!oNSIfazDqEcwhcOjSL:matrix.org

disko

365 Members
disko - declarative disk partitioning - https://github.com/nix-community/disko95 Servers

Load older messages

SenderMessageTime
12 Dec 2024
@netpleb:matrix.orgnetpleb swap files specifically? or swap in general? I do not know enough about either really to have an opinion. 04:07:06
@beat_link:matrix.orgBeatLink Swap on CoW filesystems like BTRFS and ZFS is a bad idea 04:07:47
@beat_link:matrix.orgBeatLinkswap is a write heavy requirement and CoW amplifies writes04:08:03
@beat_link:matrix.orgBeatLinkit will thrash your storage devices, especially if its SSDs 04:08:13
@beat_link:matrix.orgBeatLinkif you must use swap, create a dedicated partition for it04:08:39
@netpleb:matrix.orgnetplebI see, thanks. I had read some of the btrfs docs and it seems like it is aware of files which are used for swap and alters behavior accordingly (disabling CoW and such), but maybe that is more in theory than in practice?04:10:13
@beat_link:matrix.orgBeatLinkIm not sure but that output you posted does show that the kernel have some safeguards to prevent mixing swap and CoW04:10:49
@beat_link:matrix.orgBeatLinkThe best way to solve it is to create a new luks partition on the end of your disk, set its content to be a swap partition and then set the luks keyfile to a location on the root filesystem04:12:51
@beat_link:matrix.orgBeatLinkthat way when the root filesystem is decrypted, a keyfile is available to decrypt swap04:13:02
@beat_link:matrix.orgBeatLinkor do what I do and go without swap which is possible on modern hardware04:13:26
@beat_link:matrix.orgBeatLinkor even zram04:13:44
@beat_link:matrix.orgBeatLinkthe only downside with the two options is no hibernation04:14:04
@netpleb:matrix.orgnetpleb Thanks, yes that is what I will do in future deployments. I am not sure how often my swap on this btrfs system is even used right now so I will probably not worry about repartitioning this deployment. 04:14:19
@beat_link:matrix.orgBeatLinksounds good04:14:31
@kagehisa:matrix.orgkagehisa Hi, I'm having a bit of an unusual question in regards to the LUKS option passowrdFile. Is it somehow possible to let the passworFile be used by a postCreateHook?
In my special case it would be to call systemd-cryptenroll --unlock-key-file=<path to file> .... 		08:12:17
@kagehisa:matrix.orgkagehisa I have tried using the keyfile path directly in the hook but as far as I understand this doesn't work. Especially when I look at the ouptut of nixos-anywhere it seems the passwordFile is read in and then distributed by an internal mechanism (haven't found the code bits for that) to something like this: --key-file /dev/fd/63 08:17:53
@kagehisa:matrix.orgkagehisa Is it possible by any chance to give a postCreateHook access to this "transformed" keyfile path? 08:19:19
@beat_link:matrix.orgBeatLink is this in disko or in nixos generally? 10:58:44
@beat_link:matrix.orgBeatLinkoh right disko10:58:55
@kagehisa:matrix.orgkagehisadisko and in my case disko via nixos-anywhere11:31:04
@nam3l33ss:matrix.org·☽•Nameless☆•777 · ± changed their profile picture.14:34:09
@carsonian:matrix.orgcarsonian joined the room.15:09:37
@carsonian:matrix.orgcarsonianHi I am having an issue I was hoping someone could help me out with. Disko is working fine in my basic configuration.nix, but when I switch to my flake setup that my actual config is on it breaks with this strange error:15:11:00
@carsonian:matrix.orgcarsonian… while calling the 'head' builtin at /nix/store/k5l01g2zwhysjyl5zjvg5zxnj0lyxpp1-source/lib/attrsets.nix:967:11: 966| || pred here (elemAt values 1) (head values) then 967| head values | ^ 968| else … while evaluating the attribute 'value' at /nix/store/k5l01g2zwhysjyl5zjvg5zxnj0lyxpp1-source/lib/modules.nix:809:9: 808| in warnDeprecation opt // 809| { value = builtins.addErrorContext "while evaluating the option `${showOption loc}':" value; | ^ 810| inherit (res.defsFinal') highestPrio; … while evaluating the option `system.build.toplevel': … while evaluating definitions from `/nix/store/k5l01g2zwhysjyl5zjvg5zxnj0lyxpp1-source/nixos/modules/system/activation/top-level.nix': … while evaluating the option `assertions': … while evaluating definitions from `/nix/store/k5l01g2zwhysjyl5zjvg5zxnj0lyxpp1-source/nixos/modules/tasks/filesystems/zfs.nix': … while evaluating the option `boot.zfs.enabled': … while evaluating the option `boot.initrd.supportedFilesystems': … while evaluating definitions from `/nix/store/k5l01g2zwhysjyl5zjvg5zxnj0lyxpp1-source/nixos/modules/system/boot/stage-1.nix': … while evaluating definitions from `/nix/store/k5l01g2zwhysjyl5zjvg5zxnj0lyxpp1-source/nixos/modules/tasks/filesystems.nix': … while evaluating the option `fileSystems."