| 18 Nov 2024 |
 matthewcroughan | I think it only happens when the toplevel is large | 16:50:45 |
| matthewcroughan | Ah yeah it's because imageSize is too small | 16:53:19 |
| matthewcroughan | because there is no automatic calculation because https://github.com/nix-community/disko/pull/465 wasn't good enough to get merged | 16:54:45 |
 shift | @matthewcroughan:defenestrate.it: sounds you need to visit c-base on Tuesday to resolve it ;) | 16:58:21 |
| matthewcroughan | I'm not in Berlin sadly | 17:03:00 |
| matthewcroughan | Only Birkenhead | 17:03:03 |
| matthewcroughan | Which is the new Berlin | 17:03:07 |
| 20 Nov 2024 |
|  Inayet removed their profile picture. | 00:59:16 |
|  daddychan joined the room. | 05:02:06 |
| daddychan | Hey everyone. Felt bad about opening a github issue for this, so I thought I'd bring it here...
I'm trying to get a semi-complex system set up. I am trying to get an "impermanence" set up working with ZFS as my root filesystem. I've got a 512GB NVME drive for the OS and a 4TB drive for (NAS) bulk storage. I'm setting up a mirrored vdev for the OS (400GB partition on the OS drive and 400GB partition on the storage drive). The rest of the storage drive is just a normal vdev, and I have a pool for each vdev. I was actually able to boot into my system yesterday, and things seemed to be working as expected! However, I forgot encryption. When I went back to add LUKS to the storage pool's partition, I was able to set the passphrase and unlock it, but ultimately was unable to mount the dataset under the encrypted drive. I see Starting Import ZFS pool "flashpool" and a start job hangs for a while but eventually fails and I drop into emergency mode and get Cannot open access to console, the root account is locked.
I think this may have something to do with the timing of when it's trying to import the pool, but I'm not sure; if anyone has experience with LUKS+ZFS on disko, let me know!
| 05:13:10 |
| daddychan | Here's my disko.nix:
let
root_fs_partition = {
size = "400G"; # GiB
content = {
type = "zfs";
pool = "rootpool";
};
};
boot_partition =
{ mountpoint }:
{
size = "1G";
type = "EF00";
content = {
inherit mountpoint;
type = "filesystem";
format = "vfat";
mountOptions = [ "umask=0077" ];
};
};
swap_partition = {
size = "64G";
content = {
type = "swap";
resumeDevice = false;
};
};
zfs_rootfs_options = {
# Enables access control lists
acltype = "posixacl";
# Disables tracking the time a file is accessed (viewed/ls'ed)
atime = "off";
# Supposedly a bit faster than zstd at the cost of slightly less
# compression
compression = "lz4";
# We'll mount datasets rather than the pool itself
mountpoint = "none";
# Sets extended attributes in inode instead of with hidden sidecar
# folders
xattr = "sa";
};
