diff options
author | Matthias Berndt <matthias_berndt@gmx.de> | 2023-05-04 00:44:36 +0200 |
---|---|---|
committer | Matthias Berndt <matthias_berndt@gmx.de> | 2023-05-07 18:48:28 +0200 |
commit | 1632e73b19cd25ac3bc0c27f07e932728c3e893c (patch) | |
tree | cfe92aaf9c2da3c2c778be6a7a19535ce49b7c98 /nixos | |
parent | 2eed1de920645e2a5a22c0c668fcf37efdf7e365 (diff) | |
download | nixlib-1632e73b19cd25ac3bc0c27f07e932728c3e893c.tar nixlib-1632e73b19cd25ac3bc0c27f07e932728c3e893c.tar.gz nixlib-1632e73b19cd25ac3bc0c27f07e932728c3e893c.tar.bz2 nixlib-1632e73b19cd25ac3bc0c27f07e932728c3e893c.tar.lz nixlib-1632e73b19cd25ac3bc0c27f07e932728c3e893c.tar.xz nixlib-1632e73b19cd25ac3bc0c27f07e932728c3e893c.tar.zst nixlib-1632e73b19cd25ac3bc0c27f07e932728c3e893c.zip |
nixos/stratis: enable booting from stratis volume
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2305.section.md | 2 | ||||
-rw-r--r-- | nixos/modules/system/boot/stratisroot.nix | 68 |
2 files changed, 70 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index ec213e5f2f74..44d82a950294 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -476,6 +476,8 @@ In addition to numerous new and upgraded packages, this release has the followin - `boot.initrd.luks.device.<name>` has a new `tryEmptyPassphrase` option, this is useful for OEM's who need to install an encrypted disk with a future settable passphrase +- there is a new `boot/stratisroot.nix` module that enables booting from a volume managed by the Stratis storage management daemon. Use `boot.stratis.rootPoolUuid` to configure the pool containing the root volume + - Lisp gained a [manual section](https://nixos.org/manual/nixpkgs/stable/#lisp), documenting a new and backwards incompatible interface. The previous interface will be removed in a future release. - The `bind` module now allows the per-zone `allow-query` setting to be configured (previously it was hard-coded to `any`; it still defaults to `any` to retain compatibility). diff --git a/nixos/modules/system/boot/stratisroot.nix b/nixos/modules/system/boot/stratisroot.nix new file mode 100644 index 000000000000..b4e2dbde6d4c --- /dev/null +++ b/nixos/modules/system/boot/stratisroot.nix @@ -0,0 +1,68 @@ +{ config, lib, pkgs, ... }: +let + types = lib.types; +in +{ + options.boot.stratis = { + rootPoolUuid = lib.mkOption { + type = types.uniq types.str; + description = lib.mdoc '' + UUID of the stratis pool that the root fs is located in + ''; + example = "04c68063-90a5-4235-b9dd-6180098a20d9"; + }; + }; + config = { + assertions = [ + { + assertion = config.boot.initrd.systemd.enable; + message = "stratis root fs requires systemd initrd"; + } + ]; + boot.initrd = { + systemd = { + storePaths = [ + "${pkgs.stratisd}/lib/udev/stratis-base32-decode" + "${pkgs.stratisd}/lib/udev/stratis-str-cmp" + "${pkgs.lvm2.bin}/bin/dmsetup" + "${pkgs.stratisd}/libexec/stratisd-min" + "${pkgs.stratisd.initrd}/bin/stratis-rootfs-setup" + ]; + packages = [pkgs.stratisd.initrd]; + extraBin = { + thin_check = "${pkgs."thin-provisioning-tools"}/bin/thin_check"; + thin_repair = "${pkgs."thin-provisioning-tools"}/bin/thin_repair"; + thin_metadata_size = "${pkgs."thin-provisioning-tools"}/bin/thin_metadata_size"; + stratis-min = "${pkgs.stratisd}/bin/stratis-min"; + }; + services = { + stratis-setup = { + description = "setup for Stratis root filesystem"; + unitConfig.DefaultDependencies = "no"; + conflicts = [ "shutdown.target" ]; + onFailure = [ "emergency.target" ]; + unitConfig.OnFailureJobMode = "isolate"; + wants = [ "stratisd-min.service" "plymouth-start.service" "stratis-clevis-setup.service" ]; + wantedBy = [ "initrd.target" ]; + after = [ "paths.target" "plymouth-start.service" "stratisd-min.service" ]; + before = [ "initrd.target" ]; + environment.STRATIS_ROOTFS_UUID = config.boot.stratis.rootPoolUuid; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.stratisd.initrd}/bin/stratis-rootfs-setup"; + RemainAfterExit = "yes"; + }; + }; + }; + }; + availableKernelModules = [ "dm-thin-pool" "dm-crypt" ] ++ [ "aes" "aes_generic" "blowfish" "twofish" + "serpent" "cbc" "xts" "lrw" "sha1" "sha256" "sha512" + "af_alg" "algif_skcipher" + ]; + services.udev.packages = [ + pkgs.stratisd.initrd + pkgs.lvm2 + ]; + }; + }; +} |