aires/nix-configuration
aires/nix-configuration
1
0
Fork 0
Code Actions Activity

Filesystems: remove need for unlocked root partition UUID

Browse source
This commit is contained in:
Aires 2024-07-05 09:36:11 -04:00
parent b12f7e2b4a
commit 96ddf8fdf0
5 changed files with 58 additions and 94 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
flake.lock
View file

@ -138,11 +138,11 @@
]
},
"locked": {
"lastModified": 1720135141,
"narHash": "sha256-1GHh1/WO+f42TXxb1WiZFMuepM7ITA9iT+6yJBbBNsY=",
"lastModified": 1720167120,
"narHash": "sha256-K9JYdlPiyaXp33JRg7CT8rMwH56e4ncXSsXW/YKnNXc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "c514e862cd5705e51edb6fe8d01146fdeec661f2",
"rev": "bbe6e94737289c8cb92d4d8f9199fbfe4f11c0ba",
"type": "github"
},
"original": {

19
hosts/Dimaga/hardware-configuration.nix
View file

@ -9,7 +9,6 @@
let
bootUUID = "FC20-D155"; # The UUID of the boot partition.
luksUUID = "9fdc521b-a037-4070-af47-f54da03675e4"; # The UUID of the locked LUKS partition.
rootUUID = "dfb4fc8f-e82b-43a1-91c1-a77acb6337cb"; # The UUID of the unlocked filesystem partition.
in
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
@ -37,20 +36,14 @@ in
# Configure the main filesystem.
aux.system.filesystem = {
btrfs = {
enable = true;
devices = {
boot = "/dev/disk/by-uuid/${bootUUID}";
btrfs = "/dev/disk/by-uuid/${rootUUID}";
};
swapFile = {
enable = true;
size = 16384;
};
enable = true;
partitions = {
boot = "/dev/disk/by-uuid/${bootUUID}";
luks = "/dev/disk/by-uuid/${luksUUID}";
};
luks = {
swapFile = {
enable = true;
uuid = luksUUID;
size = 16384;
};
};

19
hosts/Khanda/hardware-configuration.nix
View file

@ -9,7 +9,6 @@
let
bootUUID = "B2D7-96C3"; # The UUID of the boot partition.
luksUUID = "f5ff391a-f2ef-4ac3-9ce8-9f5ed950b212"; # The UUID of the locked LUKS partition.
rootUUID = "fed155a3-04ae-47c0-996d-0398faaa6a17"; # The UUID of the unlocked filesystem partition.
in
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
@ -71,20 +70,14 @@ in
# Configure the main filesystem.
aux.system.filesystem = {
btrfs = {
enable = true;
devices = {
boot = "/dev/disk/by-uuid/${bootUUID}";
btrfs = "/dev/disk/by-uuid/${rootUUID}";
};
swapFile = {
enable = true;
size = 16384;
};
enable = true;
partitions = {
boot = "/dev/disk/by-uuid/${bootUUID}";
luks = "/dev/disk/by-uuid/${luksUUID}";
};
luks = {
swapFile = {
enable = true;
uuid = luksUUID;
size = 16384;
};
};

19
hosts/Shura/hardware-configuration.nix
View file

@ -9,7 +9,6 @@
let
bootUUID = "AFCB-D880"; # The UUID of the boot partition.
luksUUID = "bcf67e34-339e-40b9-8ffd-bec8f7f55248"; # The UUID of the locked LUKS partition.
rootUUID = "b801fbea-4cb5-4255-bea9-a2ce77d1a1b7"; # The UUID of the unlocked filesystem partition.
in
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
@ -36,20 +35,14 @@ in
# Configure the main filesystem.
aux.system.filesystem = {
btrfs = {
enable = true;
devices = {
boot = "/dev/disk/by-uuid/${bootUUID}";
btrfs = "/dev/disk/by-uuid/${rootUUID}";
};
swapFile = {
enable = true;
size = 16384;
};
enable = true;
partitions = {
boot = "/dev/disk/by-uuid/${bootUUID}";
luks = "/dev/disk/by-uuid/${luksUUID}";
};
luks = {
swapFile = {
enable = true;
uuid = luksUUID;
size = 16384;
};
};

