Encrypted root VM testing

2025-06-10 21:43:11 -05:00 · 2025-06-10 21:43:11 -05:00 · 4ebb7a41ff
parent 4befc47285
commit 4ebb7a41ff
6 changed files with 49 additions and 9 deletions
--- a/features/initrd-ssh.nix
+++ b/features/initrd-ssh.nix
@ -1,6 +1,10 @@
 # ssh-keygen -t ed25519 -N "" -f ./ssh_host_ed25519_key

 { ... }: {
+  imports = [
+    ./systemd-boot.nix
+  ];
+
  boot.initrd = {
    systemd = {
      enable = true;
--- a/features/virtualization/libvirt-guest-uefi.nix
+++ b/features/virtualization/libvirt-guest-uefi.nix
@ -3,4 +3,6 @@
    kernelModules = [ "virtio_net" "e1000" ];
    availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
  };
+
+  boot.zfs.devNodes = "/dev/disk/by-partuuid";
 }
--- a/flake.nix
+++ b/flake.nix
@ -171,6 +171,17 @@
          ./systems/vm-docker-luks.nix
        ] ++ inherited_modules;
      };
+
+      vm-docker-zfs-test = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          {
+            networking.hostName = "vm-docker-zfs-test";
+            networking.hostId = "459ecfce";
+          }
+          ./systems/vm-docker-host/vm-docker-host-zfs.nix
+        ] ++ inherited_modules;
+      };
    };

    packages.aarch64-linux = {
--- a/systems/vm-docker-host/vm-docker-host-base.nix
+++ b/systems/vm-docker-host/vm-docker-host-base.nix
@ -1,18 +1,18 @@
 { ... }: {
  imports = [
    # Core Features
-    ../features/base.nix
-    ../features/tui-apps.nix
-    ../features/openssh-server.nix
+    ../../features/base.nix
+    ../../features/tui-apps.nix
+    ../../features/openssh-server.nix

    # Core Tweaks
-    ../tweaks/zram.nix
-    ../tweaks/enable_flakes.nix
-    ../tweaks/disable_nixos_user.nix
-    ../tweaks/systemd-resolved_nonsense.nix
+    ../../tweaks/zram.nix
+    ../../tweaks/enable_flakes.nix
+    ../../tweaks/disable_nixos_user.nix
+    ../../tweaks/systemd-resolved_nonsense.nix

    # Lauren Base
-    ../users/lauren_lagarde/lauren_lagarde.nix
+    ../../users/lauren_lagarde/lauren_lagarde.nix

    # Dotspace
    ../../secrets/dotspace.nix
--- a/systems/vm-docker-host/vm-docker-host-luks.nix
+++ b/systems/vm-docker-host/vm-docker-host-luks.nix
@ -6,7 +6,11 @@
    ./vm-docker-host-base.nix

    # UEFI SSH LUKS
-    ../../features/initrd_ssh.nix
+    ../../features/initrd-ssh.nix
    ../../features/libvirt-uefi-guest.nix
+
+    ../../disko/libvirt/uefi-base.nix
+    ../../disko/libvirt/luks-lvm.nix
+    ../../disko/libvirt/lvm-ext4.nix
  ];
 }
--- a/systems/vm-docker-host/vm-docker-host-zfs.nix
+++ b/systems/vm-docker-host/vm-docker-host-zfs.nix
@ -0,0 +1,19 @@
+# git add *; tar -cavf /Parlor/Lauren/mlaga97-nixos.tar.zst ../mlaga97-nixos
+# tar -xvf /Parlor/Lauren/mlaga97-nixos.tar.zst; sudo nix run 'github:nix-community/disko/latest#disko-install' -- --extra-files ./ssh_host_ed25519_key /root/secrets/initrd/ssh_host_ed25519_key --flake mlaga97-nixos#$TARGET_HOSTNAME --disk vda /dev/vda
+# tar -xvf /Parlor/Lauren/mlaga97-nixos.tar.zst; sudo nixos-rebuild switch --flake mlaga97-nixos?submodules=1#$HOSTNAME
+{ ... }: {
+  imports = [
+    ./vm-docker-host-base.nix
+
+    # UEFI SSH ZFS
+    ../../tweaks/zfs.nix
+    ../../features/initrd-ssh.nix
+    ../../features/virtualization/libvirt-guest-uefi.nix
+
+    ../../disko/libvirt/uefi-zfs-base.nix
+    ../../disko/libvirt/zfs-mirror.nix
+    ../../disko/libvirt/zfs-encrypted.nix
+  ];
+
+  boot.supportedFilesystems = [ "zfs" ];
+}