nix/devices: implement disk-prepare
This commit is contained in:
parent
1f14b36557
commit
afd4bb95f9
5 changed files with 136 additions and 83 deletions
|
|
@ -1,28 +1,11 @@
|
|||
{ lib
|
||||
, config
|
||||
, ... }:
|
||||
with lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.hardware.encryptedDisk;
|
||||
|
||||
|
||||
volumeGroup = cfg.diskId;
|
||||
|
||||
# This is important at install-time
|
||||
bootGrubDevice = lib.concatStrings [ "/dev/disk/by-id/" cfg.diskId ];
|
||||
|
||||
# These are guaranteed by LVM
|
||||
rootFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/root" ];
|
||||
swapFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/swap" ];
|
||||
|
||||
# TODO: verify the GPT PARTLABEL cap at 36 chars
|
||||
shortenPartlabel = name: (builtins.substring 0 36 name);
|
||||
# Cannot use the disk ID here because might be different at install vs. runtime.
|
||||
# Example: MMC card which is used in the internal reader vs. USB reader
|
||||
bootFsDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" (shortenPartlabel ("2-"+cfg.diskId))];
|
||||
bootLuksDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" (shortenPartlabel ("3-"+cfg.diskId))];
|
||||
|
||||
ownLib = import ../lib/default.nix { };
|
||||
in {
|
||||
options.hardware.encryptedDisk = {
|
||||
enable = mkEnableOption "Enable encrypted filesystem layout";
|
||||
|
|
@ -32,39 +15,39 @@ in {
|
|||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
fileSystems."/boot" = {
|
||||
device = bootFsDevice;
|
||||
fileSystems."/boot" = {
|
||||
device = (ownLib.disk.bootFsDevice cfg.diskId);
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
fileSystems."/" = {
|
||||
device = rootFsDevice;
|
||||
device = (ownLib.disk.rootFsDevice cfg.diskId);
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=nixos" ];
|
||||
};
|
||||
|
||||
fileSystems."/home" = {
|
||||
device = rootFsDevice;
|
||||
device = (ownLib.disk.rootFsDevice cfg.diskId);
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=home" ];
|
||||
};
|
||||
|
||||
swapDevices = [ { device = swapFsDevice; } ];
|
||||
swapDevices = [ { device = (ownLib.disk.swapFsDevice cfg.diskId); } ];
|
||||
|
||||
boot.loader.grub = {
|
||||
device = bootGrubDevice;
|
||||
device = (ownLib.disk.bootGrubDevice cfg.diskId);
|
||||
enableCryptodisk = true;
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices = [
|
||||
boot.initrd.luks.devices = [
|
||||
{
|
||||
name =
|
||||
let
|
||||
splitstring = builtins.split "/" bootLuksDevice;
|
||||
name =
|
||||
let
|
||||
splitstring = builtins.split "/" (ownLib.disk.bootLuksDevice cfg.diskId);
|
||||
lastelem = (builtins.length splitstring)-1;
|
||||
in
|
||||
builtins.elemAt splitstring lastelem;
|
||||
device = bootLuksDevice;
|
||||
in
|
||||
builtins.elemAt splitstring lastelem;
|
||||
device = (ownLib.disk.bootLuksDevice cfg.diskId);
|
||||
preLVM = true;
|
||||
allowDiscards = true;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue