nixos/stratis: enable booting from stratis volume

2 files changed, 70 insertions, 0 deletions

diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md
index ec213e5f2f74..44d82a950294 100644
--- a/nixos/doc/manual/release-notes/rl-2305.section.md
+++ b/nixos/doc/manual/release-notes/rl-2305.section.md
@@ -476,6 +476,8 @@ In addition to numerous new and upgraded packages, this release has the followin
 
 - `boot.initrd.luks.device.<name>` has a new `tryEmptyPassphrase` option, this is useful for OEM's who need to install an encrypted disk with a future settable passphrase
 
+- there is a new `boot/stratisroot.nix` module that enables booting from a volume managed by the Stratis storage management daemon. Use `boot.stratis.rootPoolUuid` to configure the pool containing the root volume
+
 - Lisp gained a [manual section](https://nixos.org/manual/nixpkgs/stable/#lisp), documenting a new and backwards incompatible interface. The previous interface will be removed in a future release.
 
 - The `bind` module now allows the per-zone `allow-query` setting to be configured (previously it was hard-coded to `any`; it still defaults to `any` to retain compatibility).
diff --git a/nixos/modules/system/boot/stratisroot.nix b/nixos/modules/system/boot/stratisroot.nix
new file mode 100644
index 000000000000..b4e2dbde6d4c
--- /dev/null
+++ b/nixos/modules/system/boot/stratisroot.nix
@@ -0,0 +1,68 @@
+{ config, lib, pkgs, ... }:
+let
+  types = lib.types;
+in
+{
+  options.boot.stratis = {
+    rootPoolUuid = lib.mkOption {
+      type = types.uniq types.str;
+      description = lib.mdoc ''
+        UUID of the stratis pool that the root fs is located in
+      '';
+      example = "04c68063-90a5-4235-b9dd-6180098a20d9";
+    };
+  };
+  config = {
+    assertions = [
+      {
+        assertion = config.boot.initrd.systemd.enable;
+        message = "stratis root fs requires systemd initrd";
+      }
+    ];
+    boot.initrd = {
+      systemd = {
+        storePaths = [
+          "${pkgs.stratisd}/lib/udev/stratis-base32-decode"
+          "${pkgs.stratisd}/lib/udev/stratis-str-cmp"
+          "${pkgs.lvm2.bin}/bin/dmsetup"
+          "${pkgs.stratisd}/libexec/stratisd-min"
+          "${pkgs.stratisd.initrd}/bin/stratis-rootfs-setup"
+        ];
+        packages = [pkgs.stratisd.initrd];
+        extraBin = {
+          thin_check = "${pkgs."thin-provisioning-tools"}/bin/thin_check";
+          thin_repair = "${pkgs."thin-provisioning-tools"}/bin/thin_repair";
+          thin_metadata_size = "${pkgs."thin-provisioning-tools"}/bin/thin_metadata_size";
+          stratis-min = "${pkgs.stratisd}/bin/stratis-min";
+        };
+        services = {
+          stratis-setup = {
+            description = "setup for Stratis root filesystem";
+            unitConfig.DefaultDependencies = "no";
+            conflicts = [ "shutdown.target" ];
+            onFailure = [ "emergency.target" ];
+            unitConfig.OnFailureJobMode = "isolate";
+            wants = [ "stratisd-min.service" "plymouth-start.service" "stratis-clevis-setup.service" ];
+            wantedBy = [ "initrd.target" ];
+            after = [ "paths.target" "plymouth-start.service" "stratisd-min.service" ];
+            before = [ "initrd.target" ];
+            environment.STRATIS_ROOTFS_UUID = config.boot.stratis.rootPoolUuid;
+            serviceConfig = {
+              Type = "oneshot";
+              ExecStart = "${pkgs.stratisd.initrd}/bin/stratis-rootfs-setup";
+              RemainAfterExit = "yes";
+            };
+          };
+        };
+      };
+      availableKernelModules = [ "dm-thin-pool" "dm-crypt" ] ++ [ "aes" "aes_generic" "blowfish" "twofish"
+        "serpent" "cbc" "xts" "lrw" "sha1" "sha256" "sha512"
+        "af_alg" "algif_skcipher"
+      ];
+      services.udev.packages = [
+        pkgs.stratisd.initrd
+        pkgs.lvm2
+      ];
+    };
+  };
+}