1 #cwd := $(notdir $(patsubst %/,%,$(dir $(abspath $(lastword $(MAKEFILE_LIST))))))
2 #disk := /dev/disk/by-id/usb-Generic-_Multi-Card_20071114173400000-0:0
3 #disk := /dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_250GB_S4EUNJ0N211426T
5 disk_sd := /dev/disk/by-id/mmc-SB32G_0xdb5e2237
6 disk_nvme := /dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_250GB_S4EUNJ0N211426T
7 disk_ssd := /dev/disk/by-id/ata-Samsung_SSD_860_EVO_250GB_S3YJNX0K863141Y
12 #unicode_normalization := formD
15 sudo $$(which sgdisk) --zap-all $(disk_sd)
17 sudo zpool labelclear -f /dev/disk/by-partlabel/$(server)_nvme_rpool || true
19 sudo $$(which sgdisk) --zap-all $(disk_ssd)
20 sudo zpool labelclear -f /dev/disk/by-partlabel/$(server)_ssd_rpool || true
22 part: wipe-sd wipe-nvme wipe-ssd
24 sudo $$(which sgdisk) -a1 -n0:34:2047 -t0:EF02 -c0:"$(server)_sd_bios" $(disk_sd)
25 sudo $$(which sgdisk) -n0:1M:+100M -t0:EF00 -c0:"$(server)_sd_efi" $(disk_sd)
26 sudo $$(which sgdisk) -n0:0:+256M -t0:8300 -c0:"$(server)_sd_boot" $(disk_sd)
27 sudo $$(which sgdisk) --randomize-guids $(disk_sd)
28 sudo $$(which sgdisk) --backup=$(server)_sd.sgdisk $(disk_sd)
30 sudo $$(which sgdisk) -n0:0:+8G -t0:8200 -c0:"$(server)_nvme_swap" $(disk_nvme)
31 sudo $$(which sgdisk) -n0:0:0 -t0:BF01 -c0:"$(server)_nvme_rpool" $(disk_nvme)
32 sudo $$(which sgdisk) --randomize-guids $(disk_nvme)
33 sudo $$(which sgdisk) --backup=$(server)_nvme.sgdisk $(disk_nvme)
35 sudo $$(which sgdisk) -a1 -n0:34:2047 -t0:EF02 -c0:"$(server)_ssd_bios" $(disk_ssd)
36 sudo $$(which sgdisk) -n0:1M:+100M -t0:EF00 -c0:"$(server)_ssd_efi" $(disk_ssd)
37 sudo $$(which sgdisk) -n0:0:+256M -t0:8300 -c0:"$(server)_ssd_boot" $(disk_ssd)
38 sudo $$(which sgdisk) -n0:0:+8G -t0:8200 -c0:"$(server)_ssd_swap" $(disk_ssd)
39 sudo $$(which sgdisk) -n0:0:0 -t0:BF01 -c0:"$(server)_ssd_rpool" $(disk_ssd)
40 sudo $$(which sgdisk) --randomize-guids $(disk_ssd)
41 sudo $$(which sgdisk) --backup=$(server)_ssd.sgdisk $(disk_ssd)
43 format: umount format-sd-efi format-sd-boot format-nvme-rpool format-ssd-efi format-ssd-boot format-ssd-mirror
45 sudo blkid /dev/disk/by-partlabel/$(server)_sd_efi -t TYPE=vfat || \
46 sudo mkfs.vfat -F 16 -s 1 -n EFI /dev/disk/by-partlabel/$(server)_sd_efi
48 sudo mkdir -p /mnt/$(server)
49 sudo blkid -t TYPE=ext2 /dev/disk/by-partlabel/$(server)_sd_boot; test $$? != 2 || \
50 sudo mkfs.ext2 /dev/disk/by-partlabel/$(server)_sd_boot
52 sudo zpool list $(rpool) 2>/dev/null || \
53 sudo zpool create -o ashift=12 \
54 $(if $(cipher),-O encryption=$(cipher) \
55 -O keyformat=passphrase \
56 -O keylocation=prompt) \
57 $(if $(unicode_normalization),-O normalization=$(unicode_normalization)) \
58 -R /mnt/$(server) $(rpool) /dev/disk/by-partlabel/$(server)_nvme_root
60 autotrim=$(autotrim) \
72 # https://nixos.wiki/wiki/NixOS_on_ZFS#Reservations
73 sudo zfs list $(rpool)/reserved 2>/dev/null || \
74 sudo zfs create -o canmount=off -o mountpoint=none $(rpool)/reserved
75 sudo zfs set refreservation=$(reservation) $(rpool)/reserved
77 # mountpoint=legacy is required to let NixOS mount the ZFS filesystems.
