disko: fix eval with newer version, general fixes

2023-04-20 02:02:48 +02:00 · 2023-04-20 02:02:48 +02:00 · 577b24490b
parent ab051ff2f3
commit 577b24490b
3 changed files with 115 additions and 94 deletions
--- a/disko/disko-config.nix
+++ b/disko/disko-config.nix
@ -1,8 +1,17 @@
-{ lib, name ? "chaos", disk ? "/dev/sda1", ... }:
+{ lib
+, name ? "chaos"
+, disk ? "/dev/sda1"
+, ...
+}:
+
+# TODO:
+# option no zfs
+# option no ceph
+# option no lvm, only zfs

 {
-  disk = {
-    ${disk} = {
+  disko.devices = {
+    disk.${disk} = {
      device = disk;
      type = "disk";
      content = {
@ -10,7 +19,6 @@
        format = "gpt";
        partitions = [
          {
-            type = "partition";
            name = "ESP";
            start = "1MiB";
            end = "512MiB";
@ -22,7 +30,6 @@
            };
          }
          {
-            type = "partition";
            name = "root";
            start = "512MiB";
            end = "100%";
@ -31,7 +38,7 @@
              type = "luks";
              name = "crypt-${name}";
              # TODO: add password, otherwise prompt opens
-              # keyFile = "./keyFile";
+              keyFile = "/$PWD/keyFile";
              content = {
                type = "lvm_pv";
                vg = "lvm-${name}";
@ -41,78 +48,94 @@
        ];
      };
    };
-  };

-  lvm_vg."lvm-${name}" = {
-    type = "lvm_vg";
-    lvs = {
-      raw = {
-        type = "lvm_lv";
-        # size = "100%-200GiB";
-      };
-      zfs = {
-        type = "lvm_lv";
-        size = "200GiB";
-        content = {
-          type = "zfs";
-          pool = name;
+    lvm_vg."lvm-${name}" = {
+      type = "lvm_vg";
+      lvs =
+        let
+          rootSize = 200;
+        in
+        {
+          # the header is 3650 byte long and substract an additional 446 byte for aligment
+          # error messages:
+          #   Volume group "lvm-chaos" has insufficient free space (51195 extents): 51200 required.
+          #   Size is not a multiple of 512. Try using 40057405440 or 40057405952.
+          raw.size =
+            let
+              # convert GiB to bytes
+              rootSizeMiB = rootSize * 1024 * 1024 * 1024;
+              # convert back to MiB and allign to 4 MiB in the process
+              roundToMiB = "/1024/1024/4*4";
+              # substract 512 MiB for /boot and 20 MiB for luks+header+other
+              bootOther = "-512-20";
+            in
+            "$((($(lsblk /dev/sda --noheadings --nodeps --output SIZE --bytes)-${toString rootSizeMiB})${roundToMiB}${bootOther}))MiB";
+          zfs = {
+            size = "${toString rootSize}GiB";
+            content = {
+              pool = name;
+              type = "zfs";
+            };
+          };
        };
-      };
    };
-  };

