From 5e456c54a78c8799f2f778d4f40a4778f15552f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Geoffrey=20=E2=80=9CFrogeye=E2=80=9D=20Preud=27homme?= Date: Wed, 29 Nov 2023 11:39:58 +0100 Subject: [PATCH] Add results from LUKS debugging session --- install_os.sh | 2 +- pindakaas_sd/disko-desired.nix | 64 +++++++++++++++++++++ pindakaas_sd/disko-hanging.nix | 38 ++++++++++++ pindakaas_sd/disko-working.nix | 32 +++++++++++ pindakaas_sd/disko.nix | 102 +-------------------------------- pindakaas_sd/os.nix | 8 ++- 6 files changed, 142 insertions(+), 104 deletions(-) create mode 100644 pindakaas_sd/disko-desired.nix create mode 100644 pindakaas_sd/disko-hanging.nix create mode 100644 pindakaas_sd/disko-working.nix mode change 100644 => 120000 pindakaas_sd/disko.nix diff --git a/install_os.sh b/install_os.sh index cf9a66c..1052206 100755 --- a/install_os.sh +++ b/install_os.sh @@ -7,7 +7,7 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) # Parse arguments function help { - echo "Usage: $0 profile [-e]" + echo "Usage: $0 [-e] [-h] profile" echo echo "Arguments:" echo " file: OS/disk profile to use" diff --git a/pindakaas_sd/disko-desired.nix b/pindakaas_sd/disko-desired.nix new file mode 100644 index 0000000..e31c34f --- /dev/null +++ b/pindakaas_sd/disko-desired.nix @@ -0,0 +1,64 @@ +{ + disko.devices = { + disk = { + pindakaas_sd = { + type = "disk"; + device = "/dev/disk/by-id/mmc-SN32G_0xfb19ae99"; + content = { + type = "gpt"; + partitions = { + ESP = { + # Needs enough to store multiple kernel generations + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "pindakaas_sd"; + #passwordFile = "/tmp/secret.key"; # Commented out so asked interactively + settings = { + # Not having SSDs die fast is more important than crypto + # nerds that could potentially discover which filesystem I + # use from TRIM patterns + allowDiscards = true; + }; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/nixos" = { + mountpoint = "/"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = [ "compress=zstd" "relatime" ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + # Maybe later + # "/swap" = { + # mountpoint = "/.swapvol"; + # swap.swapfile.size = "20M"; + # }; + }; + }; + }; + }; + }; + }; + }; + }; + } diff --git a/pindakaas_sd/disko-hanging.nix b/pindakaas_sd/disko-hanging.nix new file mode 100644 index 0000000..187c6db --- /dev/null +++ b/pindakaas_sd/disko-hanging.nix @@ -0,0 +1,38 @@ +{ + disko.devices = { + disk = { + vdb = { + type = "disk"; + device = "/dev/disk/by-id/mmc-SN32G_0xfb19ae99"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + settings.allowDiscards = true; + passwordFile = "/tmp/secret.key"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/pindakaas_sd/disko-working.nix b/pindakaas_sd/disko-working.nix new file mode 100644 index 0000000..8b682eb --- /dev/null +++ b/pindakaas_sd/disko-working.nix @@ -0,0 +1,32 @@ +{ + disko.devices = { + disk = { + vdb = { + type = "disk"; + device = "/dev/disk/by-id/mmc-SN32G_0xfb19ae99"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/pindakaas_sd/disko.nix b/pindakaas_sd/disko.nix deleted file mode 100644 index 2074c00..0000000 --- a/pindakaas_sd/disko.nix +++ /dev/null @@ -1,101 +0,0 @@ -{ - disko.devices = { - disk = { - pindakaas_sd = { - type = "disk"; - device = "/dev/disk/by-id/mmc-SN32G_0xfb19ae99"; - content = { - type = "gpt"; - partitions = { - ESP = { - # Needs enough to store multiple kernel generations - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ - "defaults" - ]; - }; - }; - root = { - size = "100%"; - # content = { - # type = "filesystem"; - # format = "ext4"; - # mountpoint = "/"; - # }; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/nixos" = { - mountpoint = "/"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/home" = { - mountpoint = "/home"; - mountOptions = [ "compress=zstd" "relatime" ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - # Maybe later - # "/swap" = { - # mountpoint = "/.swapvol"; - # swap.swapfile.size = "20M"; - # }; - }; - }; - }; - # FIXME Hang on Linux boot, for some reason - # luks = { - # size = "100%"; - # content = { - # type = "luks"; - # name = "pindakaas_sd"; - # # disable settings.keyFile if you want to use interactive password entry - # #passwordFile = "/tmp/secret.key"; # Interactive - # settings = { - # # Not having SSDs die fast is more important than crypto - # # nerds that could potentially discover which filesystem I - # # use from TRIM patterns - # allowDiscards = true; - # # keyFile = "/tmp/secret.key"; - # fallbackToPassword = true; # TEST - # }; - # # additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; - # content = { - # type = "btrfs"; - # extraArgs = [ "-f" ]; - # subvolumes = { - # "/nixos" = { - # mountpoint = "/"; - # mountOptions = [ "compress=zstd" "noatime" ]; - # }; - # "/home" = { - # mountpoint = "/home"; - # mountOptions = [ "compress=zstd" "relatime" ]; - # }; - # "/nix" = { - # mountpoint = "/nix"; - # mountOptions = [ "compress=zstd" "noatime" ]; - # }; - # # Maybe later - # # "/swap" = { - # # mountpoint = "/.swapvol"; - # # swap.swapfile.size = "20M"; - # # }; - # }; - # }; - # }; - # }; - }; - }; - }; - }; - }; -} diff --git a/pindakaas_sd/disko.nix b/pindakaas_sd/disko.nix new file mode 120000 index 0000000..5ce14d9 --- /dev/null +++ b/pindakaas_sd/disko.nix @@ -0,0 +1 @@ +disko-hanging.nix \ No newline at end of file diff --git a/pindakaas_sd/os.nix b/pindakaas_sd/os.nix index 87c9333..869e1de 100644 --- a/pindakaas_sd/os.nix +++ b/pindakaas_sd/os.nix @@ -1,11 +1,15 @@ { pkgs, config, ... }: { imports = [ - ../os + # START DEBUG + # ../os + # ./options.nix + "${builtins.fetchTarball "https://github.com/nix-community/disko/archive/3cb78c93e6a02f494aaf6aeb37481c27a2e2ee22.tar.gz"}/module.nix" + # END DEBUG ../pindakaas/hardware.nix ./disko.nix - ./options.nix ]; + nixpkgs.config.allowUnfree = true; # DEBUG networking.hostName = "pindakaas_sd"; }