zfs_options = {
# 12 is a good default value... this pertains to the physical sector
# size of the storage device in use. It's hard to find information about
# this for the SSD I'm using, and a test I found showed that tweaking
# this on an SSD didn't provide any performance boost, so I'm leaving it
# at 12.
ashift = "12";
};
in
{
disko.devices = {
disk = {
homelab = {
type = "disk";
device = "/dev/disk/by-id/nvme-WD_BLACK_SN770_500GB_22127H802862";
content = {
type = "gpt";
partitions = {
ESP = boot_partition { mountpoint = "/boot"; };
swap = swap_partition;
zfs = root_fs_partition;
};
};
};
flash0 = {
type = "disk";
device = "/dev/disk/by-id/nvme-CT4000P3PSSD8_2411E89FE7EE";
content = {
type = "gpt";
partitions = {
ESP = boot_partition { mountpoint = "/boot2"; };
zfs-mirror = root_fs_partition;
flash = {
size = "100%";
content = {
type = "luks";
name = "flashluks";
passwordFile = "/tmp/secret.phrase";
settings = {
# Enables TRIM; does have some security concerns, but they seem minor to me
allowDiscards = true;
keyFile = "/tmp/secret.key";
keyFileOffset = 618;
keyFileSize = 2022;
keyFileTimeout = 30;
# fallbackToPassword cannot be used when boot.initrd.systemd
# is in use since it is implied by that option
};
content = {
type = "zfs";
pool = "flashpool";
};
};
};
};
};
};
# spin0 = {
# type = "disk";
# device = "FIXME";
# content = {
# type = "gpt";
# partitions = {
# zfs = {
# size = "100%";
# content = {
# type = "zfs";
# pool = "spinpool";
# };
# };
# };
# };
# };
};
# https://wiki.archlinux.org/title/Install_Arch_Linux_on_ZFS
# https://jrs-s.net/2018/08/17/zfs-tuning-cheat-sheet/
zpool = {
rootpool = {
type = "zpool";
mode = {
topology = {
type = "topology";
vdev = [
{
mode = "mirror";
# This needs to be an absolute path value most likely
# https://github.com/nix-community/disko/blob/380847d94ff0fedee8b50ee4baddb162c06678df/lib/types/zpool.nix#L140
members = [
"/dev/disk/by-partlabel/disk-homelab-zfs"
"/dev/disk/by-partlabel/disk-flash0-zfs-mirror"
];
}
];
};
};
# -O options for zpool create
rootFsOptions = zfs_rootfs_options;
# -o options for zpool create
options = zfs_options;
datasets = {
# All datasets under drop are erased on reboot
"drop" = {
type = "zfs_fs";
options.mountpoint = "none";
};
"drop/root" = {
type = "zfs_fs";
mountpoint = "/";
options."com.sun:auto-snapshot" = "false";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^rootpool/drop/root@blank$' || zfs snapshot rootpool/drop/root@blank";
};
"drop/nix" = {
type = "zfs_fs";
mountpoint = "/nix";
options."com.sun:auto-snapshot" = "false";
};
# All datasets under keep are persisted on reboot
"keep" = {
type = "zfs_fs";
options.mountpoint = "none";
};
"keep/keep" = {
type = "zfs_fs";
mountpoint = "/keep";
options."com.sun:auto-snapshot" = "true";
};
"keep/home" = {
type = "zfs_fs";
mountpoint = "/home";
# Used by services.zfs.autoSnapshot options.
options."com.sun:auto-snapshot" = "true";
};
};
};
flashpool = {
type = "zpool";
# -O options for zpool create
rootFsOptions = zfs_rootfs_options;
# -o options for zpool create
options = zfs_options;
datasets = {
"flashroot" = {
type = "zfs_fs";
options.mountpoint = "none";
};
"flashroot/flash" = {
type = "zfs_fs";
mountpoint = "/flash";
options."com.sun:auto-snapshot" = "true";
};
};
};
};
};
}
| 05:13:35 |
| daddychan | Of note, I enabled boot.initrd.systemd in my config since it seemed like that was necessary to use keyFileTimeout, so that could also have something to do with this | 05:14:57 |
| daddychan | * Hey everyone. Felt bad about opening a github issue for this, so I thought I'd bring it here...
I'm trying to get a semi-complex system set up. I am trying to get an "impermanence" set up working with ZFS as my root filesystem. I've got a 512GB NVME drive for the OS and a 4TB drive for (NAS) bulk storage. I'm setting up a mirrored vdev for the OS (400GB partition on the OS drive and 400GB partition on the storage drive). The rest of the storage drive is just a normal vdev, and I have a pool for each vdev. I was actually able to boot into my system yesterday, and things seemed to be working as expected! However, I forgot encryption. When I went back to add LUKS to the storage pool's partition, I was able to set the passphrase and unlock it, but ultimately was unable to mount the dataset under the encrypted drive. I see Starting Import ZFS pool "flashpool" and a start job hangs for a while but eventually fails and I drop into emergency mode and get Cannot open access to console, the root account is locked.
