From 96ddf8fdf040a139ba4b04ca5843a3d4f09547ab Mon Sep 17 00:00:00 2001 From: Andre Date: Fri, 5 Jul 2024 09:36:11 -0400 Subject: [PATCH] Filesystems: remove need for unlocked root partition UUID --- flake.lock | 6 +- hosts/Dimaga/hardware-configuration.nix | 19 ++---- hosts/Khanda/hardware-configuration.nix | 19 ++---- hosts/Shura/hardware-configuration.nix | 19 ++---- modules/system/filesystem.nix | 89 ++++++++++--------------- 5 files changed, 58 insertions(+), 94 deletions(-) diff --git a/flake.lock b/flake.lock index 55b99ff..9afeb8a 100644 --- a/flake.lock +++ b/flake.lock @@ -138,11 +138,11 @@ ] }, "locked": { - "lastModified": 1720135141, - "narHash": "sha256-1GHh1/WO+f42TXxb1WiZFMuepM7ITA9iT+6yJBbBNsY=", + "lastModified": 1720167120, + "narHash": "sha256-K9JYdlPiyaXp33JRg7CT8rMwH56e4ncXSsXW/YKnNXc=", "owner": "nix-community", "repo": "home-manager", - "rev": "c514e862cd5705e51edb6fe8d01146fdeec661f2", + "rev": "bbe6e94737289c8cb92d4d8f9199fbfe4f11c0ba", "type": "github" }, "original": { diff --git a/hosts/Dimaga/hardware-configuration.nix b/hosts/Dimaga/hardware-configuration.nix index 5efca4d..98d2cc8 100644 --- a/hosts/Dimaga/hardware-configuration.nix +++ b/hosts/Dimaga/hardware-configuration.nix @@ -9,7 +9,6 @@ let bootUUID = "FC20-D155"; # The UUID of the boot partition. luksUUID = "9fdc521b-a037-4070-af47-f54da03675e4"; # The UUID of the locked LUKS partition. - rootUUID = "dfb4fc8f-e82b-43a1-91c1-a77acb6337cb"; # The UUID of the unlocked filesystem partition. in { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; @@ -37,20 +36,14 @@ in # Configure the main filesystem. aux.system.filesystem = { - btrfs = { - enable = true; - devices = { - boot = "/dev/disk/by-uuid/${bootUUID}"; - btrfs = "/dev/disk/by-uuid/${rootUUID}"; - }; - swapFile = { - enable = true; - size = 16384; - }; + enable = true; + partitions = { + boot = "/dev/disk/by-uuid/${bootUUID}"; + luks = "/dev/disk/by-uuid/${luksUUID}"; }; - luks = { + swapFile = { enable = true; - uuid = luksUUID; + size = 16384; }; }; diff --git a/hosts/Khanda/hardware-configuration.nix b/hosts/Khanda/hardware-configuration.nix index caf4f36..3a90dc8 100644 --- a/hosts/Khanda/hardware-configuration.nix +++ b/hosts/Khanda/hardware-configuration.nix @@ -9,7 +9,6 @@ let bootUUID = "B2D7-96C3"; # The UUID of the boot partition. luksUUID = "f5ff391a-f2ef-4ac3-9ce8-9f5ed950b212"; # The UUID of the locked LUKS partition. - rootUUID = "fed155a3-04ae-47c0-996d-0398faaa6a17"; # The UUID of the unlocked filesystem partition. in { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; @@ -71,20 +70,14 @@ in # Configure the main filesystem. aux.system.filesystem = { - btrfs = { - enable = true; - devices = { - boot = "/dev/disk/by-uuid/${bootUUID}"; - btrfs = "/dev/disk/by-uuid/${rootUUID}"; - }; - swapFile = { - enable = true; - size = 16384; - }; + enable = true; + partitions = { + boot = "/dev/disk/by-uuid/${bootUUID}"; + luks = "/dev/disk/by-uuid/${luksUUID}"; }; - luks = { + swapFile = { enable = true; - uuid = luksUUID; + size = 16384; }; }; diff --git a/hosts/Shura/hardware-configuration.nix b/hosts/Shura/hardware-configuration.nix index 7202124..98240a5 100644 --- a/hosts/Shura/hardware-configuration.nix +++ b/hosts/Shura/hardware-configuration.nix @@ -9,7 +9,6 @@ let bootUUID = "AFCB-D880"; # The UUID of the boot partition. luksUUID = "bcf67e34-339e-40b9-8ffd-bec8f7f55248"; # The UUID of the locked LUKS partition. - rootUUID = "b801fbea-4cb5-4255-bea9-a2ce77d1a1b7"; # The UUID of the unlocked filesystem partition. in { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; @@ -36,20 +35,14 @@ in # Configure the main filesystem. aux.system.filesystem = { - btrfs = { - enable = true; - devices = { - boot = "/dev/disk/by-uuid/${bootUUID}"; - btrfs = "/dev/disk/by-uuid/${rootUUID}"; - }; - swapFile = { - enable = true; - size = 16384; - }; + enable = true; + partitions = { + boot = "/dev/disk/by-uuid/${bootUUID}"; + luks = "/dev/disk/by-uuid/${luksUUID}"; }; - luks = { + swapFile = { enable = true; - uuid = luksUUID; + size = 16384; }; }; diff --git a/modules/system/filesystem.nix b/modules/system/filesystem.nix index 220b571..4091e13 100644 --- a/modules/system/filesystem.nix +++ b/modules/system/filesystem.nix @@ -2,74 +2,59 @@ let cfg = config.aux.system.filesystem; - standardMountOpts = [ "compress=zstd" ]; + # LUKS partition will decrypt to /dev/mapper/nixos-root + decryptPart = "nixos-root"; + decryptPath = "/dev/mapper/${decryptPart}"; in { options = { aux.system.filesystem = { - btrfs = { - enable = lib.mkEnableOption (lib.mdDoc "Enables standard BTRFS subvolumes and parameters."); - devices = { - boot = lib.mkOption { - type = lib.types.str; - description = "The ID of your boot partition. Use /dev/disk/by-uuid for best results."; - default = ""; - }; - btrfs = lib.mkOption { - type = lib.types.str; - description = "The ID of your BTRFS partition. Use /dev/disk/by-uuid for best results."; - default = ""; - }; + enable = lib.mkEnableOption (lib.mdDoc "Enables standard BTRFS subvolumes and parameters."); + partitions = { + boot = lib.mkOption { + type = lib.types.str; + description = "The ID of your boot partition. Use /dev/disk/by-uuid for best results."; + default = ""; }; - swapFile = { - enable = lib.mkEnableOption (lib.mdDoc "Enables the creation of a swap file."); - size = lib.mkOption { - type = lib.types.int; - description = "The size of the swap file to create in MB (defaults to 8192, or ~8 gigabytes)."; - default = 8192; - }; + luks = lib.mkOption { + type = lib.types.str; + description = "The ID of your LUKS partition. Use /dev/disk/by-uuid for best results."; + default = ""; }; }; - luks = { - enable = lib.mkEnableOption ( - lib.mkDoc "Enables an encrypted LUKS container for the BTRFS partition." - ); - uuid = lib.mkOption { - type = lib.types.str; - description = "The UUID of the encrypted LUKS volume."; + swapFile = { + enable = lib.mkEnableOption (lib.mdDoc "Enables the creation of a swap file."); + size = lib.mkOption { + type = lib.types.int; + description = "The size of the swap file to create in MB (defaults to 8192, or ~8 gigabytes)."; + default = 8192; }; }; }; }; - config = lib.mkIf cfg.btrfs.enable { + config = lib.mkIf cfg.enable { # Check for blank parameters assertions = [ { - assertion = cfg.btrfs.devices.btrfs != ""; - message = "Please specify the BTRFS partition UUID to use as the filesystem."; + assertion = cfg.partitions.luks != ""; + message = "Please specify a LUKS partition to use as the root filesystem."; } { - assertion = cfg.btrfs.devices.boot != ""; - message = "Please specify the boot partition UUID."; + assertion = cfg.partitions.boot != ""; + message = "Please specify your boot partition."; } - (lib.mkIf cfg.luks.enable { - assertion = cfg.luks.uuid != ""; - message = "Please enter a valid UUID for the encrypted LUKS volume."; - }) ]; - boot.initrd.luks.devices = lib.mkIf cfg.luks.enable { - "luks-${cfg.luks.uuid}" = { - device = "/dev/disk/by-uuid/${cfg.luks.uuid}"; - # Enable TPM auto-unlocking if configured - crypttabExtraOpts = lib.mkIf config.aux.system.bootloader.tpm2.enable [ "tpm2-device=auto" ]; - }; + boot.initrd.luks.devices.${decryptPart} = { + device = cfg.partitions.luks; + # Enable TPM auto-unlocking if configured + crypttabExtraOpts = lib.mkIf config.aux.system.bootloader.tpm2.enable [ "tpm2-device=auto" ]; }; fileSystems = { "/" = { - device = cfg.btrfs.devices.btrfs; + device = decryptPath; fsType = "btrfs"; options = [ "subvol=@" @@ -77,11 +62,11 @@ in ]; }; "/boot" = { - device = cfg.btrfs.devices.boot; + device = cfg.partitions.boot; fsType = "vfat"; }; "/home" = { - device = cfg.btrfs.devices.btrfs; + device = decryptPath; fsType = "btrfs"; options = [ "subvol=@home" @@ -89,7 +74,7 @@ in ]; }; "/var/log" = { - device = cfg.btrfs.devices.btrfs; + device = decryptPath; fsType = "btrfs"; options = [ "subvol=@log" @@ -97,7 +82,7 @@ in ]; }; "/nix" = { - device = cfg.btrfs.devices.btrfs; + device = decryptPath; fsType = "btrfs"; options = [ "subvol=@nix" @@ -106,9 +91,9 @@ in ]; }; } - // lib.optionalAttrs cfg.btrfs.swapFile.enable { + // lib.optionalAttrs cfg.swapFile.enable { "/swap" = { - device = cfg.btrfs.devices.btrfs; + device = decryptPath; fsType = "btrfs"; options = [ "subvol=@swap" @@ -117,10 +102,10 @@ in }; }; - swapDevices = lib.mkIf cfg.btrfs.swapFile.enable [ + swapDevices = lib.mkIf cfg.swapFile.enable [ { device = "/swap/swapfile"; - size = cfg.btrfs.swapFile.size; + size = cfg.swapFile.size; } ]; };