2023-07-22 16:05:44 +03:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
lib,
|
|
|
|
pkgs,
|
|
|
|
...
|
|
|
|
}: let
|
|
|
|
cfg = config.zfs-root.boot;
|
|
|
|
inherit (lib) mkIf types mkDefault mkOption mkMerge strings;
|
|
|
|
inherit (builtins) head toString map tail;
|
|
|
|
in {
|
|
|
|
options.zfs-root.boot = {
|
|
|
|
enable = mkOption {
|
|
|
|
description = "Enable root on ZFS support";
|
|
|
|
type = types.bool;
|
|
|
|
default = false; # TODO: change by @motiejus
|
|
|
|
};
|
|
|
|
devNodes = mkOption {
|
|
|
|
description = "Specify where to discover ZFS pools";
|
|
|
|
type = types.str;
|
|
|
|
apply = x:
|
|
|
|
assert (strings.hasSuffix "/" x
|
|
|
|
|| abort "devNodes '${x}' must have trailing slash!"); x;
|
|
|
|
default = "/dev/disk/by-id/";
|
|
|
|
};
|
|
|
|
bootDevices = mkOption {
|
|
|
|
description = "Specify boot devices";
|
|
|
|
type = types.nonEmptyListOf types.str;
|
|
|
|
};
|
2023-08-26 07:18:27 +03:00
|
|
|
forceNoDev2305 = mkOption {
|
|
|
|
description = "https://github.com/NixOS/nixpkgs/issues/222491";
|
|
|
|
type = types.bool;
|
|
|
|
default = false;
|
|
|
|
};
|
2023-07-22 16:05:44 +03:00
|
|
|
availableKernelModules = mkOption {
|
|
|
|
type = types.nonEmptyListOf types.str;
|
|
|
|
default = ["uas" "nvme" "ahci"];
|
|
|
|
};
|
|
|
|
kernelParams = mkOption {
|
|
|
|
type = types.listOf types.str;
|
|
|
|
default = [];
|
|
|
|
};
|
|
|
|
immutable = mkOption {
|
|
|
|
description = "Enable root on ZFS immutable root support";
|
|
|
|
type = types.bool;
|
|
|
|
default = false;
|
|
|
|
};
|
|
|
|
removableEfi = mkOption {
|
|
|
|
description = "install bootloader to fallback location";
|
|
|
|
type = types.bool;
|
|
|
|
default = true;
|
|
|
|
};
|
|
|
|
partitionScheme = mkOption {
|
|
|
|
default = {
|
|
|
|
biosBoot = "-part5";
|
|
|
|
efiBoot = "-part1";
|
|
|
|
swap = "-part4";
|
|
|
|
bootPool = "-part2";
|
|
|
|
rootPool = "-part3";
|
|
|
|
};
|
|
|
|
description = "Describe on disk partitions";
|
|
|
|
type = types.attrsOf types.str;
|
|
|
|
};
|
|
|
|
sshUnlock = {
|
|
|
|
enable = mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = false;
|
|
|
|
};
|
|
|
|
authorizedKeys = mkOption {
|
|
|
|
type = types.listOf types.str;
|
|
|
|
default = [];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
config = mkIf (cfg.enable) (mkMerge [
|
|
|
|
{
|
|
|
|
zfs-root.fileSystems.datasets = {
|
|
|
|
"rpool/nixos/home" = mkDefault "/home";
|
|
|
|
"rpool/nixos/var/lib" = mkDefault "/var/lib";
|
|
|
|
"rpool/nixos/var/log" = mkDefault "/var/log";
|
|
|
|
"rpool/nixos/nix" = mkDefault "/nix";
|
|
|
|
"bpool/nixos/root" = "/boot";
|
|
|
|
};
|
|
|
|
}
|
|
|
|
(mkIf (!cfg.immutable) {
|
|
|
|
zfs-root.fileSystems.datasets = {"rpool/nixos/root" = "/";};
|
|
|
|
})
|
|
|
|
(mkIf cfg.immutable {
