!oNSIfazDqEcwhcOjSL:matrix.org

disko

367 Members
disko - declarative disk partitioning - https://github.com/nix-community/disko95 Servers

Load older messages

SenderMessageTime
11 Feb 2024
@matthewcroughan:defenestrate.itmatthewcroughanI can't spot the problem directly in your example, because this is one of the larger modules with deeply nested options, so it's quite hard, but I assure you that if you put your code on the left, and the ZFS example on the right, you will spot it 12:04:52
@lassulus:lassul.uslassulusPool should be rpool12:06:23
@matthewcroughan:defenestrate.itmatthewcroughanah damn :D 12:06:29
@lassulus:lassul.uslassulusNot zpool12:06:31
@matthewcroughan:defenestrate.itmatthewcroughanis there no way to have Nix warn you about that, like "Did you mean rpool?"12:06:45
@eyjhb:eyjhb.dkeyJhb
In reply to @lassulus:lassul.us
Pool should be rpool
Yeah, that's the thing I'm trying now. I changed it once, but ... I just changed it from zroot to zpool.............. 		12:07:02
@eyjhb:eyjhb.dkeyJhb
In reply to @matthewcroughan:defenestrate.it
is there no way to have Nix warn you about that, like "Did you mean rpool?"
Make it include clippy as well. Disko clippy 		12:07:30
@eyjhb:eyjhb.dkeyJhbNice, now it doesn't fail while creating the disks! 12:07:54
@matthewcroughan:defenestrate.itmatthewcroughanHopefully zfs goes away and we get all the features in bcachefs12:07:59
@matthewcroughan:defenestrate.itmatthewcroughanless to maintain if that happens12:08:13
@eyjhb:eyjhb.dkeyJhbWould it make sense to have a check, that tries to check if there is a key in zpool that is the pool name :)12:08:23
@eyjhb:eyjhb.dkeyJhb * Would it make sense to have a check, that tries to check if there is a key in zpool that is the pool name?12:08:25
@matthewcroughan:defenestrate.itmatthewcroughan Well it really should check with regexp and throw a trace if it's anything other than rpool 12:08:59
@eyjhb:eyjhb.dkeyJhb
In reply to @matthewcroughan:defenestrate.it
Hopefully zfs goes away and we get all the features in bcachefs
Yeah, I think that's the hope. I haven't tried bcachefs at all. I've just heard k900 talking about it a lot. Or generally been spoken a lot about. 		12:09:02
@matthewcroughan:defenestrate.itmatthewcroughanThere are probably a lot of cases that need to be caught manually with Nix code, this is one of them12:09:24
@eyjhb:eyjhb.dkeyJhb 
[root@nixos:~]# zfs list
NAME                    USED  AVAIL     REFER  MOUNTPOINT
rpool                   889M  35.5G       25K  /rpool
rpool/local             888M  35.5G       24K  /rpool/local
rpool/local/nix         888M  35.5G      888M  legacy
rpool/local/stash        24K  35.5G       24K  legacy
rpool/root              322K  35.5G      300K  legacy
rpool/safe               72K  35.5G       24K  /rpool/safe
rpool/safe/home          24K  35.5G       24K  legacy
rpool/safe/persistent    24K  35.5G       24K  legacy

[root@nixos:~]# df H
df: H: No such file or directory

[root@nixos:~]# df -h
Filesystem             Size  Used Avail Use% Mounted on
devtmpfs               192M     0  192M   0% /dev
tmpfs                  1.9G     0  1.9G   0% /dev/shm
tmpfs                  959M  2.8M  957M   1% /run
tmpfs                  1.9G  320K  1.9G   1% /run/wrappers
rpool/root              36G  384K   36G   1% /
rpool/local/nix         37G  889M   36G   3% /nix
rpool                   36G  128K   36G   1% /rpool
rpool/safe              36G  128K   36G   1% /rpool/safe
rpool/local             36G  128K   36G   1% /rpool/local
rpool/local/stash       36G  128K   36G   1% /state/stash
rpool/safe/home         36G  128K   36G   1% /state/home
/dev/sda2              500M   42M  458M   9% /boot
rpool/safe/persistent   36G  128K   36G   1% /state/root
tmpfs                  384M     0  384M   0% /run/user/0
12:09:40
@eyjhb:eyjhb.dkeyJhbWorks! Awesome :)12:09:43
@eyjhb:eyjhb.dkeyJhbI should make an issue for it.12:10:04
@eyjhb:eyjhb.dkeyJhbOR even better, a PR for it.12:10:11
@matthewcroughan:defenestrate.itmatthewcroughan this is equivalent to a typo, it should be possible to express a type in lib that catches this, hard though, I can see why there's no code written to catch this failure 12:14:21
@eyjhb:eyjhb.dkeyJhbWondering, is there any option for copying over the keyFile to the remote host? E.g. using ssh :)12:58:56
@eyjhb:eyjhb.dkeyJhb
In reply to @matthewcroughan:defenestrate.it
this is equivalent to a typo, it should be possible to express a type in lib that catches this, hard though, I can see why there's no code written to catch this failure
Yeah, that's fair 		12:59:08
@matthewcroughan:defenestrate.itmatthewcroughan
In reply to @eyjhb:eyjhb.dk
Wondering, is there any option for copying over the keyFile to the remote host? E.g. using ssh :)
Why do that when you could bake the secret into the image 		13:59:18
@matthewcroughan:defenestrate.itmatthewcroughan
In reply to @eyjhb:eyjhb.dk
Wondering, is there any option for copying over the keyFile to the remote host? E.g. using ssh :)
* Why do that when you could bake the secret into the disk image 		13:59:29
@matthewcroughan:defenestrate.itmatthewcroughanif you're referring to nixos-anywhere, I wonder if they have a postDeploy/preDeploy hook that could be used for this, would be a good idea if not yet implemented13:59:54
@eyjhb:eyjhb.dkeyJhb
In reply to @matthewcroughan:defenestrate.it
Why do that when you could bake the secret into the disk image
Bake into the disk image? I might be misunderstanding that 		14:22:31
@eyjhb:eyjhb.dkeyJhb
In reply to @matthewcroughan:defenestrate.it
if you're referring to nixos-anywhere, I wonder if they have a postDeploy/preDeploy hook that could be used for this, would be a good idea if not yet implemented
True, I need to look into if nixos-anywhere has that option :) Not disko thing yeah :) 		14:23:08
@matthewcroughan:defenestrate.itmatthewcroughanNot 100% sure if it's in disko yet, but I remember some feature I was shown where you can put data into a disk image, without it being in the Nix store.14:23:08
@matthewcroughan:defenestrate.itmatthewcroughanI have an implementation of this which is really simple, and almost equivalent, which just uses a VM to add secrets to an existing disk image by using loopbacks14:24:02
@matthewcroughan:defenestrate.itmatthewcroughan 
    packages.x86_64-linux.secretImage =
    let
      secretAdderVm = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        modules = [
          ({ config, ... }:
          let
            stateDir = config.services.tor.settings.DataDirectory;
          in
          {
            imports = [
              "${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix"
              ./tor-config.nix
            ];
            virtualisation.graphics = false;
            services.getty.autologinUser = "root";
            programs.bash.interactiveShellInit = ''
              if [ "$(tty)" = "/dev/ttyS0" ]; then
                mkdir /mnt
                unzstd ${self.images.pi}/sd-image/*.zst --output-dir-flat /tmp/shared
                chmod 700 /tmp/shared/*.img
                losetup -P /dev/loop0 /tmp/shared/*.img
                mount /dev/loop0p2 /mnt

                mkdir -p /mnt/${stateDir}
                cp -r ${stateDir}/onion /mnt/${stateDir}/onion
                chown -R ${toString config.ids.uids.tor}:${toString config.ids.gids.tor} /mnt/${stateDir}
                chmod -R 700 /mnt/${stateDir}
                umount /mnt
                losetup -d /dev/loop0

                for i in ${stateDir}/onion/*; do echo -e "\nOnion Service: $(basename $i) -> $(cat $i/hostname)" >> /tmp/shared/services; done
                shutdown now
              fi
            '';
          })
        ];
      };
    in
    nixpkgs.legacyPackages.x86_64-linux.writeScriptBin "addSecrets"
    ''
      rm nixos.qcow2
      export SHARED_DIR=$(mktemp -d)
      ${secretAdderVm.config.system.build.vm}/bin/run-nixos-vm
      cat $SHARED_DIR/services
      mv $SHARED_DIR/*.img .
    '';
14:24:04

Show newer messages

Back to Room ListRoom Version: 10