refactor: all the drive / storage and filesystem stuff

Author: DaRacci

hosts/desktop/nixe/default.nix

@@ -120,17 +120,8 @@
   };
 
   host = {
-    drive = {
-      enable = true;
-
-      format = "btrfs";
-      name = "Nix";
-    };
-
     persistence = {
       enable = true;
-      type = "tmpfs";
-
       directories = [
         "/var/lib/decky-loader"
         "/var/lib/private/ollama"

hosts/desktop/nixe/hardware.nix

@@ -1,5 +1,8 @@
-# TODO :: Auto subvolume setup
-{ inputs, pkgs, ... }:
+{
+  inputs,
+  pkgs,
+  ...
+}:
 {
   imports = [
     inputs.nixos-hardware.nixosModules.common-cpu-amd
@@ -21,6 +24,19 @@
         productId = "0029";
       }
     ];
+
+    storage = {
+      enable = true;
+      root = {
+        label = "Nix";
+        devPath = "/dev/disk/by-id/nvme-KINGSTON_SKC3000D2048G_50026B76857EB93E";
+        ephemeral = {
+          enable = true;
+          type = "tmpfs";
+          tmpfsSize = 16;
+        };
+      };
+    };
   };
 
   boot = rec {
@@ -57,8 +73,42 @@
     };
   };
 
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-partlabel/ESP";
-    fsType = "vfat";
+  fileSystems = {
+    # "/boot" = {
+    #   device = "/dev/disk/by-partlabel/ESP";
+    #   fsType = "vfat";
+    # };
+
+    # "/nix" = {
+    #   device = "/dev/disk/by-partlabel/Nix";
+    #   fsType = "btrfs";
+    #   options = [
+    #     "subvol=@store"
+    #     "noatime"
+    #     "compress=zstd"
+    #   ];
+    #   neededForBoot = true;
+    # };
+
+    # "/persist" = {
+    #   device = "/dev/disk/by-partlabel/Nix";
+    #   fsType = "btrfs";
+    #   options = [
+    #     "subvol=@persist"
+    #     "compress=zstd"
+    #   ];
+    #   neededForBoot = true;
+    # };
+
+    # "/" = {
+    #   device = "none";
+    #   fsType = "tmpfs";
+    #   options = [
+    #     "defaults"
+    #     "size=16G"
+    #     "mode=755"
+    #   ];
+    #   neededForBoot = false;
+    # };
   };
 }

hosts/desktop/nixmi/default.nix

@@ -7,7 +7,6 @@
 {
   imports = [
     inputs.jovian.nixosModules.default
-    inputs.disko.nixosModules.disko
 
     ./hardware.nix
 
@@ -121,17 +120,8 @@
   };
 
   host = {
-    drive = {
-      enable = true;
-
-      format = "btrfs";
-      name = "Nix";
-    };
-
     persistence = {
       enable = true;
-      type = "tmpfs";
-
       directories = [
         "/var/lib/decky-loader"
         "/var/lib/private/ollama"

hosts/desktop/nixmi/hardware.nix

@@ -1,5 +1,4 @@
 {
-  flake,
   inputs,
   pkgs,
   ...
@@ -10,17 +9,24 @@
     inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
     inputs.nixos-hardware.nixosModules.common-pc-ssd
     inputs.nixos-hardware.nixosModules.common-hidpi
-
-    (import "${flake}/hosts/shared/disks/btrfs-luks-disk.nix" {
-      disk = "/dev/nvme0n1"; # FIXME :: Placeholder, replace with /dev/disk/by-id/...
-      withSwap = false;
-    })
   ];
 
   hardware = {
     graphics.manufacturer = "nvidia";
     backlight.enable = true;
     cooling.enable = true;
+
+    storage = {
+      enable = true;
+      root = {
+        devPath = "/dev/nvme0n1"; # FIXME :: Placeholder, replace with /dev/disk/by-id/...
+        ephemeral = {
+          enable = true;
+          type = "tmpfs";
+          tmpfsSize = 16;
+        };
+      };
+    };
   };
 
   boot = rec {

hosts/shared/disks/btrfs-disk.nix

@@ -27,6 +27,7 @@ rec {
           imports = [
             inputs.home-manager.nixosModules.default
             inputs.angrr.nixosModules.angrr
+            inputs.disko.nixosModules.disko
           ];
 
           host = {

hosts/shared/disks/btrfs-luks-disk.nix

@@ -10,6 +10,7 @@ let
 in
 {
   imports = [
+    ./storage
     ./backlight.nix
     ./biometrics.nix
     ./bluetooth.nix

