Initial commit

makefile

@@ -0,0 +1,145 @@
+ifeq ($(shell $(MAKE) -v | grep GNU),)
+  $(error I need gnumake not bsdmake)
+endif
+REQUIRED_V := 3.82
+ifneq ($(REQUIRED_V),$(firstword $(sort $(MAKE_VERSION) $(REQUIRED_V))))
+  $(error For .ONESHELL to work I need at least version $(REQUIRED_V))
+endif
+
+.PHONY:  format \
+	partitios
+	configure_boot \
+	configure_luks \
+	configure_lvm \
+	format_swap \
+	format_zpool \
+	mount \
+	nix_install \
+	install
+
+include .env
+ifndef DRIVE
+  $(error Missing Drive Argument)
+endif
+
+.ONESHELL:
+
+format:
+	$(info clearing disk)
+	sgdisk --zap-all "$(DRIVE)"
+	partprobe "$(DRIVE)" >/dev/null || true
+
+partition:
+	$(info partition drive into boot & luks partition)
+	sgdisk -n 0:0:+300MiB -t 0:ea00 -c 0:boot  "$(DRIVE)"
+	sgdisk -n 0:0:0       -t 0:8300 -c 0:crypt "$(DRIVE)"
+	partprobe "$(DRIVE)" >/dev/null || true
+
+configure_boot:
+	$(info setting up boot drive)
+	sleep 4
+	partprobe "$(DRIVE)" >/dev/null || true
+	mkfs.vfat /dev/disk/by-partlabel/boot
+
+configure_luks:
+	$(info setting up luks)
+	dd if=/dev/urandom of=/tmp/keyfile bs=1k count=8
+	echo "YES" | cryptsetup luksFormat \
+	    /dev/disk/by-partlabel/crypt \
+	    --key-size 512 \
+	    --hash sha512 \
+	    --key-file /tmp/keyfile
+	echo $(PASSPHRASE) | cryptsetup luksAddKey \
+	    /dev/disk/by-partlabel/crypt \
+	    --key-file /tmp/keyfile
+	cryptsetup luksOpen /dev/disk/by-partlabel/crypt root
+	cryptsetup luksRemoveKey /dev/disk/by-partlabel/crypt /tmp/keyfile
+
+configure_lvm:
+	$(info Setting up LVM 10G for swap the rest for lvm_root)
+	pvcreate "/dev/mapper/root"
+	vgcreate "partitions" "/dev/mapper/root"
+	lvcreate -L 10G -n swap "partitions"
+	lvcreate -l 100%FREE -n lvm_root "partitions"
+
+format_swap:
+	$(info making swap)
+	mkswap -L swap /dev/partitions/swap
+
+format_zpool:
+	$(info making zfs part)
+	zpool create        \
+	-O atime=on         \
+	-O relatime=on      \
+	-O compression=lz4  \
+	-O snapdir=visible  \
+	-O xattr=sa         \
+	-o ashift=12        \
+	-o altroot=/mnt     \
+	rpool               \
+	/dev/partitions/lvm_root
+	zfs create -o mountpoint=none rpool/root
+	zfs create -o mountpoint=legacy rpool/root/nixos
+	zfs create -o copies=2 -o mountpoint=legacy rpool/home
+	zpool set bootfs=rpool/root/nixos rpool
+	zfs set com.sun:auto-snapshot=true rpool/home
+
+mount:
+	$(info mounting devices)
+	mkswap -L swap /dev/partitions/swap
+	swapon /dev/partitions/swap
+	mount -t zfs rpool/root/nixos /mnt
+	mkdir -p /mnt/{home,boot}
+	mount -t zfs rpool/home /mnt/home
+	mount /dev/disk/by-partlabel/boot /mnt/boot
+
+nix_install:
+	nixos-generate-config --root /mnt
+	cat << EOF > /mnt/etc/nixos/zfs.nix
+	# /etc/nixos/zfs.nix (Don't forget to add it to configuration.nix)
+	# These are the options ZFS requires, but a normal system has, of course,
+	#   more options (like a bootloader, or installed software).
+	{ config, pkgs, ... }:
+	{
+	  # remove this after 1st boot
+	  # see https://nixos.org/nixos/options.html#boot.zfs.forceimportroot
+	  boot.kernelParams = ["zfs_force=1"];
+
+	  boot.zfs.forceImportRoot = false;
+	  boot.zfs.forceImportAll = false;
+
+	  boot.supportedFilesystems = [ "zfs" ];
+
+	  services.zfs.autoScrub.enable = true;
+	  # this enables the zfs-auto-snapshot
+	  services.zfs.autoSnapshot = {
+	    enable = true;
+	    flags = "-k -p --utc";
+	  };
+	}
+	EOF
+
+
+install: |  format \
+	partition \
+	configure_boot \
+	configure_luks \
+	configure_lvm \
+	format_swap \
+	format_zpool \
+	mount \
+	nix_install
+
+echo:
+	echo $(PASSPHRASE)
+	echo $(DRIVE)
+
+remove:
+	swapoff /dev/partitions/swap      >/dev/null || true
+	umount /mnt/home                  >/dev/null || true
+	umount /mnt/boot                  >/dev/null || true
+	umount /mnt/rpool                  >/dev/null || true
+	umount /mnt                       >/dev/null || true
+	yes | lvremove /dev/partitions/*  >/dev/null || true
+	cryptsetup close root             >/dev/null || true
+	partprobe "$(DRIVE)"              >/dev/null || true

