]> Git — Sourcephile - sourcephile-nix.git/blob - bootstrap/mermet/Makefile.make
sourcephile / git / sourcephile-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
nix: add bootstrap/mermet/
[sourcephile-nix.git] / bootstrap / mermet / Makefile.make
1 mermet_mnt := mermet
2 mermet_rpool := rpool
3 mermet_bpool := bpool
4 mermet_disk := $(shell sed -ne 's/^device: \(.*\)/\1/p' bootstrap/$(mermet_mnt)/etc/sfdisk.txt)
5 mermet_cipher := aes-128-gcm
6
7 mermet-partition:
8 sudo modprobe zfs
9 sudo $$(which sfdisk) $(mermet_disk) <bootstrap/$(mermet_mnt)/etc/sfdisk.txt
10 #sudo $$(which sgdisk) --randomize-guids $(mermet_disk)
11 sudo partprobe
12
13 mermet-format:
14 # DOC: https://github.com/zfsonlinux/zfs/wiki/Debian-Buster-Root-on-ZFS
15 sudo mkdir -p /mnt/$(mermet_mnt)
16 # bpool
17 sudo zpool list $(mermet_bpool) 2>/dev/null || \
18 # NOTE: enable only ZFS features supported by GRUB
19 sudo zpool create -o ashift=12 -d \
20 -o feature@allocation_classes=enabled \
21 -o feature@async_destroy=enabled \
22 -o feature@bookmarks=enabled \
23 -o feature@embedded_data=enabled \
24 -o feature@empty_bpobj=enabled \
25 -o feature@enabled_txg=enabled \
26 -o feature@extensible_dataset=enabled \
27 -o feature@filesystem_limits=enabled \
28 -o feature@hole_birth=enabled \
29 -o feature@large_blocks=enabled \
30 -o feature@lz4_compress=enabled \
31 -o feature@project_quota=enabled \
32 -o feature@resilver_defer=enabled \
33 -o feature@spacemap_histogram=enabled \
34 -o feature@spacemap_v2=enabled \
35 -o feature@userobj_accounting=enabled \
36 -o feature@zpool_checkpoint=enabled \
37 -O normalization=formD \
38 -R /mnt/$(mermet_mnt) $(mermet_bpool) $(mermet_disk)-part3
39 sudo zfs set \
40 acltype=posixacl \
41 canmount=off \
42 compression=lz4 \
43 devices=off \
44 relatime=on \
45 xattr=sa \
46 mountpoint=/ \
47 $(mermet_bpool)
48 # swap
49 # FIXME: configure with a volatile key in configuration.nix
50 #blkid -t TYPE=crypto_LUKS $(mermet_disk)-part4; test $$? != 2 || \
51 #sudo cryptsetup luksFormat --cipher aes-xts-plain64 --key-size 256 --hash sha256 $(mermet_disk)-part4
52 # rpool
53 sudo zpool list $(mermet_rpool) 2>/dev/null || \
54 sudo zpool create -o ashift=12 \
55 $(if $(mermet_cipher),-O encryption=$(mermet_cipher) \
56 -O keyformat=passphrase \
57 -O keylocation=prompt) \
58 -O normalization=formD \
59 -R /mnt/$(mermet_mnt) $(mermet_rpool) $(mermet_disk)-part5
60 sudo zfs set \
61 acltype=posixacl \
62 atime=off \
63 $(if $(autotrim),autotrim=on) \
64 canmount=off \
65 compression=lz4 \
66 dnodesize=auto \
67 relatime=on \
68 xattr=sa \
69 mountpoint=/ \
70 $(mermet_rpool)
71 # /
72 # NOTE: mountpoint=legacy is required to let NixOS mount the ZFS filesystems.
