From 577b24490bc3c9e9e0c2e300d6216e4b03ee4dc6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Thu, 20 Apr 2023 02:02:48 +0200 Subject: [PATCH] disko: fix eval with newer version, general fixes --- disko/disko-config.nix | 171 ++++++++++++++++++------------- flake.lock | 34 +++--- hosts/home-assistant/default.nix | 4 +- 3 files changed, 115 insertions(+), 94 deletions(-) diff --git a/disko/disko-config.nix b/disko/disko-config.nix index 3b768e81..53708292 100644 --- a/disko/disko-config.nix +++ b/disko/disko-config.nix @@ -1,8 +1,17 @@ -{ lib, name ? "chaos", disk ? "/dev/sda1", ... }: +{ lib +, name ? "chaos" +, disk ? "/dev/sda1" +, ... +}: + +# TODO: +# option no zfs +# option no ceph +# option no lvm, only zfs { - disk = { - ${disk} = { + disko.devices = { + disk.${disk} = { device = disk; type = "disk"; content = { @@ -10,7 +19,6 @@ format = "gpt"; partitions = [ { - type = "partition"; name = "ESP"; start = "1MiB"; end = "512MiB"; @@ -22,7 +30,6 @@ }; } { - type = "partition"; name = "root"; start = "512MiB"; end = "100%"; @@ -31,7 +38,7 @@ type = "luks"; name = "crypt-${name}"; # TODO: add password, otherwise prompt opens - # keyFile = "./keyFile"; + keyFile = "/$PWD/keyFile"; content = { type = "lvm_pv"; vg = "lvm-${name}"; @@ -41,78 +48,94 @@ ]; }; }; - }; - lvm_vg."lvm-${name}" = { - type = "lvm_vg"; - lvs = { - raw = { - type = "lvm_lv"; - # size = "100%-200GiB"; - }; - zfs = { - type = "lvm_lv"; - size = "200GiB"; - content = { - type = "zfs"; - pool = name; + lvm_vg."lvm-${name}" = { + type = "lvm_vg"; + lvs = + let + rootSize = 200; + in + { + # the header is 3650 byte long and substract an additional 446 byte for aligment + # error messages: + # Volume group "lvm-chaos" has insufficient free space (51195 extents): 51200 required. + # Size is not a multiple of 512. Try using 40057405440 or 40057405952. + raw.size = + let + # convert GiB to bytes + rootSizeMiB = rootSize * 1024 * 1024 * 1024; + # convert back to MiB and allign to 4 MiB in the process + roundToMiB = "/1024/1024/4*4"; + # substract 512 MiB for /boot and 20 MiB for luks+header+other + bootOther = "-512-20"; + in + "$((($(lsblk /dev/sda --noheadings --nodeps --output SIZE --bytes)-${toString rootSizeMiB})${roundToMiB}${bootOther}))MiB"; + zfs = { + size = "${toString rootSize}GiB"; + content = { + pool = name; + type = "zfs"; + }; + }; }; - }; }; - }; - zpool."${name}-${lib.replaceStrings ["/dev/"] [""] disk}" = { - type = "zpool"; - rootFsOptions = { - acltype = "posixacl"; - ashift = "12"; - autotrim = "on"; - canmount = "off"; - compression = "zstd"; - normalization = "formD"; - mountpoint = "none"; - xattr = "sa"; - }; - datasets = - let - dataset = mountpoint: { - options = { - canmount = "on"; - inherit mountpoint; - }; - zfs_type = "filesystem"; - }; - in - { - "data" = dataset "/"; - "data/etc" = dataset "/etc"; - "data/home" = dataset "/home"; - "data/var" = dataset "/var"; - # used by services.postgresqlBackup and later by restic - "data/var/backup" = dataset "/var/backup"; - "data/var/lib" = dataset "/var/lib"; - "data/var/log" = dataset "/var/log"; - "nixos" = { - options.canmount = "off"; - zfs_type = "filesystem"; - }; - "nixos/nix" = dataset "/nix"; - "nixos/nix/store" = { - options = { - atime = "off"; - canmount = "on"; - mountpoint = "/nix/store"; - }; - zfs_type = "filesystem"; - }; - "nixos/nix/var" = dataset "/nix/var"; - "resered" = { # zfs uses copy on write and requires some free space to delete files when the disk is completely filled - options = { - canmount = "off"; - reservation = "5GiB"; - }; - zfs_type = "filesystem"; - }; + zpool."