|
|
|
|
zfs-root.fileSystems = {
|
|
|
|
datasets = {
|
|
|
|
"rpool/nixos/empty" = "/";
|
|
|
|
"rpool/nixos/root" = "/oldroot";
|
|
|
|
};
|
|
|
|
bindmounts = {
|
|
|
|
"/oldroot/nix" = "/nix";
|
|
|
|
"/oldroot/etc/nixos" = "/etc/nixos";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
boot.initrd.postDeviceCommands = ''
|
|
|
|
if ! grep -q zfs_no_rollback /proc/cmdline; then
|
|
|
|
zpool import -N rpool
|
|
|
|
zfs rollback -r rpool/nixos/empty@start
|
|
|
|
zpool export -a
|
|
|
|
fi
|
|
|
|
'';
|
|
|
|
})
|
|
|
|
{
|
|
|
|
zfs-root.fileSystems = {
|
|
|
|
efiSystemPartitions =
|
|
|
|
map (diskName: diskName + cfg.partitionScheme.efiBoot)
|
|
|
|
cfg.bootDevices;
|
|
|
|
swapPartitions =
|
|
|
|
map (diskName: diskName + cfg.partitionScheme.swap) cfg.bootDevices;
|
|
|
|
};
|
|
|
|
boot = {
|
|
|
|
kernelPackages =
|
|
|
|
mkDefault config.boot.zfs.package.latestCompatibleLinuxPackages;
|
|
|
|
initrd.availableKernelModules = cfg.availableKernelModules;
|
|
|
|
kernelParams = cfg.kernelParams;
|
|
|
|
supportedFilesystems = ["zfs"];
|
|
|
|
zfs = {
|
|
|
|
devNodes = cfg.devNodes;
|
|
|
|
forceImportRoot = mkDefault false;
|
|
|
|
};
|
|
|
|
loader = {
|
|
|
|
efi = {
|
|
|
|
canTouchEfiVariables =
|
|
|
|
if cfg.removableEfi
|
|
|
|
then false
|
|
|
|
else true;
|
|
|
|
efiSysMountPoint =
|
|
|
|
"/boot/efis/"
|
|
|
|
+ (head cfg.bootDevices)
|
|
|
|
+ cfg.partitionScheme.efiBoot;
|
|
|
|
};
|
|
|
|
generationsDir.copyKernels = true;
|
|
|
|
grub = {
|
|
|
|
enable = true;
|
2023-08-26 07:18:27 +03:00
|
|
|
devices =
|
|
|
|
if cfg.forceNoDev2305
|
|
|
|
then ["nodev"]
|
|
|
|
else map (diskName: cfg.devNodes + diskName) cfg.bootDevices;
|
2023-07-22 16:05:44 +03:00
|
|
|
efiInstallAsRemovable = cfg.removableEfi;
|
|
|
|
copyKernels = true;
|
|
|
|
efiSupport = true;
|
|
|
|
zfsSupport = true;
|
|
|
|
extraInstallCommands = toString (map (diskName: ''
|
|
|
|
set -x
|
|
|
|
${pkgs.coreutils-full}/bin/cp -r ${config.boot.loader.efi.efiSysMountPoint}/EFI /boot/efis/${diskName}${cfg.partitionScheme.efiBoot}
|
|
|
|
set +x
|
|
|
|
'') (tail cfg.bootDevices));
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|
|
|
|
(mkIf cfg.sshUnlock.enable {
|
|
|
|
boot.initrd = {
|
|
|
|
network = {
|
|
|
|
enable = true;
|
|
|
|
ssh = {
|
|
|
|
enable = true;
|
|
|
|
hostKeys = [
|
|
|
|
"/var/lib/ssh_unlock_zfs_ed25519_key"
|
|
|
|
"/var/lib/ssh_unlock_zfs_rsa_key"
|
|
|
|
];
|
|
|
|
authorizedKeys = cfg.sshUnlock.authorizedKeys;
|
|
|
|
};
|
2023-07-23 16:04:45 +03:00
|
|
|
postCommands = ''
|
|
|
|
tee -a /root/.profile >/dev/null <<EOF
|
|
|
|
if zfs load-key rpool/nixos; then
|
|
|
|
pkill zfs
|
|
|
|
fi
|
|
|
|
exit
|
|
|
|
EOF'';
|
2023-07-22 16:05:44 +03:00
|
|
|
};
|
|
|
|
};
|
|
|
|
})
|
|
|
|
]);
|
|
|
|
}
|