From 1cba02caf4ce981350d52badb57b098822573919 Mon Sep 17 00:00:00 2001 From: James Patrick Date: Mon, 15 Nov 2021 02:49:03 +0000 Subject: [PATCH] Initial commit --- makefile | 145 +++++++++++++++++++++++++++++++ nixos/configuration.nix | 103 ++++++++++++++++++++++ nixos/hardware-configuration.nix | 35 ++++++++ nixos/zfs.nix | 21 +++++ readme.md | 5 ++ 5 files changed, 309 insertions(+) create mode 100644 makefile create mode 100644 nixos/configuration.nix create mode 100644 nixos/hardware-configuration.nix create mode 100644 nixos/zfs.nix create mode 100644 readme.md diff --git a/makefile b/makefile new file mode 100644 index 0000000..8eed239 --- /dev/null +++ b/makefile @@ -0,0 +1,145 @@ +ifeq ($(shell $(MAKE) -v | grep GNU),) + $(error I need gnumake not bsdmake) +endif +REQUIRED_V := 3.82 +ifneq ($(REQUIRED_V),$(firstword $(sort $(MAKE_VERSION) $(REQUIRED_V)))) + $(error For .ONESHELL to work I need at least version $(REQUIRED_V)) +endif + +.PHONY: format \ + partitios + configure_boot \ + configure_luks \ + configure_lvm \ + format_swap \ + format_zpool \ + mount \ + nix_install \ + install + +include .env +ifndef DRIVE + $(error Missing Drive Argument) +endif + +.ONESHELL: + +format: + $(info clearing disk) + sgdisk --zap-all "$(DRIVE)" + partprobe "$(DRIVE)" >/dev/null || true + +partition: + $(info partition drive into boot & luks partition) + sgdisk -n 0:0:+300MiB -t 0:ea00 -c 0:boot "$(DRIVE)" + sgdisk -n 0:0:0 -t 0:8300 -c 0:crypt "$(DRIVE)" + partprobe "$(DRIVE)" >/dev/null || true + +configure_boot: + $(info setting up boot drive) + sleep 4 + partprobe "$(DRIVE)" >/dev/null || true + mkfs.vfat /dev/disk/by-partlabel/boot + +configure_luks: + $(info setting up luks) + dd if=/dev/urandom of=/tmp/keyfile bs=1k count=8 + echo "YES" | cryptsetup luksFormat \ + /dev/disk/by-partlabel/crypt \ + --key-size 512 \ + --hash sha512 \ + --key-file /tmp/keyfile + echo $(PASSPHRASE) | cryptsetup luksAddKey \ + /dev/disk/by-partlabel/crypt \ + --key-file /tmp/keyfile + cryptsetup luksOpen /dev/disk/by-partlabel/crypt root + cryptsetup luksRemoveKey /dev/disk/by-partlabel/crypt /tmp/keyfile + +configure_lvm: + $(info Setting up LVM 10G for swap the rest for lvm_root) + pvcreate "/dev/mapper/root" + vgcreate "partitions" "/dev/mapper/root" + lvcreate -L 10G -n swap "partitions" + lvcreate -l 100%FREE -n lvm_root "partitions" + +format_swap: + $(info making swap) + mkswap -L swap /dev/partitions/swap + +format_zpool: + $(info making zfs part) + zpool create \ + -O atime=on \ + -O relatime=on \ + -O compression=lz4 \ + -O snapdir=visible \ + -O xattr=sa \ + -o ashift=12 \ + -o altroot=/mnt \ + rpool \ + /dev/partitions/lvm_root + zfs create -o mountpoint=none rpool/root + zfs create -o mountpoint=legacy rpool/root/nixos + zfs create -o copies=2 -o mountpoint=legacy rpool/home + zpool set bootfs=rpool/root/nixos rpool + zfs set com.sun:auto-snapshot=true rpool/home + +mount: + $(info mounting devices) + mkswap -L swap /dev/partitions/swap + swapon /dev/partitions/swap + mount -t zfs rpool/root/nixos /mnt + mkdir -p /mnt/{home,boot} + mount -t zfs rpool/home /mnt/home + mount /dev/disk/by-partlabel/boot /mnt/boot + +nix_install: + nixos-generate-config --root /mnt + cat << EOF > /mnt/etc/nixos/zfs.nix + # /etc/nixos/zfs.nix (Don't forget to add it to configuration.nix) + # These are the options ZFS requires, but a normal system has, of course, + # more options (like a bootloader, or installed software). + { config, pkgs, ... }: + { + # remove this after 1st boot + # see https://nixos.org/nixos/options.html#boot.zfs.forceimportroot + boot.kernelParams = ["zfs_force=1"]; + + boot.zfs.forceImportRoot = false; + boot.zfs.forceImportAll = false; + + boot.supportedFilesystems = [ "zfs" ]; + + services.zfs.autoScrub.enable = true; + # this enables the zfs-auto-snapshot + services.zfs.autoSnapshot = { + enable = true; + flags = "-k -p --utc"; + }; + } + EOF + + +install: | format \ + partition \ + configure_boot \ + configure_luks \ + configure_lvm \ + format_swap \ + format_zpool \ + mount \ + nix_install + +echo: + echo $(PASSPHRASE) + echo $(DRIVE) + +remove: + swapoff /dev/partitions/swap >/dev/null || true + umount /mnt/home >/dev/null || true + umount /mnt/boot >/dev/null || true + umount /mnt/rpool >/dev/null || true + umount /mnt >/dev/null || true + yes | lvremove /dev/partitions/* >/dev/null || true + cryptsetup close root >/dev/null || true + partprobe "$(DRIVE)" >/dev/null || true diff --git a/nixos/configuration.nix b/nixos/configuration.nix new file mode 100644 index 0000000..5174350 --- /dev/null +++ b/nixos/configuration.nix @@ -0,0 +1,103 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # networking.hostName = "nixos"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # The global useDHCP flag is deprecated, therefore explicitly set to false here. + # Per-interface useDHCP will be mandatory in the future, so this generated config + # replicates the default behaviour. + networking.useDHCP = false; + networking.interfaces.enp2s0f0.useDHCP = true; + networking.interfaces.enp5s0.useDHCP = true; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # }; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + + + + # Configure keymap in X11 + # services.xserver.layout = "us"; + # services.xserver.xkbOptions = "eurosign:e"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # sound.enable = true; + # hardware.pulseaudio.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + # users.users.jane = { + # isNormalUser = true; + # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + # }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + # environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + # firefox + # ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "21.05"; # Did you read the comment? + +} + diff --git a/nixos/hardware-configuration.nix b/nixos/hardware-configuration.nix new file mode 100644 index 0000000..bbf165f --- /dev/null +++ b/nixos/hardware-configuration.nix @@ -0,0 +1,35 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "rpool/root/nixos"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "rpool/home"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/46C8-4779"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/2162f142-e124-4aeb-aece-79f1648148cd"; } + ]; + +} diff --git a/nixos/zfs.nix b/nixos/zfs.nix new file mode 100644 index 0000000..6bc1b7e --- /dev/null +++ b/nixos/zfs.nix @@ -0,0 +1,21 @@ +# /etc/nixos/zfs.nix (Don't forget to add it to configuration.nix) +# These are the options ZFS requires, but a normal system has, of course, +# more options (like a bootloader, or installed software). +{ config, pkgs, ... }: +{ + # remove this after 1st boot + # see https://nixos.org/nixos/options.html#boot.zfs.forceimportroot + boot.kernelParams = ["zfs_force=1"]; + + boot.zfs.forceImportRoot = false; + boot.zfs.forceImportAll = false; + + boot.supportedFilesystems = [ "zfs" ]; + + services.zfs.autoScrub.enable = true; + # this enables the zfs-auto-snapshot + services.zfs.autoSnapshot = { + enable = true; + flags = "-k -p --utc"; + }; +} diff --git a/readme.md b/readme.md new file mode 100644 index 0000000..c94180c --- /dev/null +++ b/readme.md @@ -0,0 +1,5 @@ +Install requirements + +- git +- make +