89
modules/system/filesystem.nix
View file

@ -2,74 +2,59 @@
let
cfg = config.aux.system.filesystem;
standardMountOpts = [ "compress=zstd" ];
# LUKS partition will decrypt to /dev/mapper/nixos-root
decryptPart = "nixos-root";
decryptPath = "/dev/mapper/${decryptPart}";
in
{
options = {
aux.system.filesystem = {
btrfs = {
enable = lib.mkEnableOption (lib.mdDoc "Enables standard BTRFS subvolumes and parameters.");
devices = {
boot = lib.mkOption {
type = lib.types.str;
description = "The ID of your boot partition. Use /dev/disk/by-uuid for best results.";
default = "";
};
btrfs = lib.mkOption {
type = lib.types.str;
description = "The ID of your BTRFS partition. Use /dev/disk/by-uuid for best results.";
default = "";
};
enable = lib.mkEnableOption (lib.mdDoc "Enables standard BTRFS subvolumes and parameters.");
partitions = {
boot = lib.mkOption {
type = lib.types.str;
description = "The ID of your boot partition. Use /dev/disk/by-uuid for best results.";
default = "";
};
swapFile = {
enable = lib.mkEnableOption (lib.mdDoc "Enables the creation of a swap file.");
size = lib.mkOption {
type = lib.types.int;
description = "The size of the swap file to create in MB (defaults to 8192, or ~8 gigabytes).";
default = 8192;
};
luks = lib.mkOption {
type = lib.types.str;
description = "The ID of your LUKS partition. Use /dev/disk/by-uuid for best results.";
default = "";
};
};
luks = {
enable = lib.mkEnableOption (
lib.mkDoc "Enables an encrypted LUKS container for the BTRFS partition."
);
uuid = lib.mkOption {
type = lib.types.str;
description = "The UUID of the encrypted LUKS volume.";
swapFile = {
enable = lib.mkEnableOption (lib.mdDoc "Enables the creation of a swap file.");
size = lib.mkOption {
type = lib.types.int;
description = "The size of the swap file to create in MB (defaults to 8192, or ~8 gigabytes).";
default = 8192;
};
};
};
};
config = lib.mkIf cfg.btrfs.enable {
config = lib.mkIf cfg.enable {
# Check for blank parameters
assertions = [
{
assertion = cfg.btrfs.devices.btrfs != "";
message = "Please specify the BTRFS partition UUID to use as the filesystem.";
assertion = cfg.partitions.luks != "";
message = "Please specify a LUKS partition to use as the root filesystem.";
}
{
assertion = cfg.btrfs.devices.boot != "";
message = "Please specify the boot partition UUID.";
assertion = cfg.partitions.boot != "";
message = "Please specify your boot partition.";
}
(lib.mkIf cfg.luks.enable {
assertion = cfg.luks.uuid != "";
message = "Please enter a valid UUID for the encrypted LUKS volume.";
})
];
boot.initrd.luks.devices = lib.mkIf cfg.luks.enable {
"luks-${cfg.luks.uuid}" = {
device = "/dev/disk/by-uuid/${cfg.luks.uuid}";
# Enable TPM auto-unlocking if configured
crypttabExtraOpts = lib.mkIf config.aux.system.bootloader.tpm2.enable [ "tpm2-device=auto" ];
};
boot.initrd.luks.devices.${decryptPart} = {
device = cfg.partitions.luks;
# Enable TPM auto-unlocking if configured
crypttabExtraOpts = lib.mkIf config.aux.system.bootloader.tpm2.enable [ "tpm2-device=auto" ];
};
fileSystems =
{
"/" = {
device = cfg.btrfs.devices.btrfs;
device = decryptPath;
fsType = "btrfs";
options = [
"subvol=@"
@ -77,11 +62,11 @@ in
];
};
"/boot" = {
device = cfg.btrfs.devices.boot;
device = cfg.partitions.boot;
fsType = "vfat";
};
"/home" = {
device = cfg.btrfs.devices.btrfs;
device = decryptPath;
fsType = "btrfs";
options = [
"subvol=@home"
@ -89,7 +74,7 @@ in
];
};
"/var/log" = {
device = cfg.btrfs.devices.btrfs;
device = decryptPath;
fsType = "btrfs";
options = [
"subvol=@log"
@ -97,7 +82,7 @@ in
];
};
"/nix" = {
device = cfg.btrfs.devices.btrfs;
device = decryptPath;
fsType = "btrfs";
options = [
"subvol=@nix"
@ -106,9 +91,9 @@ in
];
};
}
// lib.optionalAttrs cfg.btrfs.swapFile.enable {
// lib.optionalAttrs cfg.swapFile.enable {
"/swap" = {
device = cfg.btrfs.devices.btrfs;
device = decryptPath;
fsType = "btrfs";
options = [
"subvol=@swap"
@ -117,10 +102,10 @@ in
};
};
swapDevices = lib.mkIf cfg.btrfs.swapFile.enable [
swapDevices = lib.mkIf cfg.swapFile.enable [
{
device = "/swap/swapfile";
size = cfg.btrfs.swapFile.size;
size = cfg.swapFile.size;
}
];
};