testing

2026-01-27 11:13:58 -06:00
parent 176d0b7311
commit 10fc7820e1
5 changed files with 46 additions and 38 deletions
--- a/checks/disksnstuff.sh
+++ b/checks/disksnstuff.sh
@@ -1,13 +1,13 @@
 #!/usr/bin/env bash

-disk=/dev/nvme0n1
+disk=/dev/mapper/nuc-nixos-cryptroot

 # sudo mkfs.vfat "$disk"1
-# sudo bcachefs format --encrypted "$disk"2
+# sudo bcachefs format --label ssd.ssd1 --compression=zstd --discard "$disk"

 sudo mount -t tmpfs -o mode=755 none /mnt
 sudo mkdir -p /mnt/{boot,home,root,etc,nix,var/log,tmp,persist}
-sudo mount "$disk"p1 /mnt/boot
+sudo mount /dev/disk/by-partlabel/disk-main-nuc-nixos-EFI /mnt/boot
 # sudo mkdir -p /mnt/boot/firmware
 # sudo mount "$disk"2 /mnt/boot/firmware
 # sudo mount "$disk"2 -o compress=zstd,subvol=home /mnt/home
@@ -16,29 +16,34 @@ sudo mount "$disk"p1 /mnt/boot
 # sudo mount "$disk"2 -o compress=zstd,noatime,subvol=nix /mnt/nix
 # sudo mount "$disk"2 -o compress=zstd,noatime,subvol=log /mnt/var/log

-bcachefs unlock -k session /dev/disk/by-partlabel/disk-main-nuc-nixos-bcachefs-root
+# bcachefs unlock -k session /dev/disk/by-partlabel/disk-main-nuc-nixos-bcachefs-root
+sudo cryptsetup open /dev/disk/by-partlabel/disk-main-nuc-nixos-cryptroot nuc-nixos-cryptroot  
 # sudo bcachefs unlock -k session "$disk"2
-# sudo mount "$disk"2 /mnt/tmp
+# sudo mount "$disk" /mnt/tmp
 # cd /mnt/tmp
+# ls -alh
+
 # sudo bcachefs subvolume create nix
 # sudo bcachefs subvolume create etc
 # sudo bcachefs subvolume create log
 # sudo bcachefs subvolume create root
 # sudo bcachefs subvolume create persist
 # sudo bcachefs subvolume create home
+
+# ls -alh
 # cd /etc/nixos
 # sudo umount /mnt/tmp

-sudo mount -o noatime,X-mount.subdir=nix "$disk"p2 /mnt/nix
-sudo mount -o noatime,X-mount.subdir=etc "$disk"p2 /mnt/etc
-sudo mount -o noatime,X-mount.subdir=log "$disk"p2 /mnt/var/log
-sudo mount -o noatime,X-mount.subdir=root "$disk"p2 /mnt/root
-sudo mount -o noatime,X-mount.subdir=persist "$disk"p2 /mnt/persist
-sudo mount -o X-mount.subdir=home "$disk"p2 /mnt/home
+sudo mount -o noatime,X-mount.subdir=nix "$disk" /mnt/nix
+sudo mount -o noatime,X-mount.subdir=etc "$disk" /mnt/etc
+sudo mount -o noatime,X-mount.subdir=log "$disk" /mnt/var/log
+sudo mount -o noatime,X-mount.subdir=root "$disk" /mnt/root
+sudo mount -o noatime,X-mount.subdir=persist "$disk" /mnt/persist
+sudo mount -o X-mount.subdir=home "$disk" /mnt/home

 # tree /mnt

-sudo nixos-install --flake /etc/nixos#nuc-nixos
+# sudo nixos-install --flake /etc/nixos#nuc-nixos

