Compare commits

...

3 Commits

4 changed files with 91 additions and 8 deletions

View File

@ -0,0 +1,3 @@
#!/usr/bin/env bash
sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko ./zspeed.nix

View File

@ -0,0 +1,73 @@
{
disko.devices = {
disk = {
x = {
type = "disk";
device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zspeed";
};
};
};
};
};
y = {
type = "disk";
device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi3";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zspeed";
};
};
};
};
};
};
zpool = {
zspeed = {
type = "zpool";
mode = "mirror";
rootFsOptions = {
"compression" = "zstd-4";
"com.sun:auto-snapshot" = "false";
"xattr" = "sa";
"atime" = "off";
};
options = {
"ashift" = "13";
};
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zspeed@blank$' || zfs snapshot zspeed@blank";
datasets = {
postgres = {
type = "zfs_volume";
size = "10G -s";
options = {
"com.sun:auto-snapshot:daily" = "true";
"volblocksize" = "8k";
};
};
lxc = {
type = "zfs_volume";
size = "10G -s";
options = {
"com.sun:auto-snapshot:daily" = "true";
"volblocksize" = "8k";
};
};
};
};
};
};
}

View File

@ -1,5 +1,6 @@
{ pkgs, inputs, config, lib, ... }: { pkgs, inputs, config, lib, ... }:
let let
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
username = "admin"; username = "admin";
pubKeys = lib.filesystem.listFilesRecursive (../keys); pubKeys = lib.filesystem.listFilesRecursive (../keys);
hostname = config.networking.hostName; hostname = config.networking.hostName;
@ -7,7 +8,7 @@ let
secretsDirectory = builtins.toString inputs.nix-secrets; secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml"; secretsFile = "${secretsDirectory}/secrets.yaml";
in in
{ {
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
@ -15,7 +16,13 @@ in
hashedPasswordFile = sopsHashedPasswordFile; hashedPasswordFile = sopsHashedPasswordFile;
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key); openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
extraGroups = ["wheel"]; extraGroups = [
"wheel"
] ++ ifTheyExist [
"docker"
"lxc"
"git"
];
packages = with pkgs; [ packages = with pkgs; [
]; ];
@ -30,7 +37,7 @@ in
path = "/home/${username}/.ssh/id_ed25519"; path = "/home/${username}/.ssh/id_ed25519";
mode = "0600"; mode = "0600";
owner = "${username}"; owner = "${username}";
}; };
"ssh_keys/${username}/id_ed25519.pub" = { "ssh_keys/${username}/id_ed25519.pub" = {
path = "/home/${username}/.ssh/id_ed25519.pub"; path = "/home/${username}/.ssh/id_ed25519.pub";
mode = "0644"; mode = "0644";

View File

@ -1,11 +1,10 @@
{ inputs, config, lib, pkgs, outputs, ... }: { inputs, ... }:
let let
# Disko setup # Disko setup
fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
dev = "/dev/sda"; # depends on target hardware dev = "/dev/disk/by-id/ata-QEMU_HARDDISK_QM00005"; # depends on target hardware
encrypted = false; # currrently only applies to btrfs encrypted = false; # currrently only applies to btrfs
impermanence = false; # currrently only applies to btrfs impermanence = false; # currrently only applies to btrfs
btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root";
user = "admin"; user = "admin";
in in
{ {
@ -14,7 +13,7 @@ in
# Create users for this host # Create users for this host
../common/users/${user} ../common/users/${user}
# Disk configuration # Root disk configuration
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
(import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; }) (import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; })
@ -24,7 +23,7 @@ in
# Import optional options # Import optional options
../common/optional/openssh.nix ../common/optional/openssh.nix
../common/optional/lxd
]; ];
@ -45,6 +44,7 @@ in
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ];
boot.zfs.forceImportRoot = false; boot.zfs.forceImportRoot = false;
networking.hostId = "18aec5d7"; networking.hostId = "18aec5d7";
boot.zfs.extraPools = [ "zspeed" ];
services.libinput.enable = true; services.libinput.enable = true;
} }