73 sudo zfs list $(mermet_rpool)/root 2>/dev/null || \
74 sudo zfs create \
75 -o canmount=on \
76 -o mountpoint=legacy \
77 $(mermet_rpool)/root
78 #sudo zpool set bootfs="$(mermet_rpool)/boot" $(mermet_rpool)
79 # /boot
80 sudo zfs list $(mermet_bpool)/boot 2>/dev/null || \
81 sudo zfs create \
82 -o canmount=on \
83 -o mountpoint=legacy \
84 $(mermet_bpool)/boot
85 # /boot/efi
86 sudo blkid $(mermet_disk)-part2 -t TYPE=vfat || \
87 sudo mkfs.vfat -F 32 -s 1 -n EFI $(mermet_disk)-part2
88 # /*
89 for p in \
90 home \
91 nix \
92 var \
93 var/cache \
94 var/log \
95 var/mail \
96 var/tmp \
97 var/www \
98 ; do \
99 sudo zfs list $(mermet_rpool)/"$$p" 2>/dev/null || \
100 sudo zfs create \
101 -o canmount=on \
102 -o mountpoint=legacy \
103 $(mermet_rpool)/"$$p" ; \
104 done
105 sudo zfs set \
106 com.sun:auto-snapshot=false \
107 $(mermet_rpool)/var/cache
108 sudo zfs set \
109 com.sun:auto-snapshot=false \
110 sync=disabled \
111 $(mermet_rpool)/var/tmp
112
113 mermet-mount:
114 # /
115 sudo mkdir -p /mnt/$(mermet_mnt)
116 sudo mountpoint /mnt/$(mermet_mnt) || \
117 sudo mount -v -t zfs $(mermet_rpool)/root /mnt/$(mermet_mnt)
118 # /boot
119 sudo mkdir -p /mnt/$(mermet_mnt)/boot
120 sudo mountpoint /mnt/$(mermet_mnt)/boot || \
121 sudo mount -v -t zfs $(mermet_bpool)/boot /mnt/$(mermet_mnt)/boot
122 # /boot/efi
123 sudo mkdir -p /mnt/$(mermet_mnt)/boot/efi
124 sudo mountpoint /mnt/$(mermet_mnt)/boot/efi || \
125 sudo mount -v $(mermet_disk)-part2 /mnt/$(mermet_mnt)/boot/efi
126 # /*
127 for p in \
128 home \
129 nix \
130 var \
131 var/cache \
132 var/log \
133 var/mail \
134 var/tmp \
135 var/www \
136 ; do \
137 sudo mkdir -p /mnt/$(mermet_mnt)/"$$p"; \
138 sudo mountpoint /mnt/$(mermet_mnt)/"$$p" || \
139 sudo mount -v -t zfs $(mermet_rpool)/"$$p" /mnt/$(mermet_mnt)/"$$p" ; \
140 done
141 sudo chmod 1777 /mnt/$(mermet_mnt)/var/tmp
142
143 mermet-bootstrap: mermet-mount
144 sudo mkdir -p bootstrap/$(mermet_mnt)/etc/nixos
145 sudo rm -rf "/mnt/$(mermet_mnt)/etc/nixos"
146 sudo cp -r \
147 bootstrap/$(mermet_mnt)/etc/nixos \
148 /mnt/$(mermet_mnt)/etc/
149 test "$$(sudo grub-probe /mnt/$(mermet_mnt)/boot)" = zfs
150 # NOTE: nixos-install will install GRUB following configuration.nix
151 # BIOS
152 #sudo grub-install $(mermet_disk)
153 # UEFI
154 #sudo grub-install \
155 # --target=x86_64-efi \
156 # --efi-directory=/mnt/$(mermet_mnt)/boot/efi \
157 # --bootloader-id=nixos \
158 # --recheck \
159 # --no-floppy
160 sudo NIX_PATH="$$NIX_PATH" PATH="$$PATH" $$(which nixos-install) \
161 --root /mnt/$(mermet_mnt) \
162 --no-root-passwd
163
164 mermet-umount:
165 for p in \
166 boot/efi \
167 boot \
168 home \
169 nix \
170 var/cache \
171 var/log \
172 var/mail \
173 var/tmp \
174 var/www \
175 var \
176 "" \
177 ; do \
178 ! sudo mountpoint /mnt/$(mermet_mnt)/"$$p" || \
179 sudo umount -v /mnt/$(mermet_mnt)/"$$p" ; \
180 done
NixOS configurations for Sourcephile's infrastructure