bootstrap/mermet/etc/nixos/zfs-configuration.nix

   1 { config, lib, pkgs, ... }:
   2
   3 {
   4   imports = [];
   5   boot.supportedFilesystems = [ "zfs" ];
   6   boot.initrd.network = {
   7     # This will use udhcp to get an ip address.
   8     # Make sure you have added the kernel module for your network driver to `boot.initrd.availableKernelModules`,
   9     # so your initrd can load it!
  10     # Static ip addresses might be configured using the ip argument in kernel command line:
  11     # https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt
  12     enable = true;
  13     ssh = {
  14        enable = true;
  15        # To prevent ssh from freaking out because a different host key is used,
  16        # a different port for dropbear is useful (assuming the same host has also a normal sshd running)
  17        port = 2222;
  18        # dropbear uses key format different from openssh; can be generated by using:
  19        # $ nix-shell -p dropbear --command "dropbearkey -t ecdsa -f /tmp/initrd-ssh-key"
  20        # WARNINg: this key will be in the NixOS store and the initrd and thus maybe on cleartext storage.
  21        hostECDSAKey = ../dropbear/host-ecdsa-key;
  22        # public ssh key used for login
  23        authorizedKeys = [
  24          # julm
  25          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD5FtR++UPEg/5wFeyb2JSS09idTaDb4tMIRf1yxCsyIJEp5LQMif/fIptDeHoYc55lwy8vnWWN9PJpb6PS8YSaLLFV5tn8esR8Ml+evNCAD52Tdu1kPRXGLCSF5kSVnbAMoxqiNi8vRRKXwAzGgXmIUzDAE4QTsq3EwZM6cBnDx5O79wBIZ9va2TObL52qv+Vpi+QyINuslKKc+Osu92pdwceIGZUcwA6Y8aH6lavaTyDUQdSjMRMTAiXSPRjmHf1q+V7wENXT/TKXuuahN8NnJShX3Qf9hwNEIU46SOENsrRFQ5eYahAmqUIK4GbsERS2KRDxbvSOl7rKh2sauBxyKfkW/gxQ4LAyywxuumpI0pO7XmdINCGWdXS9gD216lcGuH/TC0KboiOVExh65eRIOeEFTec0VJQEqqnFul7u8YNPmbBpLnM+SQ3TAkdQmfasKgPIazFNCAnC8I9hKlGYpLk/Dgi/sVbwFeoOUQcaTBRnWKUCedX4v4kmPIHuHSNPV2C/0770gH2iJ1N1XEO3YDGiixuHHiLlCV8Ko950CoTh1PwDNCd3Qy/jR/QhE2waVPliFwl2+H6IkIxkUO8A9ktLCJUeaZJN3snoV+9hvpT1E2TrEccsTVx5BaGAJCUkvO2XYlEsNceIIitkrbhidjZvfZ4/czGUKoN1wSSpMw== GnuPG pub=F2E027182397AC0775714F2AD15AF7F467E8299B sub=7819E44BAEEDE91683811BB00E1AAADBE227DDAA"
  26        ];
  27     };
  28     # this will automatically load the zfs password prompt on login
  29     # and kill the other prompt so boot can continue
  30     postCommands = ''
  31       #zpool import rpool
  32       echo "zfs load-key -a; killall zfs" >> /root/.profile
  33     '';
  34   };
  35
  36   # The 32-bit host id of the machine, formatted as 8 hexadecimal characters.
  37   # You should try to make this id unique among your machines.
  38   # Manually generated with : head -c4 /dev/urandom | od -A none -t x4 | cut -d ' ' -f 2
  39   networking.hostId = "69c40b03";
  40
  41   # noop, the recommended elevator with zfs.
  42   # shell_on_fail allows to force import manually in the case of zfs import failure.
  43   boot.kernelParams = [
  44     "elevator=noop"
  45     "zfs.zfs_arc_max=262144000" # 250Mo
  46   ];
  47
  48   # FIXME: Uncomment [on a working system] to ensure extra safeguards are active that zfs uses to protect zfs pools:
  49   #boot.zfs.forceImportAll = false;
  50   #boot.zfs.forceImportRoot = false;
  51
  52   boot.zfs.enableUnstable = true;
  53   boot.zfs.requestEncryptionCredentials = true;
  54
  55   # Enables periodic scrubbing of ZFS pools.
  56   services.zfs.autoScrub.enable = true;
  57
  58   /*
  59   # Enable the (OpenSolaris-compatible) ZFS auto-snapshotting service.
  60   services.zfs.autoSnapshot = {
  61     enable   = true;
  62     frequent = ;
  63     hourly   = ;
  64     daily    = ;
  65     weekly   = ;
  66     monthly  = ;
  67   };
  68   */
  69
  70 }