/".device': … while evaluating definitions from `/nix/store/fp2j5w8ly5k2s5sqx8qnhvmlwqr3i21j-source/module.nix': … while evaluating the option `disko.devices.disk.main.content.partitions.root.content.device': … while evaluating the module argument `device' in "/nix/store/fp2j5w8ly5k2s5sqx8qnhvmlwqr3i21j-source/lib/types/btrfs.nix": … while evaluating definitions from `/nix/store/drdviskxkwcg7q1la067n6dqzq0kfi18-source/hosts/skadi/disk-config.nix': … while evaluating the option `disko.devices.disk.main.content.partitions.root.device': (stack trace truncated; use '--show-trace' to show the full, detailed trace) error: attribute 'match' missing at /nix/store/fp2j5w8ly5k2s5sqx8qnhvmlwqr3i21j-source/lib/default.nix:114:16: 113| lib.stringAsChars 114| (c: if lib.match allowedChars c != null || c == "" then c else "\\x" + charToHex c); | ^ 115| Did you mean path?15:11:37
13 Dec 2024
@sandro:supersandro.deSandro 🐧Please use triple backticks14:10:02
@sigmasquadron:matrix.orgSigmaSquadron ```
like this!
```
like this!
22:49:49
14 Dec 2024
@blimbus:matrix.orgblimbus

I would think so too but whenever I run disko-install without disk arguments I get error: No device passed for disk 'home'. Pass `--disk home /dev/name` via commandline. If I specify home then it errors for root. This is my disko config:

{
  disko.devices = {
    disk.nix = {
      type = "disk";
      device = "/dev/disk/by-id/ata-QEMU_HARDDISK_QM00003";
      content = {
        type = "gpt";
        partitions = {
          boot = {
            size = "1G";
            type = "EF00";
            content = {
              type = "filesystem";
              format = "vfat";
              mountpoint = "/boot";
              mountOptions = [ "umask=0077" ];
            };
          };

          root = {
            size = "100%";
            content = {
              type = "luks";
              name = "nixcrypt";
              settings.allowDiscards = true;
              passwordFile = "/tmp/root.key";
              content = {
                type = "btrfs";
                extraArgs = [ "-f" ];
                postMountHook = ''
                  mkdir -p /mnt/disko-install-root/nix/persist/root && cp /tmp/home.key /mnt/disko-install-root/nix/persist/root/home.key
                '';
                subvolumes = {
                  "nix" = {
                    mountpoint = "/nix";
                    mountOptions = [ "compress-force=zstd:1" "noatime" ];
                  };
                  "swap" = {
                    mountpoint = "/.swap";
                    mountOptions = [ "compress-force=zstd:1" "noatime" ];
                    swap.swapfile.size = "8G";
                  };
                };
              };
            };
          };
        };
      };
    };

    disk.home = {
      type = "disk";
      device = "/dev/disk/by-id/ata-QEMU_HARDDISK_QM00005";
      content = {
        type = "luks";
        name = "homecrypt";
        settings.allowDiscards = true;
        settings.keyFile = "/tmp/home.key";
        initrdUnlock = false;  # don't unlock at boot
        content = {
          type = "btrfs";
          extraArgs = [ "-f" ];
          subvolumes = {
            "home" = {
              mountpoint = "/nix/persist/home";
              mountOptions = [ "compress-force=zstd:1" "noatime"];
            };
          };
        };
      };
    };

    nodev."/" = {
      fsType = "tmpfs";
      mountOptions = [ "defaults" "size=3G" "mode=755" ];
    };
  };
}
23:14:08
@blimbus:matrix.orgblimbus *

I would think so too but whenever I run disko-install without disk arguments I get error: No device passed for disk 'home'. Pass `--disk home /dev/name` via commandline. If I specify home then it errors for disk.nix. This is my disko config:

{
  disko.devices = {
    disk.nix = {
      type = "disk";
      device = "/dev/disk/by-id/ata-QEMU_HARDDISK_QM00003";
      content = {
        type = "gpt";
        partitions = {
          boot = {
            size = "1G";
            type = "EF00";
            content = {
              type = "filesystem";
              format = "vfat";
              mountpoint = "/boot";
              mountOptions = [ "umask=0077" ];
            };
          };

          root = {
            size = "100%";
            content = {
              type = "luks";
              name = "nixcrypt";
              settings.allowDiscards = true;
              passwordFile = "/tmp/root.key";
              content = {
                type = "btrfs";
                extraArgs = [ "-f" ];
