ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

more bcache stuff

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-12-14 15:31:33 -06:00
parent e04a8583bb
commit b333a27745
2 changed files with 116 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

16
hosts/i001/hardware-mounts.nix
View file

@ -11,6 +11,8 @@ let
USB_KEY = "/dev/disk/by-uuid/9985-EBD1"; USB_KEY = "/dev/disk/by-uuid/9985-EBD1";
inherit (utils) escapeSystemdPath; inherit (utils) escapeSystemdPath;
primaryDeviceUnit = "${escapeSystemdPath PRIMARY}.device";
in in
{ {
# BOOT # BOOT
@ -109,12 +111,9 @@ in
wantedBy = [ "initrd.target" ]; wantedBy = [ "initrd.target" ];
before = [ "sysroot.mount" ]; before = [ "sysroot.mount" ];
# Wait for udev so the /dev/disk/by-uuid path and the USB key appear requires = [ primaryDeviceUnit ];
requires = [ "systemd-udev-settle.service" ]; after = [ primaryDeviceUnit ];
after = [ "systemd-udev-settle.service" ];
serviceConfig = {
Type = "oneshot";
# NOTE: put the real password here, or better: read it from USB_KEY # NOTE: put the real password here, or better: read it from USB_KEY
# ExecStart = '' # ExecStart = ''
# /bin/sh -c 'echo "password" | ${pkgs.bcachefs-tools}/bin/bcachefs unlock ${PRIMARY}' # /bin/sh -c 'echo "password" | ${pkgs.bcachefs-tools}/bin/bcachefs unlock ${PRIMARY}'
@ -126,13 +125,12 @@ in
# We inline a script that roughly mimics tryUnlock + openCommand behavior, # We inline a script that roughly mimics tryUnlock + openCommand behavior,
# but uses a key file from the USB stick instead of systemd-ask-password. # but uses a key file from the USB stick instead of systemd-ask-password.
ExecStart = '' script = ''
/bin/sh -eu
echo "Using test password..." echo "Using test password..."
echo "test" | ${pkgs.bcachefs-tools}/bin/bcachefs unlock "${PRIMARY}" echo "test" | ${pkgs.bcachefs-tools}/bin/bcachefs unlock "${PRIMARY}"
echo "bcachefs unlock successful for ''${DEVICE}" echo "bcachefs unlock successful for ${PRIMARY}"
''; '';
};
}; };
}; };

96
utilities/nixos-installers/install_bcachefs.md Normal file
View file

@ -0,0 +1,96 @@
# Install nix minimal with bcachefs filesystem
- optional encryption
- optional auto unlock with USB key
- custom iso installer
- `nix build .\#packages.x86_64-linux.iso-minimal-stable`
## Format main drive with boot partition
### Partition with GPT
```sh
DEVICE=sda
parted /dev/$DEVICE -- mklabel gpt
parted /dev/$DEVICE -- mkpart ESP fat32 1MB 2GB
parted /dev/$DEVICE -- set 1 esp on
# TODO make swap partition instead here? Bcachefs not working with swapfile
parted /dev/$DEVICE -- mkpart PRIMARY 2GB 100%
```
### Format partitions
- boot
```sh
BOOT=sda1
mkfs.fat -F 32 -n BOOT /dev/$BOOT
```
- primary
```sh
PRIMARY=sda2
keyctl link @u @s
bcachefs format --label=nixos --encrypted /dev/$PRIMARY
bcachefs unlock /dev/$PRIMARY
```
### Setup subvolumes
```sh
# keyctl link @u @s
# TODO check this is it 7 or 8 for print?
U=$(lsblk -o fsType,uuid | grep bcachefs | awk '{print $2}')
echo $U
mount /dev/disk/by-uuid/$U /mnt
bcachefs subvolume create /mnt/@root
bcachefs subvolume create /mnt/@nix
bcachefs set-file-option /mnt/@nix --compression=zstd
bcachefs subvolume create /mnt/@snapshots
bcachefs set-file-option /mnt/@snapshots --compression=zstd
bcachefs subvolume create /mnt/@swap
bcachefs set-file-option /mnt/@swap --nocow
bcachefs subvolume create /mnt/@persist
umount /mnt
```
> Tip `getfattr -d -m '^bcachefs\.' filename`
> Note: Format any additional drives if you need to
### Mount subvolumes
```sh
DEV_B="/dev/disk/by-uuid/"$(lsblk -o NAME,UUID | grep $BOOT | awk '{print $2}')
DEV_P="/dev/disk/by-uuid/"$(lsblk -o NAME,UUID | grep $PRIMARY | awk '{print $2}')
mount -t bcachefs -o X-mount.subdir=@root $DEV_P /mnt
mount -t vfat $DEV_B /mnt/boot --mkdir
mount -t bcachefs -o X-mount.mkdir,X-mount.subdir=@nix,relatime $DEV_P /mnt/nix
mount -t bcachefs -o X-mount.mkdir,X-mount.subdir=@snapshots,relatime $DEV_P /mnt/.snapshots
mount -t bcachefs -o X-mount.mkdir,X-mount.subdir=@swap,noatime $DEV_P /mnt/.swap
mount -t bcachefs -o X-mount.mkdir,X-mount.subdir=@persist $DEV_P /mnt/persist
```
### Generate hardware config
```sh
nixos-generate-config --root /mnt
```
- Copy useful bits out into real config in repo
- Run nixos-install
```sh
nixos-install --flake "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=hosts/i001#i001"
# nh os switch "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=hosts/i001#i001"
```
or from host machine? TODO haven't tried this fully
```sh
NIX_SSHOPTS="-i /run/agenix/nix2nix" sudo nixos-rebuild switch --flake "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=hosts/i001#i001" --target-host luser@10.12.14.157 --build-host localhost
```