthly = 0;
|
|
yearly = 0;
|
|
autosnap = true;
|
|
autoprune = true;
|
|
};
|
|
# much shorter lived than others
|
|
games = {
|
|
frequently = 6;
|
|
hourly = 36;
|
|
daily = 3;
|
|
weekly = 0;
|
|
monthly = 0;
|
|
yearly = 0;
|
|
autosnap = true;
|
|
autoprune = true;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
# hack to make sure pool is imported before keys are loaded,
|
|
# and also keys are imported before things get mounted
|
|
# note to self: move zfs encryption over to luks lol
|
|
boot.initrd.postResumeCommands = ''
|
|
ZFS_FORCE="-f"
|
|
|
|
for o in $(cat /proc/cmdline); do
|
|
case $o in
|
|
zfs_force|zfs_force=1|zfs_force=y)
|
|
ZFS_FORCE="-f"
|
|
;;
|
|
esac
|
|
done
|
|
poolReady() {
|
|
pool="$1"
|
|
state="$("zpool" import -d "/dev/disk/by-id/" 2>/dev/null | "awk" "/pool: $pool/ { found = 1 }; /state:/ { if (found == 1) { print \$2; exit } }; END { if (found == 0) { print \"MISSING\" } }")"
|
|
if [[ "$state" = "ONLINE" ]]; then
|
|
return 0
|
|
else
|
|
echo "Pool $pool in state $state, waiting"
|
|
return 1
|
|
fi
|
|
}
|
|
poolImported() {
|
|
pool="$1"
|
|
"zpool" list "$pool" >/dev/null 2>/dev/null
|
|
}
|
|
poolImport() {
|
|
pool="$1"
|
|
"zpool" import -d "/dev/disk/by-id/" -N $ZFS_FORCE "$pool"
|
|
}
|
|
|
|
echo -n "importing root ZFS pool \"ZFS-primary\"..."
|
|
# Loop across the import until it succeeds, because the devices needed may not be discovered yet.
|
|
if ! poolImported "ZFS-primary"; then
|
|
for trial in `seq 1 60`; do
|
|
poolReady "ZFS-primary" > /dev/null && msg="$(poolImport "ZFS-primary" 2>&1)" && break
|
|
sleep 1
|
|
echo -n .
|
|
done
|
|
echo
|
|
if [[ -n "$msg" ]]; then
|
|
echo "$msg";
|
|
fi
|
|
poolImported "ZFS-primary" || poolImport "ZFS-primary" # Try one last time, e.g. to import a degraded pool.
|
|
fi
|
|
|
|
# let root mount and everything, then manually unlock stuff
|
|
load_zfs_nix() {
|
|
local device="/dev/disk/by-uuid/8bfaa32b-09dd-45c8-831e-05e80be82f9e"
|
|
local mountPoint="/"
|
|
local options="x-initrd.mount,noatime,nodiratime"
|
|
local fsType="ext4"
|
|
|
|
echo "manually mounting key location, then unmounting"
|
|
udevadm settle
|
|
|
|
mountFS "$device" "$(escapeFstab "$mountPoint")" "$(escapeFstab "$options")" "$fsType"
|
|
|
|
zfs load-key -L "file://$targetRoot/crypto/keys/zfs-nix-store-key" "ZFS-primary/nix"
|
|
umount "$targetRoot/"
|
|
}
|
|
|
|
load_zfs_nix
|
|
'';
|
|
}
|