nix-config/hosts/patricknix/fs.nix

{
  config,
  lib,
  pkgs,
  ...
}:
{

  disko.devices = {
    disk = {
      m2-ssd = rec {
        type = "disk";
        device = "/dev/disk/by-id/${config.secrets.secrets.local.disko.m2-ssd}";
        content = with lib.disko.gpt; {
          type = "gpt";
          partitions = {
            boot = (partEfi "1GiB") // {
              device = "${device}-part1";
            };
            swap = (partSwap "16GiB") // {
              device = "${device}-part2";
            };
            rpool = (partLuksZfs "rpool" "rpool" "100%") // {
              device = "${device}-part3";
            };
          };
        };
      };
    };
    zpool = with lib.disko.zfs; {
      rpool = mkZpool { datasets = impermanenceZfsDatasets; };
    };
  };
  fileSystems."/state".neededForBoot = true;
  fileSystems."/persist".neededForBoot = true;

  boot.initrd.systemd.extraBin = {
    jq = lib.getExe pkgs.jq;
  };
  # In ermergency shell type:
  # ´systemctl disable check-pcrs´
  # ´systemctl default´
  # to continue booting
  boot.initrd.systemd.services.check-pcrs = {
    script = ''
      echo "Checking PCRS tag: ctiectie"
      if [[ $(systemd-analyze pcrs 15 --json=short | jq -r ".[0].sha256") != "a8cfdc8ec869f9edf4635129ba6bb19a076a5d234655cf4684286dc57e325a38" ]] ; then
        echo "PCR 15 contains invalid hash"
        exit 1
      else
        echo "PCR 15 checked"
      fi
    '';
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
    };
    unitConfig.DefaultDependencies = "no";
    after = [ "cryptsetup.target" ];
    before = [ "sysroot.mount" ];
    requiredBy = [ "sysroot.mount" ];
  };
}
-												chore: improve iso

											
										
										
											2023-08-30 20:18:26 +02:00
+								{
-												feat: measure pcr 15

											
										
										
											2025-01-14 22:20:08 +01:00
+								  config,
 								  lib,
 								  pkgs,
 								  ...
 								}:
 								{
-												chore: improve iso

											
										
										
											2023-08-30 20:18:26 +02:00
+								  disko.devices = {
 								    disk = {
-												chore: flake update and fix messages

											
										
										
											2024-03-02 16:09:11 +01:00
+								      m2-ssd = rec {
-												chore: improve iso

											
										
										
											2023-08-30 20:18:26 +02:00
+								        type = "disk";
 								        device = "/dev/disk/by-id/${config.secrets.secrets.local.disko.m2-ssd}";
 								        content = with lib.disko.gpt; {
-												chore: flake update and fix messages

											
										
										
											2024-03-02 16:09:11 +01:00
+								          type = "gpt";
 								          partitions = {
-												reformat

											
										
										
											2024-07-26 22:12:48 +02:00
+								            boot = (partEfi "1GiB") // {
 								              device = "${device}-part1";
 								            };
 								            swap = (partSwap "16GiB") // {
 								              device = "${device}-part2";
 								            };
 								            rpool = (partLuksZfs "rpool" "rpool" "100%") // {
 								              device = "${device}-part3";
 								            };
-												chore: flake update and fix messages

											
										
										
											2024-03-02 16:09:11 +01:00
+								          };
-												chore: improve iso

											
										
										
											2023-08-30 20:18:26 +02:00
+								        };
 								      };
 								    };
 								    zpool = with lib.disko.zfs; {
-												reformat

											
										
										
											2024-07-26 22:12:48 +02:00
+								      rpool = mkZpool { datasets = impermanenceZfsDatasets; };
-												feat: impermanence

											
										
										
											2023-05-26 17:30:37 +02:00
+								    };
 								  };
-												feat: wired notify

											
										
										
											2023-10-15 22:09:08 +02:00
+								  fileSystems."/state".neededForBoot = true;
-												WIP: Samba servers config

											
										
										
											2023-11-03 22:59:13 +01:00
+								  fileSystems."/persist".neededForBoot = true;
-												feat: measure pcr 15

											
										
										
											2025-01-14 22:20:08 +01:00
 								  boot.initrd.systemd.extraBin = {
 								    jq = lib.getExe pkgs.jq;
 								  };
 								  # In ermergency shell type:
 								  # ´systemctl disable check-pcrs´
 								  # ´systemctl default´
 								  # to continue booting
 								  boot.initrd.systemd.services.check-pcrs = {
 								    script = ''
 								      echo "Checking PCRS tag: ctiectie"
 								      if [[ $(systemd-analyze pcrs 15 --json=short | jq -r ".[0].sha256") != "a8cfdc8ec869f9edf4635129ba6bb19a076a5d234655cf4684286dc57e325a38" ]] ; then
 								        echo "PCR 15 contains invalid hash"
 								        exit 1
 								      else
 								        echo "PCR 15 checked"
 								      fi
 								    '';
 								    serviceConfig = {
 								      Type = "oneshot";
 								      RemainAfterExit = true;
 								    };
 								    unitConfig.DefaultDependencies = "no";
 								    after = [ "cryptsetup.target" ];
 								    before = [ "sysroot.mount" ];
 								    requiredBy = [ "sysroot.mount" ];
 								  };
-												feat: reworked directory structure of host

											
										
										
											2023-05-18 06:57:58 +02:00
+								}