disk labels etc.

2024-06-29 23:07:20 +00:00 · 2023-09-22 13:06:18 -04:00 · 2023-09-22 13:06:18 -04:00 · a378c23746
parent f4d58e45ea
commit a378c23746
5 changed files with 78 additions and 15 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,3 +2,6 @@
 result*
 *.qcow2
 .nixie
+*~
+.#*
+\#*#
--- a/38
+++ b/38
@ -12,33 +12,43 @@
  https://dev.to/stack-labs/manage-your-secrets-in-git-with-sops-common-operations-118g
  export SOPS_PGP_FP="D4BB42BE729AEFBD2EFEBF8822931AF7895E82DF"
  sops -e /etc/ssh/ssh_host_id > hosts/floki/
+* labels
+  * btrfs
+    * sudo btrfs filesystem label <mountpoint|device> <newlabel>
+  * luks
+  * FAT
+    * sudo fatlabel <device> <newlabel>
+  * swap (see: https://discourse.nixos.org/t/how-do-i-set-up-a-swap-file/8323/7)
+  * udevadm trigger

 INSTALL:
 export device=/dev/nvme0n1
+export hostname=floki
+wipefs/shread/scrub ${device}
 printf "label: gpt\n,550M,U\n,,L\n" | sfdisk ${device}
-mkfs.fat -F 32 ${device}
-cryptsetup --verify-passphrase -v luksFormat "${device}p2"
-cryptsetup open "${device}p2"enc
-mkfs.btrfs /dev/mapper/enc
-mount /dev/mapper/enc /mnt
+mkfs.fat -L boot -F 32 ${device}
+cryptsetup --verify-passphrase -v luksFormat --label "${hostname}_crypt" "${device}p2"
+cryptsetup open "${device}p2" "${hostname}_crypt"
+mkfs.btrfs -L ${hostname} /dev/mapper/"${hostname}_crypt"
+mount -t btrfs -o subvol=/ /dev/disk/by-label/${hostname} /mnt
 btrfs subvolume create /mnt/root
 btrfs subvolume create /mnt/nix
 btrfs subvolume create /mnt/persist
 btrfs subvolume create /mnt/swap
 btrfs subvolume create /mnt/logs

-mount -o compress=zstd,subvol=root /dev/mapper/enc /mnt
+mount -o compress=zstd,subvol=root /dev/mapper/"${hostname}_crypt" /mnt
 mkdir /mnt/{nix,persist,swap,var/logs}
-mount -o compress=zstd,noatime,subvol=nix /dev/mapper/enc /mnt/nix
-mount -o compress=zstd,subvol=persist /dev/mapper/enc /mnt/persist
-mount -o compress=zstd,noatime,subvol=logs /dev/mapper/enc /mnt/var/logs
-mount -o noatime,subvol=swap /dev/mapper/enc /mnt/swap
+mount -o compress=zstd,noatime,subvol=nix /dev/mapper/"${hostname}_crypt" /mnt/nix
+mount -o compress=zstd,subvol=persist /dev/mapper/"${hostname}_crypt" /mnt/persist
+mount -o compress=zstd,noatime,subvol=logs /dev/mapper/"${hostname}_crypt" /mnt/var/logs
+mount -o noatime,subvol=swap /dev/mapper/"${hostname}_crypt" /mnt/swap

 mkdir /mnt/boot
 mount /dev/sda1 /mnt/boot

 nixos-generate-config --root /mnt
-nano /mnt/etc/nixos/configuration.nix # manually add mount options
+nano /mnt/etc/nixos/configuration.nix # manually add mount options or cp from USB
 nixos-install

 nixos-generate-config --show-hardware-config
@ -53,8 +63,10 @@ fileSystems = {

 user hashedPassword: mkpasswd -m sha-512

+SWAP file btrfs: https://discourse.nixos.org/t/how-do-i-set-up-a-swap-file/8323/7
 btrfs filesystem mkswapfile --size 8g --uuid clear /swap/swapfile
-swapDevices = [ { device = "/swap/swapfile"; } ];
+swapon?
+swapDevices = [ { device = "/dev/disk/by-label/swap/swapfile"; } ];
 nixos-rebulid switch

 export NIX_CONFIG="experimental-features = nix-command flakes"
@ -74,7 +86,7 @@ home-manager switch --flake .#username@hostname


 sudo nixos-rebuild switch --flake .#my-hostname
-clear; sudo nixos-rebuild dry-activate --flake .#floki
+clear; sudo nixos-rebuild dry-activate --flake .#${hostname}

 -------
  services.pcscd.enable = true;
--- a/hosts/common/optional/btrfs.nix
+++ b/hosts/common/optional/btrfs.nix
@ -0,0 +1,46 @@
+{ lib, config, ... }:
+{
+  boot.initrd = {
+    supportedFilesystems = [ "btrfs" ];
+}
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/bf75af76-49b0-41fa-a4e5-9a52a6a0a667";
+      fsType = "btrfs";
+      options = [ "subvol=root" "compress=zstd" ];
+    };
+
+  boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/470152b6-16cc-4dcf-b1e9-c684c1589e33";
+
+  fileSystems."/nix" =
+    { device = "/dev/disk/by-uuid/bf75af76-49b0-41fa-a4e5-9a52a6a0a667";
+      fsType = "btrfs";
+      options = [ "subvol=nix" "noatime" "compress=zstd" ];
+    };
+
+  fileSystems."/persist" =
+    { device = "/dev/disk/by-uuid/bf75af76-49b0-41fa-a4e5-9a52a6a0a667";
+      fsType = "btrfs";
+      options = [ "subvol=persist" "noatime" "compression=zstd" ];
+    };
+
+  fileSystems."/var/logs" =
+    { device = "/dev/disk/by-uuid/bf75af76-49b0-41fa-a4e5-9a52a6a0a667";
+      fsType = "btrfs";
+      options = [ "subvol=logs" "noatime" "compress=zstd" ];
+      neededForBoot = true;
+    };
+
+  fileSystems."/swap" =
+    { device = "/dev/disk/by-uuid/bf75af76-49b0-41fa-a4e5-9a52a6a0a667";
+      fsType = "btrfs";
+      options = [ "subvol=swap" ];
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/3D04-3716";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+}
--- a/hosts/floki/hardware-configuration.nix
+++ b/hosts/floki/hardware-configuration.nix
@ -1,7 +1,6 @@
 {
  imports = [
-    ../common/optional/ephemeral-btrfs.nix
-    ../common/optional/encrypted-root.nix
+    ../common/optional/btrfs.nix
  ];

  boot = {
@ -17,6 +16,8 @@
      efi.canTouchEfiVariables = true;
    };
  };
+  
+  boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/470152b6-16cc-4dcf-b1e9-c684c1589e33";

  fileSystems = {
    "/boot" = {
--- a/shell.nix
+++ b/shell.nix
@ -19,6 +19,7 @@
      vim
      emacs
      tig
+      ripgrep

      sops
      ssh-to-age