hosts/shared/disks/neededForBoot.nix

@@ -0,0 +1,102 @@
+{ config, lib, ... }:
+let
+  cfg = config.hardware.storage;
+in
+{
+  imports = [
+    ./ephemeral.nix
+    ./luks.nix
+    ./maintenance.nix
+  ];
+
+  options.hardware.storage = {
+    enable = lib.mkEnableOption "storage management";
+
+    root = lib.mkOption {
+      default = { };
+      type = lib.types.submodule {
+        options = {
+          enableLuks = lib.mkEnableOption "use LUKS encryption";
+
+          label = lib.mkOption {
+            type = lib.types.str;
+            default = "root";
+            description = ''
+              The label of the root partition.
+            '';
+          };
+
+          name = lib.mkOption {
+            type = lib.types.str;
+            default = config.networking.hostName;
+            description = ''
+              The name of the root device for usage within disko.
+            '';
+          };
+
+          devPath = lib.mkOption {
+            type = lib.types.str;
+            description = ''
+              The path to the device to use as the root device.
+            '';
+          };
+
+          physicalSwap = lib.mkOption {
+            default = { };
+            type = lib.types.submodule {
+              options = {
+                enable = lib.mkEnableOption "physical swap";
+                size = lib.mkOption {
+                  type = lib.types.int;
+                  default = 2;
+                  description = ''
+                    The size of the swap partition in GiB.
+                  '';
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+
+    withImpermanence = lib.mkOption {
+      type = lib.types.bool;
+      readOnly = true;
+      default =
+        config.environment.persistence ? "/persist" && config.environment.persistence."/persist".enable;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    disko.devices = {
+      disk."${cfg.root.name}" = {
+        type = "disk";
+        device = cfg.root.devPath;
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = import ./partitions/esp.nix;
+
+            root = lib.mkIf (!cfg.root.enableLuks) {
+              size = "100%";
+              inherit (cfg.root) label;
+              content = import ./partitions/btrfs.nix { inherit config lib; };
+            };
+
+            luks = lib.mkIf cfg.root.enableLuks {
+              size = "100%";
+              inherit (cfg.root) label;
+              content = import ./partitions/luks.nix { inherit config lib; };
+            };
+          };
+        };
+      };
+    };
+
+    fileSystems = {
+      "/persist" = lib.mkIf cfg.withImpermanence { neededForBoot = true; };
+      "/nix".neededForBoot = true;
+    };
+  };
+}

lib/builders/system/mkRaw.nix

@@ -0,0 +1,88 @@
+{ config, lib, ... }:
+let
+  cfg = config.hardware.storage.root;
+in
+{
+  options.hardware.storage.root.ephemeral = {
+    enable = lib.mkEnableOption "usage of an ephemeral root that is reset on boot";
+
+    type = lib.mkOption {
+      type = lib.types.enum [
+        "btrfs"
+        "tmpfs"
+      ];
+      description = ''
+        The type of ephemeral root to use.
+      '';
+    };
+
+    tmpfsSize = lib.mkOption {
+      type = lib.types.int;
+      default = 4;
+      description = ''
+        The size of the tmpfs root in GiB.
+      '';
+    };
+
+    paritionLabel = lib.mkOption {
+      type = lib.types.str;
+      readOnly = true;
+      default =
+        let
+          inherit (config.disko.devices.disk."${config.hardware.storage.root.name}".content) partitions;
+          partition = if cfg.enableLuks then partitions.luks else partitions.root;
+        in
+        lib.stringAfter "/dev/disk/by-partlabel/" partition.label;
+    };
+  };
+
+  config = lib.mkIf cfg.ephemeral.enable {
+    disko.devices = {
+      nodev."/" = lib.mkIf (cfg.ephemeral.type == "tmpfs") (
+        import ./partitions/tmpfs.nix { size = cfg.ephemeral.tmpfsSize; }
+      );
+    };
+
+    boot.initrd =
+      let
+        phase1Systemd = config.boot.initrd.systemd.enable;
+        wipeScript = ''
+          mkdir /tmp -p
+          MNTPOINT=$(mktemp -d)
+          (
+            mount -t btrfs -o subvol=/ /dev/disk/by-partlabel/${cfg.ephemeral.paritionLabel} "$MNTPOINT"
+            trap 'umount "$MNTPOINT"' EXIT
+
+            echo "Creating needed directories"
+            mkdir -p "$MNTPOINT"/@persist/var/{log,lib/{nixos,systemd}}
+
+            echo "Cleaning root subvolume"
+            btrfs subvolume list -o "$MNTPOINT/@root" | cut -f9 -d ' ' |
+            while read -r subvolume; do
+              btrfs subvolume delete "$MNTPOINT/$subvolume"
+            done && btrfs subvolume delete "$MNTPOINT/@root"
+
+            echo "Restoring blank subvolume"
+            btrfs subvolume snapshot "$MNTPOINT/@root-blank" "$MNTPOINT/@root"
+          )
+        '';
+      in
+      lib.mkIf (cfg.ephemeral.type == "btrfs") {
+        supportedFilesystems = [ "btrfs" ];
+        postDeviceCommands = lib.mkIf (!phase1Systemd) (lib.mkBefore wipeScript);
+        systemd.services.restore-root = lib.mkIf phase1Systemd {
+          description = "Rollback btrfs rootfs";
+          wantedBy = [ "initrd.target" ];
+          requires = [ "dev-disk-by\\x2dpartlabel-${cfg.ephemeral.paritionLabel}.device" ];
+          after = [
+            "dev-disk-by\\x2dpartlabel-${cfg.ephemeral.paritionLabel}.device"
+            "systemd-cryptsetup@${cfg.ephemeral.paritionLabel}.service"
+          ];
+          before = [ "sysroot.mount" ];
+          unitConfig.DefaultDependencies = "no";
+          serviceConfig.Type = "oneshot";
+          script = wipeScript;
+        };
+      };
+  };
+}