I think this may have something to do with the timing of when it's trying to import the pool, but I'm not sure. I also suspect using legacy mountpoints could potentially fix it? If anyone has experience with LUKS+ZFS on disko, let me know!
| 05:15:35 |
| daddychan | * Of note, I enabled boot.initrd.systemd in my config since it seemed like that was necessary to use keyFileTimeout, so that could also have something to do with this. I did not enable it before when I was able to boot successfully. | 05:16:30 |
| 22 Nov 2024 |
|  Morgan (@numinit) joined the room. | 17:49:27 |
| 24 Nov 2024 |
|  danjujan joined the room. | 10:34:18 |
| 25 Nov 2024 |
|  @nullcube:matrix.org joined the room. | 10:04:53 |
|  luxus joined the room. | 18:06:38 |
|  else42 joined the room. | 21:54:50 |
| else42 | hey! trying to set up a new system via nixos net image using disko-install. hitting this error:
/nix/store/bz18paxklav6yyhqvvl1l7aiq3drncy4-disko-install/bin/.disko-install-wrapped: line 216: artifacts[1]: unbound variable
anybody got an idea what that could be related to? this is my config: https://gist.github.com/elsbrock/7707bb8edfe527fbf250aa2c99ca5815 | 21:56:26 |
| else42 | [nixos@nixos:~/infra]$ sed -n '214, 220 p' /nix/store/bz18paxklav6yyhqvvl1l7aiq3drncy4-disko-install/bin/.disko-install-wrapped
IFS=$'\n' mapfile -t artifacts <<<"$outputs"
nixos_system=${artifacts[0]}
closure_info=${artifacts[1]}
disko_script=${artifacts[2]}
if [[ -n ${dry_run-} ]]; then
echo "Would run: $disko_script"
| 21:58:20 |
| 26 Nov 2024 |
 maralorn | I am trying to configure a system based on the zfs examples. | 10:21:15 |
| maralorn | I have a zpool which configures mountpoint "/" | 10:21:27 |
| maralorn | On eval I get the error The fileSystems option does not specifiy your root file system. | 10:22:03 |
| maralorn | Oooof, classic flakes problem … | 10:22:51 |
| maralorn | Hadn’t staged disko-config.nix | 10:23:00 |
|  victorbjelkholm joined the room. | 16:02:33 |
| 27 Nov 2024 |
|  jopejoe1 (4094@39c3) changed their display name from jopejoe1 to jopejoe1 [4094]. | 18:19:01 |
 netpleb | I have a disks.nix in my git repo, added it to my configuration, and disko-install ... worked perfectly! My my disks config looks like (basically it is the luks-btrfs example in the docs):
{
disko.devices = {
disk = {
main = {
type = "disk";
# When using disko-install, we can overwrite this value (device) from the commandline:
# $ sudo nix run 'github:nix-community/disko/latest#disko-install' -- --write-efi-boot-entries --flake '/tmp/config/etc/nixos#mymachine' --disk main /dev/sda
# see: https://github.com/nix-community/disko/blob/master/docs/disko-install.md
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
# disable settings.keyFile if you want to use interactive password entry
#passwordFile = "/tmp/secret.key"; # Interactive
settings = {
allowDiscards = true;
# keyFile = "/tmp/secret.key";
};
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/swap" = {
mountpoint = "/.swapvol";
swap.swapfile.size = "8G";
};
};
};
};
};
};
};
};
};
};
}
| 18:35:59 |
| netpleb | Then I added a second nvme device to the machine and booted it up. I noticed that the machine switched the original /dev/nvme0n1 over to /dev/nvme1n1 and the new device is now /dev/nvme0n1, but it booted up just fine. I am guessing that is becuase (correctly) disko set fileSystems."/".device = "crypted". So far so good. | 18:40:29 |