78 sudo zfs list $(rpool)/root 2>/dev/null || \
81 -o mountpoint=legacy \
84 #sudo zfs list bpool/boot 2>/dev/null || \
87 # -o mountpoint=legacy \
98 sudo zfs list $(rpool)/"$$p" 2>/dev/null || \
101 -o mountpoint=legacy \
105 com.sun:auto-snapshot=false \
108 com.sun:auto-snapshot=false \
111 com.sun:auto-snapshot=false \
115 sudo blkid /dev/disk/by-partlabel/$(server)_ssd_efi -t TYPE=vfat || \
116 sudo mkfs.vfat -F 32 -s 1 -n EFI /dev/disk/by-partlabel/$(server)_ssd_efi
118 sudo blkid -t TYPE=ext2 /dev/disk/by-partlabel/$(server)_ssd_boot; test $$? != 2 || \
119 sudo mkfs.ext2 /dev/disk/by-partlabel/$(server)_ssd_boot
121 sudo zpool attach $(rpool) $(disk_nvme)-part5 $(disk_ssd)-part5
123 mount: mount-rpool mount-boot mount-efi
126 sudo zpool list $(rpool) || \
127 sudo zpool import -f $(rpool)
128 # load encryption key
129 sudo zfs get -H encryption $(rpool) | \
130 grep -q '^$(rpool)\s*encryption\s*off' || \
131 sudo zfs get -H keystatus $(rpool) | \
132 grep -q '^$(rpool)\s*keystatus\s*available' || \
133 sudo zfs load-key $(rpool)
135 sudo mkdir -p /mnt/$(server)
136 sudo mountpoint /mnt/$(server) || \
137 sudo mount -v -t zfs $(rpool)/root /mnt/$(server)
147 sudo mkdir -p /mnt/$(server)/"$$p"; \
148 sudo mountpoint /mnt/$(server)/"$$p" || \
149 sudo mount -v -t zfs $(rpool)/"$$p" /mnt/$(server)/"$$p" ; \
151 sudo chmod 1777 /mnt/$(server)/var/tmp
153 sudo mkdir -p /mnt/$(server)/boot
154 sudo mountpoint /mnt/$(server)/boot || \
155 sudo mount -v /dev/disk/by-partlabel/$(server)_sd_boot /mnt/$(server)/boot
156 #sudo mount -v -t zfs bpool/boot /mnt/$(server)/boot
157 mount-efi: | mount-boot
158 sudo mkdir -p /mnt/$(server)/boot/efi
159 sudo mountpoint /mnt/$(server)/boot/efi || \
160 sudo mount -v /dev/disk/by-partlabel/$(server)_sd_efi /mnt/$(server)/boot/efi
163 # Workaround https://dev.gnupg.org/T3908
164 chmod o+rw $$GPG_TTY $$XAUTHORITY
166 sudo --preserve-env \
167 NIXOS_CONFIG="$$PWD/install.nix" \
168 $$(which nixos-install) \
169 --root /mnt/$(server) \
174 # End workaround https://dev.gnupg.org/T3908
175 chmod o-rw $$GPG_TTY $$XAUTHORITY
177 sudo sourcephile-shred-tmp
191 ! sudo mountpoint /mnt/$(server)/"$$p" || \
192 sudo umount -v /mnt/$(server)/"$$p" ; \
194 ! sudo zpool list $(rpool) 2>/dev/null || \
195 zfs get -H encryption $(rpool) | \
196 grep -q '^$(rpool)\s*encryption\s*off' || \
197 zfs get -H keystatus $(rpool) | \
198 grep -q '^$(rpool)\s*keystatus\s*unavailable' || \
199 sudo zfs unload-key $(rpool)
200 #! sudo zpool list bpool 2>/dev/null || \
201 #sudo zpool export bpool
202 ! sudo zpool list $(rpool) 2>/dev/null || \
203 sudo zpool export $(rpool)
206 pass hosts/$(server)/zfs/rpool | \
207 NIXOPS_DEPLOYMENT="$${NIXOPS_DEPLOYMENT:-$(LOSURDO_DEPLOYMENT)}" \
208 nixops ssh $(server) -p 2222 'zfs load-key $(rpool) && pkill zfs'