diff options
| author | Christoph Cullmann <christoph@cullmann.io> | 2024-08-18 20:56:11 +0200 |
|---|---|---|
| committer | Christoph Cullmann <christoph@cullmann.io> | 2024-08-18 20:56:11 +0200 |
| commit | c9ecc529f02c8ac9afccba71e3dd4983951ed7d9 (patch) | |
| tree | 0c239c0ba5d0918194b248b1a94a70a5c81a6b8d | |
| parent | e2a08a87ba8cf0155df51b4e69bcb6800da5ef8d (diff) | |
use luks with btrfs, bcachefs multi device mount is incompatible with the world
| -rw-r--r-- | mini/hardware-configuration.nix | 10 | ||||
| -rw-r--r-- | mini/install.txt | 22 |
2 files changed, 21 insertions, 11 deletions
diff --git a/mini/hardware-configuration.nix b/mini/hardware-configuration.nix index 9adbd15..368766f 100644 --- a/mini/hardware-configuration.nix +++ b/mini/hardware-configuration.nix @@ -14,13 +14,17 @@ fileSystems."/boot" = { device = "/dev/disk/by-id/nvme-CT4000P3PSSD8_2325E6E63746-part1"; fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; neededForBoot = true; }; - # /nix encrypted bcachefs for the remaining space + # /nix encrypted btrfs for the remaining space + boot.initrd.luks.devices."crypt0".device = "/dev/disk/by-id/nvme-CT4000P3PSSD8_2325E6E63746-part2"; + boot.initrd.luks.devices."crypt1".device = "/dev/disk/by-id/ata-CT2000MX500SSD1_2138E5D5061F"; fileSystems."/nix" = - { device = "/dev/disk/by-id/nvme-CT4000P3PSSD8_2325E6E63746-part2:/dev/disk/by-id/ata-CT2000MX500SSD1_2138E5D5061F"; - fsType = "bcachefs"; + { device = "/dev/mapper/crypt0"; + fsType = "btrfs"; + options = [ "device=/dev/mapper/crypt1" ]; neededForBoot = true; }; diff --git a/mini/install.txt b/mini/install.txt index e456d83..a9daacd 100644 --- a/mini/install.txt +++ b/mini/install.txt @@ -10,10 +10,6 @@ passwd # install script below # -# fix unlocking https://nixos.wiki/wiki/Bcachefs -nix-env -iA nixos.keyutils -keyctl link @u @s - # # kill old efi boot stuff # @@ -68,8 +64,16 @@ mkfs.fat -F 32 -n EFIBOOT $DISK-part1 sleep 5 -# create encrypted bcachefs over all disks, use only fast lz4 compression -bcachefs format --block_size=4096 --errors=ro --compression=lz4 --wide_macs --acl --encrypted --fs_label=nix --discard -f $DISK-part2 $DISK2 +# create the crypto containers with proper 4k sectors +cryptsetup luksFormat --sector-size 4096 --batch-mode --verify-passphrase $DISK-part2 +cryptsetup luksFormat --sector-size 4096 --batch-mode --verify-passphrase $DISK2 + +# open the containers +cryptsetup luksOpen $DISK-part2 crypt0 +cryptsetup luksOpen $DISK2 crypt1 + +# create one large btrfs on them, RAID0 with strong checksum +mkfs.btrfs -f -d raid0 -m raid0 --checksum blake2 --features block-group-tree --label nix /dev/mapper/crypt0 /dev/mapper/crypt1 sleep 5 @@ -82,8 +86,8 @@ mkdir -p /mnt/{nix,home,boot,root,etc/nixos} # mount the ESP mount $DISK-part1 /mnt/boot -# mount large bcachefs -mount -t bcachefs $DISK-part2:$DISK2 /mnt/nix +# mount large btrfs +mount -t btrfs /dev/mapper/crypt0 -o device=/dev/mapper/crypt1 /mnt/nix # ensure tmp fills not the RAM mkdir -p /mnt/tmp /mnt/nix/tmp @@ -118,6 +122,8 @@ nixos-install --option experimental-features 'nix-command flakes' --no-root-pass # unmount all stuff and sync umount -Rl /nix/data /mnt +cryptsetup luksClose crypt0 +cryptsetup luksClose crypt1 sync # sync all /data after the install |