disko - Public Room Timeline

	disko	367 Members
	disko - declarative disk partitioning - https://github.com/nix-community/disko	94 Servers

Load older messages

Sender	Message	Time
11 Feb 2024
eyJhb	* Would it make sense to have a check, that tries to check if there is a key in zpool that is the pool name?	12:08:25
matthewcroughan	Well it really should check with regexp and throw a trace if it's anything other than `rpool`	12:08:59
eyJhb	In reply to @matthewcroughan:defenestrate.it Hopefully zfs goes away and we get all the features in bcachefs Yeah, I think that's the hope. I haven't tried bcachefs at all. I've just heard k900 talking about it a lot. Or generally been spoken a lot about.	12:09:02
matthewcroughan	There are probably a lot of cases that need to be caught manually with Nix code, this is one of them	12:09:24
eyJhb	[root@nixos:~]# zfs list NAME USED AVAIL REFER MOUNTPOINT rpool 889M 35.5G 25K /rpool rpool/local 888M 35.5G 24K /rpool/local rpool/local/nix 888M 35.5G 888M legacy rpool/local/stash 24K 35.5G 24K legacy rpool/root 322K 35.5G 300K legacy rpool/safe 72K 35.5G 24K /rpool/safe rpool/safe/home 24K 35.5G 24K legacy rpool/safe/persistent 24K 35.5G 24K legacy [root@nixos:~]# df H df: H: No such file or directory [root@nixos:~]# df -h Filesystem Size Used Avail Use% Mounted on devtmpfs 192M 0 192M 0% /dev tmpfs 1.9G 0 1.9G 0% /dev/shm tmpfs 959M 2.8M 957M 1% /run tmpfs 1.9G 320K 1.9G 1% /run/wrappers rpool/root 36G 384K 36G 1% / rpool/local/nix 37G 889M 36G 3% /nix rpool 36G 128K 36G 1% /rpool rpool/safe 36G 128K 36G 1% /rpool/safe rpool/local 36G 128K 36G 1% /rpool/local rpool/local/stash 36G 128K 36G 1% /state/stash rpool/safe/home 36G 128K 36G 1% /state/home /dev/sda2 500M 42M 458M 9% /boot rpool/safe/persistent 36G 128K 36G 1% /state/root tmpfs 384M 0 384M 0% /run/user/0	12:09:40
eyJhb	Works! Awesome :)	12:09:43
eyJhb	I should make an issue for it.	12:10:04
eyJhb	OR even better, a PR for it.	12:10:11
matthewcroughan	this is equivalent to a typo, it should be possible to express a type in `lib` that catches this, hard though, I can see why there's no code written to catch this failure	12:14:21
eyJhb	Wondering, is there any option for copying over the keyFile to the remote host? E.g. using ssh :)	12:58:56
eyJhb	In reply to @matthewcroughan:defenestrate.it this is equivalent to a typo, it should be possible to express a type in `lib` that catches this, hard though, I can see why there's no code written to catch this failure Yeah, that's fair	12:59:08
matthewcroughan	In reply to @eyjhb:eyjhb.dk Wondering, is there any option for copying over the keyFile to the remote host? E.g. using ssh :) Why do that when you could bake the secret into the image	13:59:18
matthewcroughan	In reply to @eyjhb:eyjhb.dk Wondering, is there any option for copying over the keyFile to the remote host? E.g. using ssh :) * Why do that when you could bake the secret into the disk image	13:59:29
matthewcroughan	if you're referring to nixos-anywhere, I wonder if they have a postDeploy/preDeploy hook that could be used for this, would be a good idea if not yet implemented	13:59:54
eyJhb	In reply to @matthewcroughan:defenestrate.it Why do that when you could bake the secret into the disk image Bake into the disk image? I might be misunderstanding that	14:22:31
eyJhb	In reply to @matthewcroughan:defenestrate.it if you're referring to nixos-anywhere, I wonder if they have a postDeploy/preDeploy hook that could be used for this, would be a good idea if not yet implemented True, I need to look into if nixos-anywhere has that option :) Not disko thing yeah :)	14:23:08
matthewcroughan	Not 100% sure if it's in disko yet, but I remember some feature I was shown where you can put data into a disk image, without it being in the Nix store.	14:23:08
