2025-01-13 11:52:09 +08:00
|
|
|
{
|
|
|
|
|
pkgs,
|
|
|
|
|
lib,
|
|
|
|
|
config,
|
|
|
|
|
...
|
|
|
|
|
}:
|
|
|
|
|
with lib;
|
|
|
|
|
let
|
2024-02-10 00:16:09 +08:00
|
|
|
cfg = config.global.fs.zfs.split;
|
2025-01-13 11:52:09 +08:00
|
|
|
in
|
|
|
|
|
mkIf cfg.enable {
|
2024-02-10 00:16:09 +08:00
|
|
|
# unconditionally enable fstrim for xfs and ext4
|
|
|
|
|
services.fstrim.enable = mkDefault true;
|
|
|
|
|
|
|
|
|
|
# enable swraid for split raid1 system array
|
|
|
|
|
boot.swraid.enable = mkDefault true;
|
|
|
|
|
boot.swraid.mdadmConf = mkDefault ''
|
|
|
|
|
PROGRAM ${cfg.mdProg}
|
|
|
|
|
'';
|
|
|
|
|
|
2024-02-10 00:20:43 +08:00
|
|
|
# secret filesystem backed by swraid
|
2025-01-13 11:52:09 +08:00
|
|
|
fileSystems."/nix/var/secret" = {
|
|
|
|
|
device = "/dev/disk/by-uuid/${cfg.secret}";
|
2024-02-10 00:16:09 +08:00
|
|
|
fsType = "ext4";
|
|
|
|
|
options = [ "noatime" ];
|
|
|
|
|
neededForBoot = true;
|
|
|
|
|
depends = [ "/nix/var" ];
|
|
|
|
|
};
|
|
|
|
|
|
2024-02-10 00:20:43 +08:00
|
|
|
# external store backed by swraid
|
|
|
|
|
global.fs = {
|
|
|
|
|
zfs.externalStore = mkDefault true;
|
|
|
|
|
external.device = "/dev/disk/by-uuid/${cfg.store}";
|
|
|
|
|
external.fsType = "xfs";
|
|
|
|
|
external.options = [ "noatime" ];
|
|
|
|
|
};
|
|
|
|
|
|
2024-02-10 00:16:09 +08:00
|
|
|
# import system state pool after encrypted filesystems become available for key loading
|
2025-01-13 11:52:09 +08:00
|
|
|
boot.initrd.systemd.services."zfs-import-${config.global.fs.store}".after = [
|
|
|
|
|
"sysroot-nix-var-secret.mount"
|
|
|
|
|
"cryptsetup.target"
|
|
|
|
|
];
|
2024-02-10 00:16:09 +08:00
|
|
|
}
|
