From a02606a6252e164ac893dbe55ef9e83611719ab7 Mon Sep 17 00:00:00 2001 From: Tristan Druyen Date: Thu, 20 Jun 2024 15:01:58 +0200 Subject: [PATCH] Migrate pulse from raid1 to single --- systems/nixos-pulse/default.nix | 63 +++++++++++++- systems/nixos-pulse/disko.nix | 149 -------------------------------- 2 files changed, 61 insertions(+), 151 deletions(-) delete mode 100644 systems/nixos-pulse/disko.nix diff --git a/systems/nixos-pulse/default.nix b/systems/nixos-pulse/default.nix index be5793e..25e496c 100644 --- a/systems/nixos-pulse/default.nix +++ b/systems/nixos-pulse/default.nix @@ -24,7 +24,6 @@ ../../os-mods/ryzenapu ../../os-mods/virt ../../users - ./disko.nix ]; programs.corectrl.gpuOverclock.enable = lib.mkForce false; @@ -42,6 +41,9 @@ kernelPackages = pkgs.pkgsx86_64_v3.linuxPackages_cachyos; kernelPatches = [ ]; kernelParams = [ + # "systemd.unit=emergency.target" + "systemd.setenv=SYSTEMD_SULOGIN_FORCE=1" + # "rescue" # "pcie_aspm=force" # "pcie_aspm.policy=powersupersave" # "rtc_cmos.use_acpi_alarm=1" # reduce S0 sleep wakeups @@ -50,20 +52,42 @@ loader = { systemd-boot = { enable = true; - configurationLimit = 8; + configurationLimit = 16; }; efi.canTouchEfiVariables = true; }; + supportedFilesystems = [ "btrfs" "vfat" ]; + initrd = { availableKernelModules = [ "nvme" "xhci_pci" "uas" "usbhid" "usb_storage" "sd_mod" ]; kernelModules = [ ]; systemd.enable = true; + supportedFilesystems = [ "btrfs" "vfat" ]; + + luks.devices = { + "crypted_1" = { + device = "/dev/disk/by-uuid/9cca6269-6afa-4f77-92ff-2e9eb8fc9bc7"; + allowDiscards = true; + bypassWorkqueues = true; + crypttabExtraOpts = [ "nofail" ]; + }; + "crypted_swap_1" = { + device = "/dev/disk/by-uuid/7b19e61a-20cd-47ae-9da2-0f40c9be86fe"; + allowDiscards = true; + bypassWorkqueues = true; + crypttabExtraOpts = [ "nofail" ]; + }; + }; }; extraModulePackages = [ ]; }; + swapDevices = [ + { device = "/dev/disk/by-uuid/83b6aa0a-ff9f-40ef-b728-6540bd5c9365"; } + ]; + services.btrfs.autoScrub.enable = true; networking = { @@ -78,6 +102,10 @@ 192.168.0.180 vewasmb.oekonzept.de 192.168.0.91 puppet.oekonzept.de 192.168.0.245 camt.oekonzept.net + 192.168.0.245 camt-cbg.oekonzept.net + 192.168.0.245 camt-eth.oekonzept.net + 192.168.0.245 camt-pro.oekonzept.net + 192.168.0.245 camt-swbfk.oekonzept.net 192.168.0.245 cloud.oekonzept.net 192.168.0.245 office.oekonzept.net 192.168.0.245 llama.oekonzept.net @@ -113,6 +141,7 @@ let automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; perm_opts = "uid=1000,gid=100"; + btrfs_opts = "autodefrag,compress=zstd,discard=async,noatime,space_cache=v2,ssd"; smb_opts = [ "vers=2.0,credentials=/home/tristand/.smb-secrets" perm_opts @@ -125,6 +154,36 @@ ]; in { + "/" = { + device = "/dev/mapper/crypted_1"; + fsType = "btrfs"; + options = [ + btrfs_opts + "subvol=_active/root" + ]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/3226-7E38"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + "/home" = { + device = "/dev/mapper/crypted_1"; + fsType = "btrfs"; + options = [ + btrfs_opts + "subvol=_active/home" + ]; + }; + "/nix" = { + device = "/dev/mapper/crypted_1"; + fsType = "btrfs"; + options = [ + btrfs_opts + "subvol=_active/nix" + ]; + }; + "/mnt/ServerF" = { # device = "//srv-nas-01.local/Server_F"; device = "//192.168.0.1/Server_F"; diff --git a/systems/nixos-pulse/disko.nix b/systems/nixos-pulse/disko.nix deleted file mode 100644 index edd813e..0000000 --- a/systems/nixos-pulse/disko.nix +++ /dev/null @@ -1,149 +0,0 @@ -let - cryptOpenArgs = [ - "--allow-discards" - "--perf-same_cpu_crypt" - "--perf-submit_from_crypt_cpus" - "--perf-no_read_workqueue" - "--perf-no_write_workqueue" - ]; -in -{ - disko.devices = { - disk = { - cryptroot_0 = { - type = "disk"; - device = "/dev/disk/by-id/nvme-eui.0000000623072487caf25b0310000017"; - content = { - type = "gpt"; - partitions = { - ESP = { - label = "fake_EFI"; - name = "fake_ESP"; - size = "512M"; - type = "8300"; - }; - luks = { - end = "-256G"; - content = { - type = "luks"; - name = "crypted_0"; - extraOpenArgs = cryptOpenArgs; - passwordFile = "/tmp/secret.key"; - additionalKeyFiles = [ ]; - # content is empty here as the btrfs partition will be created via extraArgs of the cryptroot_1 partition def - }; - }; - luksSwap = { - # size = "64G" - end = "-192G"; - content = { - type = "luks"; - name = "crypted_swap_0"; - extraOpenArgs = cryptOpenArgs; - passwordFile = "/tmp/secret.key"; - additionalKeyFiles = [ ]; - content = { - type = "swap"; - }; - }; - }; - }; - }; - }; - cryptroot_1 = { - type = "disk"; - device = "/dev/disk/by-id/nvme-eui.0000000623072487caf25b031000000d"; - content = { - type = "gpt"; - partitions = { - ESP = { - label = "real_EFI"; - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ - "defaults" - ]; - }; - }; - luks = { - end = "-256G"; - content = { - type = "luks"; - name = "crypted_1"; - extraOpenArgs = cryptOpenArgs; - passwordFile = "/tmp/secret.key"; - additionalKeyFiles = [ ]; - content = { - # this partiton needs to be in the last parent part alphabetically to ensure the referenced /crypted_0 dev already exists - type = "btrfs"; - extraArgs = [ - "-L btrfs_vault" - "-f" - "-m raid1" - "-d raid1" - "/dev/mapper/crypted_0" - ]; - subvolumes = { - "/_active" = { }; - "/_active/root" = { - mountpoint = "/"; - mountOptions = [ - "autodefrag" - "compress=zstd" - "discard=async" - "noatime" - "space_cache=v2" - "ssd" - ]; - }; - "/_active/home" = { - mountpoint = "/home"; - mountOptions = [ - "autodefrag" - "compress=zstd" - "discard=async" - "relatime" - "space_cache=v2" - "ssd" - ]; - }; - "/_active/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "autodefrag" - "compress=zstd" - "discard=async" - "noatime" - "space_cache=v2" - "ssd" - ]; - }; - }; - }; - }; - }; - luksSwap = { - end = "-192G"; - content = { - type = "luks"; - name = "crypted_swap_1"; - extraOpenArgs = cryptOpenArgs; - passwordFile = "/tmp/secret.key"; - additionalKeyFiles = [ ]; - content = { - type = "swap"; - resumeDevice = true; - }; - }; - }; - }; - }; - }; - }; - }; -}