-  zpool."${name}-${lib.replaceStrings ["/dev/"] [""] disk}" = {
-    type = "zpool";
-    rootFsOptions = {
-      acltype = "posixacl";
-      ashift = "12";
-      autotrim = "on";
-      canmount = "off";
-      compression = "zstd";
-      normalization = "formD";
-      mountpoint = "none";
-      xattr = "sa";
-    };
-    datasets =
-      let
-        dataset = mountpoint: {
-          options = {
-            canmount = "on";
-            inherit mountpoint;
-          };
-          zfs_type = "filesystem";
-        };
-      in
-      {
-        "data" = dataset "/";
-        "data/etc" = dataset "/etc";
-        "data/home" = dataset "/home";
-        "data/var" = dataset "/var";
-        # used by services.postgresqlBackup and later by restic
-        "data/var/backup" = dataset "/var/backup";
-        "data/var/lib" = dataset "/var/lib";
-        "data/var/log" = dataset "/var/log";
-        "nixos" = {
-          options.canmount = "off";
-          zfs_type = "filesystem";
-        };
-        "nixos/nix" = dataset "/nix";
-        "nixos/nix/store" = {
-          options = {
-            atime = "off";
-            canmount = "on";
-            mountpoint = "/nix/store";
-          };
-          zfs_type = "filesystem";
-        };
-        "nixos/nix/var" = dataset "/nix/var";
-        "resered" = { # zfs uses copy on write and requires some free space to delete files when the disk is completely filled
-          options = {
-            canmount = "off";
-            reservation = "5GiB";
-          };
-          zfs_type = "filesystem";
-        };
+    zpool."${name}" = {
+      type = "zpool";
+      rootFsOptions.acltype = "posixacl";
+      options = {
+        ashift = "12";
+        autotrim = "on";
      };
+      datasets =
+        let
+          dataset = mountpoint: {
+            options = {
+              canmount = "on";
+              compression = "zstd";
+              normalization = "formD";
+              xattr = "sa";
+              inherit mountpoint;
+            };
+            type = "zfs_fs";
+          };
+        in
+        {
+          "data" = dataset "/";
+          "data/etc" = dataset "/etc";
+          "data/home" = dataset "/home";
+          "data/var" = dataset "/var";
+          # used by services.postgresqlBackup and later by restic
+          "data/var/backup" = dataset "/var/backup";
+          "data/var/lib" = dataset "/var/lib";
+          "data/var/log" = dataset "/var/log";
+          "nixos" = {
+            options = {
+              canmount = "off";
+              mountpoint = "none";
+            };
+            type = "zfs_fs";
+          };
+          "nixos/nix" = dataset "/nix";
+          "nixos/nix/store" = {
+            options = {
+              atime = "off";
+              canmount = "on";
+              mountpoint = "/nix/store";
+            };
+            type = "zfs_fs";
+          };
+          "nixos/nix/var" = dataset "/nix/var";
+          "resered" = {
+            # zfs uses copy on write and requires some free space to delete files when the disk is completely filled
+            options = {
+              canmount = "off";
+              mountpoint = "none";
+              reservation = "5GiB";
+            };
+            type = "zfs_fs";
+          };
+        };
+    };
  };
 }
--- a/flake.lock
+++ b/flake.lock
@ -437,11 +437,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1681402478,
-        "narHash": "sha256-KVty2nJcLbbRK/366ozAV8TInad2WsVi4+eIQs/394E=",
+        "lastModified": 1681602324,
+        "narHash": "sha256-UTENmT9iyW5RnRh7pqxvvyKzk2IKUX7u4pWZZb9xqEk=",
        "owner": "SuperSandro2000",
        "repo": "nixos-modules",
-        "rev": "44cc9babcb55ce8f3bda4153720152c920ff8410",
+        "rev": "77f680681393f0b37f3bd40b7a46d3eabf3a7e18",
        "type": "github"
      },
      "original": {
@ -470,11 +470,11 @@
    "openwrt": {
      "flake": false,
      "locked": {
-        "lastModified": 1681412109,
-        "narHash": "sha256-CESFikCnCPK617wjwIx++G8XMxS6XgWzEXY+fcKrhsA=",
+        "lastModified": 1681526062,
+        "narHash": "sha256-0LGEDhDiYRPFLvew3bGHIMLpQDkTKbICM9pEcEfaMn8=",
        "ref": "openwrt-21.02",
-        "rev": "e63b8443ab9f5edeba5b29c27f59015526cac0fd",
-        "revCount": 51306,
+        "rev": "34d2883b9d6fd4a3b3eb39d3fa90e8c281d36448",
+        "revCount": 51307,
        "type": "git",
        "url": "https://git.openwrt.org/openwrt/openwrt.git"
      },
@ -491,11 +491,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1681468707,
-        "narHash": "sha256-aD+74KowPjyxWP+bIqmZZaIHe5WxEhoXOSF+qOOCwPg=",
+        "lastModified": 1681637776,
+        "narHash": "sha256-Avsu70mmQ/lFkQ0Chy3qmF+uUfjawd+4s5SV0X2Ylyg=",
        "owner": "astro",
        "repo": "nix-openwrt-imagebuilder",
-        "rev": "b3d1f398472452ea288ce2d8dbf20d6115bf1c64",
+        "rev": "19566b1b1afa943f634eea61addede40b8c58a9c",
        "type": "github"
      },
      "original": {
@ -648,11 +648,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1681209176,
-        "narHash": "sha256-wyQokPpkNZnsl/bVf8m1428tfA0hJ0w/qexq4EizhTc=",
+        "lastModified": 1681613729,
+        "narHash": "sha256-9Qb0tHW8l1hgFkuB76n4VT9UNUaR7QL3CgmJ5hcVYEg=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "00d5fd73756d424de5263b92235563bc06f2c6e1",
+        "rev": "b7a6670a28b01cd1f62879921e36be2c69c4137a",
        "type": "github"
      },
      "original": {
@ -818,11 +818,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1676226870,
-        "narHash": "sha256-h065ecNWjwwASqsbDo/E7QPfXL/6CIBkDp2h2bf1hnY=",
+        "lastModified": 1681688281,
+        "narHash": "sha256-L+mVYoXcuqmfhComALEvxYkX+t2HVJog7SjJs2iSjmM=",
        "ref": "refs/heads/master",
-        "rev": "e0085cabf38177e057de803f46f230a35d4c22bd",
-        "revCount": 407,
+        "rev": "d5d8e2d5888e47c03bf4682ec7eba4472c52707b",
+        "revCount": 408,
        "type": "git",
        "url": "https://gitea.c3d2.de/C3D2/yammat.git"
      },
--- a/hosts/home-assistant/default.nix
+++ b/hosts/home-assistant/default.nix
@ -72,9 +72,7 @@ in
              command =
                # the script is not inheriting PATH from home-assistant
                pkgs.resholve.writeScript "ldap-auth-sh" {
-                  fake = {
-                    external = [ "on_auth_failure" "on_auth_success" ];
-                  };
+                  fake.external = [ "on_auth_failure" "on_auth_success" ];
                  inputs = with pkgs; [ coreutils curl gnugrep gnused openldap ];
                  interpreter = "${pkgs.bash}/bin/bash";
                  keep."source:$CONFIG_FILE" = true;