 # sudo umount /mnt/boot
 # sudo umount /mnt/var/log
--- a/modules/nixos/boot/common/default.nix
+++ b/modules/nixos/boot/common/default.nix
@@ -44,30 +44,31 @@ in
      bootspec.enable = (!isArm);

      initrd = {
-        secrets = {
-          "/etc/clevis/nuc-nixos.jwe" = (lib.snowfall.fs.get-file "secrets/nuc-nixos.jwe");
-        };
+      #   secrets = {
+      #     "/etc/clevis/nuc-nixos.jwe" = (lib.snowfall.fs.get-file "secrets/nuc-nixos.jwe");
+      #   };

-        systemd.services."unlock-disk" = {
-          enable = true;
-          path = [
-            pkgs.clevis
-            pkgs.bcachefs-tools
-          ];
-          script = ''
-            ${pkgs.clevis}/bin/clevis decrypt < "/etc/clevis/nuc-nixos.jwe" | ${pkgs.bcachefs-tools}/bin/bcachefs unlock -k session /dev/disk/by-label/disk-main-nuc-nixos-bcachefs-root
-          '';
-          wantedBy = [ "initrd-root-fs.target" ];
-          requiredBy = [ "initrd-root-fs.target" ];
-          serviceConfig = {
-            Type = "oneshot";
-            TimeoutSec = "10s";
-          };
-        };
+        # systemd.services."unlock-disk" = {
+        #   enable = false;
+        #   path = [
+        #     pkgs.clevis
+        #     pkgs.bcachefs-tools
+        #   ];
+        #   script = ''
+        #     ${pkgs.clevis}/bin/clevis decrypt < "/etc/clevis/nuc-nixos.jwe"
+        #     # | ${pkgs.bcachefs-tools}/bin/bcachefs unlock -k session /dev/disk/by-label/disk-main-nuc-nixos-bcachefs-root
+        #   '';
+        #   wantedBy = [ "initrd-root-fs.target" ];
+        #   requiredBy = [ "initrd-root-fs.target" ];
+        #   serviceConfig = {
+        #     Type = "oneshot";
+        #     TimeoutSec = "10s";
+        #   };
+        # };

-        clevis = mkIf (config.${namespace}.hardware.disko.filesystem == "bcachefs"){
-          enable = true;
-        };
+        # clevis = mkIf (config.${namespace}.hardware.disko.filesystem == "bcachefs"){
+        #   enable = true;
+        # };

        luks = mkIf cfg.yubikeyEncryption {
          devices = {
--- a/modules/nixos/disko/default.nix
+++ b/modules/nixos/disko/default.nix
@@ -64,7 +64,7 @@ let
    size = "100%";
    content = {
      type = "luks";
-      name = "cryptroot";
+      name = "${config.${namespace}.network.hostName}-cryptroot";
      extraOpenArgs = [
        "--allow-discards"
        "--perf-no_read_workqueue"
@@ -185,7 +185,7 @@ in
        bcachefs_filesystems = lib.mkIf (cfg.filesystem == "bcachefs") {
          mounted_subvolumes_in_multi = {
            type = "bcachefs_filesystem";
-            passwordFile = "/etc/nixos/test.key";
+            # passwordFile = "/etc/nixos/test.key";
            extraFormatArgs = [
              "--compression=${cfg.compression}"
            ];
--- a/modules/nixos/hardware/btrfs/default.nix
+++ b/modules/nixos/hardware/btrfs/default.nix
@@ -1,7 +1,7 @@
-{ lib, ... }:
+{ lib, config, namespace, ... }:
 {
  services.btrfs = {
-    autoScrub.enable = lib.mkDefault true;
+    autoScrub.enable = lib.mkDefault (config.${namespace}.hardware.disko.filesystem == "btrfs");
    autoScrub.fileSystems = lib.mkDefault [
      "/nix"
      "/root"
--- a/systems/x86_64-linux/nuc-nixos/default.nix
+++ b/systems/x86_64-linux/nuc-nixos/default.nix
@@ -18,6 +18,8 @@
    hardware.disko = {
      enable = true;
      enableLuks = true;
+      filesystem = "btrfs";
+      # rootDisk = "/dev/loop0";
    };

    headless.enable = true;