                postMountHook = ''
                  mkdir -p /mnt/disko-install-root/nix/persist/root && cp /tmp/home.key /mnt/disko-install-root/nix/persist/root/home.key
                '';
                subvolumes = {
                  "nix" = {
                    mountpoint = "/nix";
                    mountOptions = [ "compress-force=zstd:1" "noatime" ];
                  };
                  "swap" = {
                    mountpoint = "/.swap";
                    mountOptions = [ "compress-force=zstd:1" "noatime" ];
                    swap.swapfile.size = "8G";
                  };
                };
              };
            };
          };
        };
      };
    };

    disk.home = {
      type = "disk";
      device = "/dev/disk/by-id/ata-QEMU_HARDDISK_QM00005";
      content = {
        type = "luks";
        name = "homecrypt";
        settings.allowDiscards = true;
        settings.keyFile = "/tmp/home.key";
        initrdUnlock = false;  # don't unlock at boot
        content = {
          type = "btrfs";
          extraArgs = [ "-f" ];
          subvolumes = {
            "home" = {
              mountpoint = "/nix/persist/home";
              mountOptions = [ "compress-force=zstd:1" "noatime"];
            };
          };
        };
      };
    };

    nodev."/" = {
      fsType = "tmpfs";
      mountOptions = [ "defaults" "size=3G" "mode=755" ];
    };
  };
}
23:18:33
18 Dec 2024
@annaaurora:artemislena.euAnna Aurora
In reply to @beat_link:matrix.org
if you must use swap, create a dedicated partition for it

if you require encryption, then not having swap on the root encrypted filesystem really complicates things because with zfs and btrfs you want them to be directly on the hardware ideally but if you have swap, you need an lvm for swap and the btrfs/zfs to put the lvm into a luks.

or i guess you could you zfs' built-in encryption (not sure if btrfs has that) and create a luks partition in addition for the swap and make them both have the same password or so

17:42:35
@annaaurora:artemislena.euAnna Aurora
In reply to @blimbus:matrix.org

I would think so too but whenever I run disko-install without disk arguments I get error: No device passed for disk 'home'. Pass `--disk home /dev/name` via commandline. If I specify home then it errors for disk.nix. This is my disko config:

{
  disko.devices = {
    disk.nix = {
      type = "disk";
      device = "/dev/disk/by-id/ata-QEMU_HARDDISK_QM00003";
      content = {
        type = "gpt";
        partitions = {
          boot = {
            size = "1G";
            type = "EF00";
            content = {
              type = "filesystem";
              format = "vfat";
              mountpoint = "/boot";
              mountOptions = [ "umask=0077" ];
            };
          };

          root = {
            size = "100%";
            content = {
              type = "luks";
              name = "nixcrypt";
              settings.allowDiscards = true;
              passwordFile = "/tmp/root.key";
              content = {
                type = "btrfs";
                extraArgs = [ "-f" ];
                postMountHook = ''
                  mkdir -p /mnt/disko-install-root/nix/persist/root && cp /tmp/home.key /mnt/disko-install-root/nix/persist/root/home.key
                '';
                subvolumes = {
                  "nix" = {
                    mountpoint = "/nix";
                    mountOptions = [ "compress-force=zstd:1" "noatime" ];
                  };
                  "swap" = {
                    mountpoint = "/.swap";
                    mountOptions = [ "compress-force=zstd:1" "noatime" ];
                    swap.swapfile.size = "8G";
                  };
                };
              };
            };
          };
        };
      };
    };

    disk.home = {
      type = "disk";
      device = "/dev/disk/by-id/ata-QEMU_HARDDISK_QM00005";
      content = {
        type = "luks";
        name = "homecrypt";
        settings.allowDiscards = true;
        settings.keyFile = "/tmp/home.key";
        initrdUnlock = false;  # don't unlock at boot
        content = {
          type = "btrfs";
          extraArgs = [ "-f" ];
          subvolumes = {
            "home" = {
              mountpoint = "/nix/persist/home";
              mountOptions = [ "compress-force=zstd:1" "noatime"];
            };
          };
        };
      };
    };

    nodev."/" = {
      fsType = "tmpfs";
      mountOptions = [ "defaults" "size=3G" "mode=755" ];
    };
  };
}
can you check if there is a device for home in repl? 		17:52:31

Show newer messages

Back to Room ListRoom Version: 10