{ config, lib, pkgs, ... }: let cfg = config.zfs-root.boot; inherit (lib) mkIf types mkDefault mkOption mkMerge strings; inherit (builtins) head toString map tail; in { options.zfs-root.boot = { enable = mkOption { description = "Enable root on ZFS support"; type = types.bool; default = false; # TODO: change by @motiejus }; devNodes = mkOption { description = "Specify where to discover ZFS pools"; type = types.str; apply = x: assert (strings.hasSuffix "/" x || abort "devNodes '${x}' must have trailing slash!"); x; default = "/dev/disk/by-id/"; }; bootDevices = mkOption { description = "Specify boot devices"; type = types.nonEmptyListOf types.str; }; availableKernelModules = mkOption { type = types.nonEmptyListOf types.str; default = ["uas" "nvme" "ahci"]; }; kernelParams = mkOption { type = types.listOf types.str; default = []; }; immutable = mkOption { description = "Enable root on ZFS immutable root support"; type = types.bool; default = false; }; removableEfi = mkOption { description = "install bootloader to fallback location"; type = types.bool; default = true; }; partitionScheme = mkOption { default = { biosBoot = "-part5"; efiBoot = "-part1"; swap = "-part4"; bootPool = "-part2"; rootPool = "-part3"; }; description = "Describe on disk partitions"; type = types.attrsOf types.str; }; sshUnlock = { enable = mkOption { type = types.bool; default = false; }; authorizedKeys = mkOption { type = types.listOf types.str; default = []; }; }; }; config = mkIf (cfg.enable) (mkMerge [ { zfs-root.fileSystems.datasets = { "rpool/nixos/home" = mkDefault "/home"; "rpool/nixos/var/lib" = mkDefault "/var/lib"; "rpool/nixos/var/log" = mkDefault "/var/log"; "rpool/nixos/nix" = mkDefault "/nix"; "bpool/nixos/root" = "/boot"; }; } (mkIf (!cfg.immutable) { zfs-root.fileSystems.datasets = {"rpool/nixos/root" = "/";}; }) (mkIf cfg.immutable { zfs-root.fileSystems = { datasets = { "rpool/nixos/empty" = "/"; "rpool/nixos/root" = "/oldroot"; }; bindmounts = { "/oldroot/nix" = "/nix"; "/oldroot/etc/nixos" = "/etc/nixos"; }; }; boot.initrd.postDeviceCommands = '' if ! grep -q zfs_no_rollback /proc/cmdline; then zpool import -N rpool zfs rollback -r rpool/nixos/empty@start zpool export -a fi ''; }) { zfs-root.fileSystems = { efiSystemPartitions = map (diskName: diskName + cfg.partitionScheme.efiBoot) cfg.bootDevices; swapPartitions = map (diskName: diskName + cfg.partitionScheme.swap) cfg.bootDevices; }; boot = { kernelPackages = mkDefault config.boot.zfs.package.latestCompatibleLinuxPackages; initrd.availableKernelModules = cfg.availableKernelModules; kernelParams = cfg.kernelParams; supportedFilesystems = ["zfs"]; zfs = { devNodes = cfg.devNodes; forceImportRoot = mkDefault false; }; loader = { efi = { canTouchEfiVariables = if cfg.removableEfi then false else true; efiSysMountPoint = "/boot/efis/" + (head cfg.bootDevices) + cfg.partitionScheme.efiBoot; }; generationsDir.copyKernels = true; grub = { enable = true; devices = map (diskName: cfg.devNodes + diskName) cfg.bootDevices; efiInstallAsRemovable = cfg.removableEfi; copyKernels = true; efiSupport = true; zfsSupport = true; extraInstallCommands = toString (map (diskName: '' set -x ${pkgs.coreutils-full}/bin/cp -r ${config.boot.loader.efi.efiSysMountPoint}/EFI /boot/efis/${diskName}${cfg.partitionScheme.efiBoot} set +x '') (tail cfg.bootDevices)); }; }; }; } (mkIf cfg.sshUnlock.enable { boot.initrd = { network = { enable = true; ssh = { enable = true; hostKeys = [ "/var/lib/ssh_unlock_zfs_ed25519_key" "/var/lib/ssh_unlock_zfs_rsa_key" ]; authorizedKeys = cfg.sshUnlock.authorizedKeys; }; postCommands = '' tee -a /root/.profile >/dev/null <<EOF if zfs load-key rpool/nixos; then pkill zfs fi exit EOF''; }; }; }) ]); }