nixos/configuration.nix

@@ -0,0 +1,103 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # networking.hostName = "nixos"; # Define your hostname.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+  # Set your time zone.
+  # time.timeZone = "Europe/Amsterdam";
+
+  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+  # Per-interface useDHCP will be mandatory in the future, so this generated config
+  # replicates the default behaviour.
+  networking.useDHCP = false;
+  networking.interfaces.enp2s0f0.useDHCP = true;
+  networking.interfaces.enp5s0.useDHCP = true;
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Select internationalisation properties.
+  # i18n.defaultLocale = "en_US.UTF-8";
+  # console = {
+  #   font = "Lat2-Terminus16";
+  #   keyMap = "us";
+  # };
+
+  # Enable the X11 windowing system.
+  # services.xserver.enable = true;
+
+
+  
+
+  # Configure keymap in X11
+  # services.xserver.layout = "us";
+  # services.xserver.xkbOptions = "eurosign:e";
+
+  # Enable CUPS to print documents.
+  # services.printing.enable = true;
+
+  # Enable sound.
+  # sound.enable = true;
+  # hardware.pulseaudio.enable = true;
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  # services.xserver.libinput.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  # users.users.jane = {
+  #   isNormalUser = true;
+  #   extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+  # };
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  # environment.systemPackages = with pkgs; [
+  #   vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+  #   wget
+  #   firefox
+  # ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  # services.openssh.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "21.05"; # Did you read the comment?
+
+}
+

nixos/hardware-configuration.nix

@@ -0,0 +1,35 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "rpool/root/nixos";
+      fsType = "zfs";
+    };
+
+  fileSystems."/home" =
+    { device = "rpool/home";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/46C8-4779";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/2162f142-e124-4aeb-aece-79f1648148cd"; }
+    ];
+
+}

nixos/zfs.nix

@@ -0,0 +1,21 @@
+# /etc/nixos/zfs.nix (Don't forget to add it to configuration.nix)
+# These are the options ZFS requires, but a normal system has, of course,
+#   more options (like a bootloader, or installed software).
+{ config, pkgs, ... }:
+{
+  # remove this after 1st boot
+  # see https://nixos.org/nixos/options.html#boot.zfs.forceimportroot
+  boot.kernelParams = ["zfs_force=1"];
+
+  boot.zfs.forceImportRoot = false;
+  boot.zfs.forceImportAll = false;
+
+  boot.supportedFilesystems = [ "zfs" ];
+
+  services.zfs.autoScrub.enable = true;
+  # this enables the zfs-auto-snapshot
+  services.zfs.autoSnapshot = {
+    enable = true;
+    flags = "-k -p --utc";
+  };
+}

readme.md

@@ -0,0 +1,5 @@
+Install requirements
+
+- git 
+- make
+