]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/aubergine/Makefile
patate: wireguard: disable wg-intra
[julm/julm-nix.git] / hosts / aubergine / Makefile
1 #cwd := $(notdir $(patsubst %/,%,$(dir $(abspath $(lastword $(MAKEFILE_LIST))))))
2 hostName := aubergine
3 disk_sd := /dev/disk/by-id/mmc-SU08G_0xb0320f0f
4 disk_ssd := /dev/disk/by-id/ata-YMTC_JGS_2201060101833
5 rpool := $(hostName)
6 #cipher := aes-128-gcm
7 cipher :=
8 autotrim := on
9 reservation := 1G
10 compression := zstd
11
12 wipe-sd:
13 sudo sgdisk --zap-all $(disk_sd)
14 wipe-ssd:
15 sudo sgdisk --zap-all $(disk_ssd)
16 sudo zpool labelclear -f /dev/disk/by-partlabel/$(hostName)_ssd_root || true
17
18 part: part-sd part-ssd
19 part-sd: wipe-sd
20 sudo sgdisk -a1 -n0:34:2047 -t0:EF02 -c0:"$(hostName)_sd_bios" $(disk_sd)
21 sudo sgdisk -n0:1M:+100M -t0:EF00 -c0:"$(hostName)_sd_efi" $(disk_sd)
22 sudo sgdisk -n0:0:0 -t0:8300 -c0:"$(hostName)_sd_root" $(disk_sd)
23 sudo sgdisk --randomize-guids $(disk_sd)
24 sudo sgdisk --backup=$(hostName)_sd.sgdisk $(disk_sd)
25 part-ssd: wipe-ssd
26 sudo sgdisk -a1 -n0:34:2047 -t0:EF02 -c0:"$(hostName)_ssd_bios" $(disk_ssd)
27 sudo sgdisk -n0:1M:+100M -t0:EF00 -c0:"$(hostName)_ssd_efi" $(disk_ssd)
28 sudo sgdisk -n0:0:+256M -t0:8300 -c0:"$(hostName)_ssd_boot" $(disk_ssd)
29 sudo sgdisk -n0:0:+2G -t0:8200 -c0:"$(hostName)_ssd_swap" $(disk_ssd)
30 sudo sgdisk -n0:0:0 -t0:BF01 -c0:"$(hostName)_ssd_root" $(disk_ssd)
31 sudo sgdisk --randomize-guids $(disk_ssd)
32 sudo sgdisk --backup=$(hostName)_ssd.sgdisk $(disk_ssd)
33
34 format-sd: format-sd-root format-sd-efi
35 format-sd-efi:
36 sudo blkid /dev/disk/by-partlabel/$(hostName)_sd_efi -t TYPE=vfat || \
37 sudo mkfs.vfat -F 32 -s 1 -n EFI /dev/disk/by-partlabel/$(hostName)_sd_efi
38 format-sd-root:
39 sudo mkdir -p /mnt/install/$(hostName)
40 sudo blkid -t TYPE=ext4 /dev/disk/by-partlabel/$(hostName)_sd_root; test $$? != 2 || \
41 sudo mkfs.ext4 /dev/disk/by-partlabel/$(hostName)_sd_root
42 format-ssd: format-ssd-root format-ssd-efi format-ssd-boot
43 format-ssd-efi:
44 sudo blkid /dev/disk/by-partlabel/$(hostName)_ssd_efi -t TYPE=vfat || \
45 sudo mkfs.vfat -F 32 -s 1 -n EFI /dev/disk/by-partlabel/$(hostName)_ssd_efi
46 format-ssd-boot:
47 sudo blkid -t TYPE=ext4 /dev/disk/by-partlabel/$(hostName)_ssd_boot; test $$? != 2 || \
48 sudo mkfs.ext4 /dev/disk/by-partlabel/$(hostName)_ssd_boot
49 format-ssd-root:
50 sudo zpool list $(rpool) 2>/dev/null || \
51 sudo zpool create -o ashift=12 \
52 -O utf8only=on \
53 -R /mnt/install/$(hostName) $(rpool) /dev/disk/by-partlabel/$(hostName)_ssd_root
54 sudo zpool set \
55 autotrim=$(autotrim) \
56 $(rpool)
57 sudo zfs set \
58 acltype=off \
59 atime=off \
60 canmount=off \
61 compression=$(compression) \
62 dnodesize=auto \
63 relatime=on \
64 xattr=off \
65 mountpoint=/ \
66 $(rpool)
67 # https://nixos.wiki/wiki/NixOS_on_ZFS#Reservations
68 sudo zfs list $(rpool)/reserved 2>/dev/null || \
69 sudo zfs create -o canmount=off -o mountpoint=none $(rpool)/reserved
70 sudo zfs set refreservation=$(reservation) $(rpool)/reserved
71 # /
72 # mountpoint=legacy is required to let NixOS mount the ZFS filesystems.
