From f94d349398801414bf991327f46c9fe12d07b32b Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 4 Nov 2018 23:56:36 +0100 Subject: [PATCH] nix/os: more work on partition handling --- Justfile | 26 +++++++++++++++++++++++--- nix/os/devices/default.nix | 4 ++-- nix/os/modules/encryptedDisk.nix | 14 ++++++++++++-- 3 files changed, 37 insertions(+), 7 deletions(-) diff --git a/Justfile b/Justfile index eba55da..18b7c37 100755 --- a/Justfile +++ b/Justfile @@ -76,15 +76,35 @@ hm-iterate-qtile: # Sorry, this is a manual step for now. Please see nix/os/modules/encryptedDisk.nix for the layout disk-prepare: echo NOT IMPLEMENTED + # GPT partition table + # part1: size: 1MiB type: 4 BIOS BOOT + # part2: size: 512MiB label: 2-DISKID (36 char limit?) + # part3: size: * label: 3-DISKID (36 char limit?) + # cryptsetup format part3 + # vgcreate DISKID part3 + # lvcreate DISKID -L 8G -n swap + # lvcreate DISKID -l 100%FREE -n root + # sudo mkfs.vfat -F32 part2 + # sudo mkfs.btrfs /dev/DISKID/root + # sudo mkswap /dev/DISKID/swap + # sudo mount /dev/DISKID/root /mnt + # sudo btrfs subvolume create nixos + # sudo btrfs subvolume create home + # sudo mount /dev/disk/by-partlabel/3-DISKID /mnt/DISKID-root + # pushd /dev/disk/by-partlabel/3-DISKID /mnt/DISKID-root + # sudo btrfs subvolume create nixos + # sudo mkdir nixos/{boot,home} + # sudo btrfs subvolume create home + # # Mount the target disk specified by device configuration directory. The 'dir' argument points to a device configuration, e.g. 'nix/os/devices/steveej-live-mmc-SL32G_0x259093f6' disk-mount dir: - just -v _device diskMount {{dir}} + just -v _device diskMount {{dir}} --argstr rebuildarg "dummy" # Unmount target disk, specified by device configuration directory disk-umount dir: - just -v _device diskUmount {{dir}} + just -v _device diskUmount {{dir}} --argstr rebuildarg "dummy" # Perform an offline installation on the mounted the target disk, specified by device configuration directory disk-install dir: - just -v _device diskInstall {{dir}} + just -v _device diskInstall {{dir}} --argstr rebuildarg "dummy" diff --git a/nix/os/devices/default.nix b/nix/os/devices/default.nix index 071d1e8..7c620af 100644 --- a/nix/os/devices/default.nix +++ b/nix/os/devices/default.nix @@ -31,12 +31,12 @@ in { ID=${diskId} echo Mounting $ID set -xe - cryptsetup luksOpen /dev/disk/by-partlabel/$ID-part3 $ID-part3 + cryptsetup luksOpen /dev/disk/by-id/$ID-part3 $ID-part3 vgchange -ay $ID mkdir -p /mnt/$ID-root mount /dev/$ID/root /mnt/$ID-root -o subvol=nixos mount /dev/$ID/root /mnt/$ID-root/home -o subvol=home - mount /dev/disk/by-partlabel/$ID-part2 /mnt/$ID-root/boot + mount /dev/disk/by-id/$ID-part2 /mnt/$ID-root/boot ''; diskUmount = pkgs.writeScript "script" '' diff --git a/nix/os/modules/encryptedDisk.nix b/nix/os/modules/encryptedDisk.nix index 74e865c..961a99c 100644 --- a/nix/os/modules/encryptedDisk.nix +++ b/nix/os/modules/encryptedDisk.nix @@ -6,13 +6,23 @@ with lib; let cfg = config.hardware.encryptedDisk; + volumeGroup = cfg.diskId; + + # This is important at install-time bootGrubDevice = lib.concatStrings [ "/dev/disk/by-id/" cfg.diskId ]; - bootFsDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" cfg.diskId "-part2" ]; - bootLuksDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" cfg.diskId "-part3" ]; + + # These are guaranteed by LVM rootFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/root" ]; swapFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/swap" ]; + # TODO: verify the GPT PARTLABEL cap at 36 chars + shortenPartlabel = name: (builtins.substring 0 36 name); + # Cannot use the disk ID here because might be different at install vs. runtime. + # Example: MMC card which is used in the internal reader vs. USB reader + bootFsDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" (shortenPartlabel ("2-"+cfg.diskId))]; + bootLuksDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" (shortenPartlabel ("3-"+cfg.diskId))]; + in { options.hardware.encryptedDisk = { enable = mkEnableOption "Enable encrypted filesystem layout";