modules/nixos/hardware/default.nix

@@ -0,0 +1,15 @@
+{ config, lib, ... }:
+let
+  cfg = config.hardware.storage;
+in
+{
+  options.hardware.storage.luks = {
+    enable = lib.mkEnableOption "usage of LUKS encrypted storage";
+  };
+
+  config = lib.mkIf cfg.luks.enable {
+    disko.devices.disk.${cfg.root.name}.content.partitions.luks = {
+
+    };
+  };
+}

modules/nixos/hardware/storage/default.nix

@@ -0,0 +1,19 @@
+{ config, lib, ... }:
+let
+  cfg = config.hardware.storage;
+in
+{
+  options.hardware.storage.maintenance = {
+    enable = lib.mkEnableOption "storage device maintenance";
+  };
+
+  config = lib.mkIf cfg.maintenance.enable {
+    services.btrfs.autoScrub = {
+      enable = true;
+      fileSystems =
+        builtins.attrNames
+          config.disko.devices.disk.${cfg.root.name}.content.partitions.root.content.subvolumes;
+      interval = "Wed *-*-* 02:00:00";
+    };
+  };
+}

modules/nixos/hardware/storage/ephemeral.nix

@@ -1,21 +1,17 @@
 {
   config,
   lib,
-
-  withSwap ? false,
-  swapSize ? 0,
-
-  withImpermanence ?
-    config.environment.persistence ? "/persist" && config.environment.persistence."/persist".enable,
-
-  ...
 }:
+let
+  cfg = config.hardware.storage;
+in
 {
   type = "btrfs";
   extraArgs = [ "-f" ]; # force overwrite
   subvolumes =
     {
-      "@root" = lib.mkIf (!withImpermanence) {
+      # Only enable if not using ephemeral root or if using snapshotted root
+      "@root" = lib.mkIf (!cfg.root.ephemeral.enable || cfg.root.ephemeral.type == "btrfs") {
         mountpoint = "/";
         mountOptions = [ "compress=zstd" ];
       };
@@ -28,12 +24,12 @@
         ];
       };
 
-      "@swap" = lib.mkIf withSwap {
+      "@swap" = lib.mkIf cfg.root.physicalSwap.enable {
         mountpoint = "/.swapvol";
-        swap.swapfile.size = swapSize;
+        swap.swapfile.size = "${cfg.root.physicalSwap.size}GiB";
       };
     }
-    // (lib.optionalAttrs withImpermanence {
+    // (lib.optionalAttrs cfg.withImpermanence {
       "@persist" = {
         mountpoint = "/persist";
         mountOptions = [ "compress=zstd" ];

modules/nixos/hardware/storage/luks.nix

@@ -1,11 +1,4 @@
 {
-  name ? "ESP",
-
-  ...
-}:
-{
-  inherit name;
-
   priority = 1;
   size = "512M";
   type = "EF00";

modules/nixos/hardware/storage/maintenance.nix

@@ -0,0 +1,23 @@
+{
+  config,
+  lib,
+}:
+{
+  type = "luks";
+  name = "encrypted-nixos";
+  passwordFile = "/tmp/disko-password"; # this is populated by bootstrap-nixos.sh
+  extraOpenArgs = [
+    "--perf-no_read_workqueue"
+    "--perf-no_write_workqueue"
+  ];
+  settings = {
+    allowDiscards = true;
+    # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36
+    crypttabExtraOpts = [
+      "fido2-device=auto"
+      "token-timeout=10"
+    ];
+  };
+
+  content = import ./btrfs.nix { inherit config lib; };
+}

hosts/shared/disks/partitions/btrfs.nix modules/nixos/hardware/storage/partitions/btrfs.nix