73 sudo zfs list $(rpool)/root 2>/dev/null || \
74 sudo zfs create \
75 -o canmount=on \
76 -o mountpoint=legacy \
77 $(rpool)/root
78 # /*
79 for p in \
80 nix \
81 home \
82 var \
83 ; do \
84 sudo zfs list $(rpool)/"$$p" 2>/dev/null || \
85 sudo zfs create \
86 -o canmount=on \
87 -o mountpoint=legacy \
88 $(rpool)/"$$p" ; \
89 done
90 for p in \
91 ; do \
92 sudo zfs list $(rpool)/"$$p" 2>/dev/null || \
93 sudo zfs create \
94 -o canmount=on \
95 -o mountpoint=legacy \
96 $(if $(cipher),-O encryption=$(cipher) \
97 -o keyformat=passphrase \
98 -o keylocation=prompt) \
99 $(rpool)/"$$p" ; \
100 done
101 #sudo zfs set sync=disabled $(rpool)/var/tmp
102 #sudo zfs set copies=2 $(rpool)/home/files
103
104 mount-sd: mount-sd-root mount-sd-efi
105 mount-sd-root:
106 sudo mkdir -p /mnt/install/$(hostName)
107 sudo mountpoint /mnt/install/$(hostName) || \
108 sudo mount -v /dev/disk/by-partlabel/$(hostName)_sd_root /mnt/install/$(hostName)
109 mount-sd-efi: | mount-sd-root
110 sudo mkdir -p /mnt/install/$(hostName)/boot/efi
111 sudo mountpoint /mnt/install/$(hostName)/boot/efi || \
112 sudo mount -v /dev/disk/by-partlabel/$(hostName)_sd_efi /mnt/install/$(hostName)/boot/efi
113
114 mount-ssd: mount-ssd-root mount-ssd-efi
115 mount-ssd-root:
116 sudo mkdir -p /mnt/install/$(hostName)
117 sudo zpool list $(hostName) || \
118 sudo zpool import -R /mnt/install/$(hostName) $(hostName)
119 sudo mountpoint /mnt/install/$(hostName) || \
120 sudo mount -v -t zfs $(hostName)/root /mnt/install/$(hostName)
121 for p in nix home var; do \
122 sudo mkdir -p /mnt/install/$(hostName)/$$p; \
123 sudo mountpoint /mnt/install/$(hostName)/$$p || \
124 sudo mount -v -t zfs $(hostName)/$$p /mnt/install/$(hostName)/$$p; \
125 done
126 mount-ssd-efi: | mount-ssd-root
127 sudo mkdir -p /mnt/install/$(hostName)/boot
128 sudo mountpoint /mnt/install/$(hostName)/boot || \
129 sudo mount -v /dev/disk/by-partlabel/$(hostName)_ssd_boot /mnt/install/$(hostName)/boot
130 sudo mkdir -p /mnt/install/$(hostName)/boot/efi
131 sudo mountpoint /mnt/install/$(hostName)/boot/efi || \
132 sudo mount -v /dev/disk/by-partlabel/$(hostName)_ssd_efi /mnt/install/$(hostName)/boot/efi
133
134 bootstrap:
135 mountpoint /mnt/install/$(hostName)
136
137 # Workaround https://dev.gnupg.org/T3908
138 chmod o+rw $$GPG_TTY $$XAUTHORITY
139
140 sudo --preserve-env \
141 $$(which nixos-install) \
142 --root /mnt/install/$(hostName) \
143 --flake '.#$(hostName)' \
144 --no-root-passwd \
145 --no-channel-copy \
146 --show-trace
147
148 # End workaround https://dev.gnupg.org/T3908
149 chmod o-rw $$GPG_TTY $$XAUTHORITY
150
151 umount:
152 for p in \
153 boot/efi \
154 boot \
155 home \
156 nix \
157 var/cache \
158 var/log \
159 var/tmp \
160 var \
161 "" \
162 ; do \
163 ! sudo mountpoint /mnt/install/$(hostName)/"$$p" || \
164 sudo umount -v /mnt/install/$(hostName)/"$$p" ; \
165 done
166 ! sudo zpool list $(rpool) 2>/dev/null || \
167 zfs get -H encryption $(rpool) | \
168 grep -q '^$(rpool)\s*encryption\s*off' || \
169 zfs get -H keystatus $(rpool) | \
170 grep -q '^$(rpool)\s*keystatus\s*unavailable' || \
171 sudo zfs unload-key $(rpool)
172 #! sudo zpool list bpool 2>/dev/null || \
173 #sudo zpool export bpool
174 ! sudo zpool list $(rpool) 2>/dev/null || \
175 sudo zpool export $(rpool)