matthewcroughan	I have an implementation of this which is really simple, and almost equivalent, which just uses a VM to add secrets to an existing disk image by using loopbacks	14:24:02
matthewcroughan	packages.x86_64-linux.secretImage = let secretAdderVm = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ ({ config, ... }: let stateDir = config.services.tor.settings.DataDirectory; in { imports = [ "${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix" ./tor-config.nix ]; virtualisation.graphics = false; services.getty.autologinUser = "root"; programs.bash.interactiveShellInit = '' if [ "$(tty)" = "/dev/ttyS0" ]; then mkdir /mnt unzstd ${self.images.pi}/sd-image/.zst --output-dir-flat /tmp/shared chmod 700 /tmp/shared/.img losetup -P /dev/loop0 /tmp/shared/.img mount /dev/loop0p2 /mnt mkdir -p /mnt/${stateDir} cp -r ${stateDir}/onion /mnt/${stateDir}/onion chown -R ${toString config.ids.uids.tor}:${toString config.ids.gids.tor} /mnt/${stateDir} chmod -R 700 /mnt/${stateDir} umount /mnt losetup -d /dev/loop0 for i in ${stateDir}/onion/; do echo -e "\nOnion Service: $(basename $i) -> $(cat $i/hostname)" >> /tmp/shared/services; done shutdown now fi ''; }) ]; }; in nixpkgs.legacyPackages.x86_64-linux.writeScriptBin "addSecrets" '' rm nixos.qcow2 export SHARED_DIR=$(mktemp -d) ${secretAdderVm.config.system.build.vm}/bin/run-nixos-vm cat $SHARED_DIR/services mv $SHARED_DIR/*.img . '';	14:24:04
matthewcroughan	something like this, for example	14:24:09
matthewcroughan	this is unrelated to Disko, but it's similar in the concept	14:24:22
matthewcroughan	* I have an implementation of this which is really simple, and almost equivalent, which just uses a VM to add secrets to an existing disk image by using loopback mounts	14:24:34
matthewcroughan	TL;DR you make the installer/disk image you're going to boot, stateless in the Nix store, then you make a shell script which boots a VM, mounts this image as a loopback, adds the secret in the dir of your choosing, then shuts down	14:25:10
matthewcroughan	* TL;DR you make the installer/disk image you're going to boot, stateless in the Nix store, then you make a shell script which boots a VM, mounts this disk image as a loopback, adds the secret in the dir of your choosing, then shuts down	14:25:17
matthewcroughan	In my example it's `nix run .#secretImage` which would do all of that	14:26:31
matthewcroughan	* In my example it's `nix run .#secretImage` which would do all of that and produce a tarball that isn't in the /nix/store, which contains this secret	14:26:40
eyJhb	`* --extra-files <file...> files to copy into the new nixos installation * --disk-encryption-keys <remote_path> <local_path> copy the contents of the file or pipe in local_path to remote_path in the installer environment, after kexec but before installation. Can be repeated.`	18:53:07
eyJhb	It's actually possible and "really" easy with nixos-anywhere it seems.	18:53:21
12 Feb 2024
@adam:robins.wtf	has anyone explored allowing for disko to only manage part of a disk? i'm thinking of a dual boot windows system and it would be nice to apply disko for the nixos bits while allowing for explicitly avoiding other partitions	14:09:57
13 Feb 2024
lillecarl	Has anyone else experienced the issue where your md device appears as /dev/md127 rather than anything useful? hostname: nixos kernel: 6.7.4 `+ mdadm --create /dev/md/data1 --level=1 --raid-devices=2 --metadata=default --force --homehost=any /dev/disk/by-partlabel/disk-a-data /dev/disk/by-partlabel/disk-b-data mdadm: array /dev/md/data1 started. mdadm: timeout waiting for /dev/md/data1 + partprobe /dev/md/data1` The device is created as /dev/md127 instead (no md folder in /dev). It says the name is "any:data1" but it doesn't exist there.	00:51:53

Show newer messages

Back to Room ListRoom Version: 10