@@ -1,12 +1,8 @@
-{
-  size ? "2G",
-
-  ...
-}:
+{ size }:
 {
   fsType = "tmpfs";
   mountOptions = [
-    "size=${size}"
+    "size=${toString size}G"
     "defaults"
     "mode=755"
   ];

hosts/shared/disks/partitions/esp.nix modules/nixos/hardware/storage/partitions/esp.nix

@@ -6,7 +6,6 @@ in
 {
   imports = [
     ./device.nix
-    ./drive.nix
     ./persistence.nix
   ];
 

modules/nixos/hardware/storage/partitions/luks.nix

@@ -8,7 +8,6 @@ with lib;
 with types;
 let
   cfg = config.host.persistence;
-  inherit (config.host) drive;
 
   defaultPerms = {
     mode = "0755";
@@ -160,19 +159,12 @@ in
     root = mkOption {
       type = str;
       default = "/persist";
+      readOnly = true;
       description = ''
         The root directory for the host's persistent state.
       '';
     };
 
-    type = mkOption {
-      type = enum [
-        "tmpfs"
-        "snapshot"
-      ];
-      default = "tmpfs";
-    };
-
     files = mkOption {
       type = listOf (coercedTo str (f: { file = f; }) rootFile);
       default = [ ];
@@ -250,84 +242,6 @@ in
       ];
     };
 
-    fileSystems = {
-      "/persist" = {
-        device = "/dev/disk/by-partlabel/${drive.name}";
-        fsType = drive.format;
-        options = [
-          "subvol=@persist"
-          "compress=zstd"
-        ];
-        neededForBoot = true;
-      };
-
-      "/" = {
-        device = if cfg.type == "tmpfs" then "none" else "/dev/disk/by-partlabel/${drive.name}";
-        fsType = if cfg.type == "tmpfs" then "tmpfs" else drive.format;
-        options =
-          if cfg.type == "tmpfs" then
-            [
-              "defaults"
-              "size=16G"
-              "mode=755"
-            ]
-          else
-            [
-              "subvol=@root"
-              "compress=zstd"
-            ];
-        neededForBoot = if cfg.type == "tmpfs" then false else true;
-      };
-    };
-
-    boot.initrd =
-      let
-        phase1Systemd = config.boot.initrd.systemd.enable;
-        wipeScript = ''
-          mkdir /tmp -p
-          MNTPOINT=$(mktemp -d)
-          (
-            mount -t btrfs -o subvol=/ /dev/disk/by-partlabel/${drive.name} "$MNTPOINT"
-            trap 'umount "$MNTPOINT"' EXIT
-
-            echo "Creating needed directories"
-            mkdir -p "$MNTPOINT"/@persist/var/{log,lib/{nixos,systemd}}
-
-            echo "Cleaning root subvolume"
-            btrfs subvolume list -o "$MNTPOINT/@root" | cut -f9 -d ' ' |
-            while read -r subvolume; do
-              btrfs subvolume delete "$MNTPOINT/$subvolume"
-            done && btrfs subvolume delete "$MNTPOINT/@root"
-
-            echo "Restoring blank subvolume"
-            btrfs subvolume snapshot "$MNTPOINT/@root-blank" "$MNTPOINT/@root"
-          )
-        '';
-      in
-      mkIf (drive.format == "btrfs" && cfg.type == "snapshot") {
-        supportedFilesystems = [ "btrfs" ];
-        postDeviceCommands = lib.mkIf (!phase1Systemd) (mkBefore wipeScript);
-        systemd.services.restore-root = mkIf phase1Systemd {
-          description = "Rollback btrfs rootfs";
-          wantedBy = [ "initrd.target" ];
-          requires = [ "dev-disk-by\\x2dpartlabel-${drive.name}.device" ];
-          after = [
-            "dev-disk-by\\x2dpartlabel-${drive.name}.device"
-            "systemd-cryptsetup@${drive.name}.service"
-          ];
-          before = [ "sysroot.mount" ];
-          unitConfig.DefaultDependencies = "no";
-          serviceConfig.Type = "oneshot";
-          script = wipeScript;
-        };
-      };
-
-    services.btrfs.autoScrub = mkIf (drive.format == "btrfs") {
-      enable = mkDefault false;
-      fileSystems = [ "/persist" ];
-      interval = "Wed *-*-* 02:00:00";
-    };
-
     # services.snapper.configs = mkIf (drive.format == "btrfs") (builtins.foldl' recursiveUpdate { }
     #   ([{
     #     persist = {