${name}" = { + type = "zpool"; + rootFsOptions.acltype = "posixacl"; + options = { + ashift = "12"; + autotrim = "on"; }; + datasets = + let + dataset = mountpoint: { + options = { + canmount = "on"; + compression = "zstd"; + normalization = "formD"; + xattr = "sa"; + inherit mountpoint; + }; + type = "zfs_fs"; + }; + in + { + "data" = dataset "/"; + "data/etc" = dataset "/etc"; + "data/home" = dataset "/home"; + "data/var" = dataset "/var"; + # used by services.postgresqlBackup and later by restic + "data/var/backup" = dataset "/var/backup"; + "data/var/lib" = dataset "/var/lib"; + "data/var/log" = dataset "/var/log"; + "nixos" = { + options = { + canmount = "off"; + mountpoint = "none"; + }; + type = "zfs_fs"; + }; + "nixos/nix" = dataset "/nix"; + "nixos/nix/store" = { + options = { + atime = "off"; + canmount = "on"; + mountpoint = "/nix/store"; + }; + type = "zfs_fs"; + }; + "nixos/nix/var" = dataset "/nix/var"; + "resered" = { + # zfs uses copy on write and requires some free space to delete files when the disk is completely filled + options = { + canmount = "off"; + mountpoint = "none"; + reservation = "5GiB"; + }; + type = "zfs_fs"; + }; + }; + }; }; } diff --git a/flake.lock b/flake.lock index 5a2d304f..297f82ee 100644 --- a/flake.lock +++ b/flake.lock @@ -437,11 +437,11 @@ ] }, "locked": { - "lastModified": 1681402478, - "narHash": "sha256-KVty2nJcLbbRK/366ozAV8TInad2WsVi4+eIQs/394E=", + "lastModified": 1681602324, + "narHash": "sha256-UTENmT9iyW5RnRh7pqxvvyKzk2IKUX7u4pWZZb9xqEk=", "owner": "SuperSandro2000", "repo": "nixos-modules", - "rev": "44cc9babcb55ce8f3bda4153720152c920ff8410", + "rev": "77f680681393f0b37f3bd40b7a46d3eabf3a7e18", "type": "github" }, "original": { @@ -470,11 +470,11 @@ "openwrt": { "flake": false, "locked": { - "lastModified": 1681412109, - "narHash": "sha256-CESFikCnCPK617wjwIx++G8XMxS6XgWzEXY+fcKrhsA=", + "lastModified": 1681526062, + "narHash": "sha256-0LGEDhDiYRPFLvew3bGHIMLpQDkTKbICM9pEcEfaMn8=", "ref": "openwrt-21.02", - "rev": "e63b8443ab9f5edeba5b29c27f59015526cac0fd", - "revCount": 51306, + "rev": "34d2883b9d6fd4a3b3eb39d3fa90e8c281d36448", + "revCount": 51307, "type": "git", "url": "https://git.openwrt.org/openwrt/openwrt.git" }, @@ -491,11 +491,11 @@ ] }, "locked": { - "lastModified": 1681468707, - "narHash": "sha256-aD+74KowPjyxWP+bIqmZZaIHe5WxEhoXOSF+qOOCwPg=", + "lastModified": 1681637776, + "narHash": "sha256-Avsu70mmQ/lFkQ0Chy3qmF+uUfjawd+4s5SV0X2Ylyg=", "owner": "astro", "repo": "nix-openwrt-imagebuilder", - "rev": "b3d1f398472452ea288ce2d8dbf20d6115bf1c64", + "rev": "19566b1b1afa943f634eea61addede40b8c58a9c", "type": "github" }, "original": { @@ -648,11 +648,11 @@ ] }, "locked": { - "lastModified": 1681209176, - "narHash": "sha256-wyQokPpkNZnsl/bVf8m1428tfA0hJ0w/qexq4EizhTc=", + "lastModified": 1681613729, + "narHash": "sha256-9Qb0tHW8l1hgFkuB76n4VT9UNUaR7QL3CgmJ5hcVYEg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "00d5fd73756d424de5263b92235563bc06f2c6e1", + "rev": "b7a6670a28b01cd1f62879921e36be2c69c4137a", "type": "github" }, "original": { @@ -818,11 +818,11 @@ ] }, "locked": { - "lastModified": 1676226870, - "narHash": "sha256-h065ecNWjwwASqsbDo/E7QPfXL/6CIBkDp2h2bf1hnY=", + "lastModified": 1681688281, + "narHash": "sha256-L+mVYoXcuqmfhComALEvxYkX+t2HVJog7SjJs2iSjmM=", "ref": "refs/heads/master", - "rev": "e0085cabf38177e057de803f46f230a35d4c22bd", - "revCount": 407, + "rev": "d5d8e2d5888e47c03bf4682ec7eba4472c52707b", + "revCount": 408, "type": "git", "url": "https://gitea.c3d2.de/C3D2/yammat.git" }, diff --git a/hosts/home-assistant/default.nix b/hosts/home-assistant/default.nix index ae4ba81a..5a69a7db 100644 --- a/hosts/home-assistant/default.nix +++ b/hosts/home-assistant/default.nix @@ -72,9 +72,7 @@ in command = # the script is not inheriting PATH from home-assistant pkgs.resholve.writeScript "ldap-auth-sh" { - fake = { - external = [ "on_auth_failure" "on_auth_success" ]; - }; + fake.external = [ "on_auth_failure" "on_auth_success" ]; inputs = with pkgs; [ coreutils curl gnugrep gnused openldap ]; interpreter = "${pkgs.bash}/bin/bash"; keep."source:$CONFIG_FILE" = true;