move kernel config to it's own file

rollback zpools on shutdown instead of startup
2025-12-09 16:33:57 -05:00 · 2025-01-29 21:34:53 -05:00 · 2025-01-29 21:34:53 -05:00 · bfdc54cd54
commit bfdc54cd54
parent e932262310
4 changed files with 100 additions and 91 deletions
--- a/nixosConfigurations/gerg-desktop/boot.nix
+++ b/nixosConfigurations/gerg-desktop/boot.nix
@ -9,7 +9,6 @@ let
    title  Windows
    efi     /shellx64.efi
    options -nointerrupt -noconsolein -noconsoleout HD2d65535a1:EFI\Microsoft\Boot\Bootmgfw.efi
-
  '';
 in
 {
@ -28,39 +27,6 @@ in
  ];

  boot = {
-    initrd = {
-      kernelModules = [ "igc" ];
-      network = {
-        enable = true;
-        ssh = {
-          enable = true;
-          port = 22;
-          hostKeys = [ "/persist/initrd-keys/ssh_host_ed5519_key" ];
-          authorizedKeys = [ config.local.keys.gerg_gerg-phone ];
-        };
-      };
-      systemd = {
-        # For linuxManualConfig to work:
-        strip = lib.mkForce false;
-        network = {
-          enable = true;
-          networks.enp11s0 = {
-            name = "enp11s0";
-            address = [ "192.168.1.4/24" ];
-            gateway = [ "192.168.1.1" ];
-            dns = [ "192.168.1.1" ];
-            DHCP = "no";
-            linkConfig = {
-              MACAddress = "D8:5E:D3:E5:47:90";
-              RequiredForOnline = "routable";
-            };
-          };
-          wait-online.enable = false;
-        };
-        users.root.shell = "/bin/systemd-tty-ask-password-agent";
-      };
-    };
-
    lanzaboote = {
      enable = true;
      pkiBundle = "/var/lib/sbctl";
@ -97,36 +63,5 @@ in
      timeout = lib.mkForce 5;
      efi.efiSysMountPoint = "/efi22";
    };
-    kernelPackages = pkgs.linuxPackagesFor (
-      let
-        version = "6.12.11";
-        src = pkgs.fetchurl {
-          url = "mirror://kernel/linux/kernel/v${builtins.head (lib.splitVersion version)}.x/linux-${version}.tar.xz";
-          hash = "sha256-R1Fy/b2HoVPxI6V5Umcudzvbba9bWKQX0aXkGfz+7Ek=";
-        };
-      in
-      (pkgs.linuxManualConfig {
-        inherit src;
-        inherit (config.boot) kernelPatches;
-        version = "${version}-gerg";
-        config = {
-          CONFIG_RUST = "y";
-          CONFIG_MODULES = "y";
-        };
-        configfile = ./kernelConfig;
-      }).overrideAttrs
-        (old: {
-          passthru = old.passthru or { } // {
-            features = lib.foldr (x: y: x.features or { } // y) {
-              efiBootStub = true;
-              netfilterRPFilter = true;
-              ia32Emulation = true;
-            } config.boot.kernelPatches;
-          };
-          meta = old.meta or { } // {
-            broken = false;
-          };
-        })
-    );
  };
 }
--- a/nixosConfigurations/gerg-desktop/kernel.nix
+++ b/nixosConfigurations/gerg-desktop/kernel.nix
@ -0,0 +1,44 @@
+{
+  lib,
+  pkgs,
+  config,
+}:
+{
+
+  boot = {
+    # For linuxManualConfig to work: https://github.com/NixOS/nixpkgs/issues/368249
+    initrd.systemd.strip = false;
+
+    kernelPackages = pkgs.linuxPackagesFor (
+      let
+        version = "6.12.11";
+        src = pkgs.fetchurl {
+          url = "mirror://kernel/linux/kernel/v${builtins.head (lib.splitVersion version)}.x/linux-${version}.tar.xz";
+          hash = "sha256-R1Fy/b2HoVPxI6V5Umcudzvbba9bWKQX0aXkGfz+7Ek=";
+        };
+      in
+      (pkgs.linuxManualConfig {
+        inherit src;
+        inherit (config.boot) kernelPatches;
+        version = "${version}-gerg";
+        config = {
+          CONFIG_RUST = "y";
+          CONFIG_MODULES = "y";
+        };
+        configfile = ./kernelConfig;
+      }).overrideAttrs
+        (old: {
+          passthru = old.passthru or { } // {
+            features = lib.foldr (x: y: x.features or { } // y) {
+              efiBootStub = true;
+              netfilterRPFilter = true;
+              ia32Emulation = true;
+            } config.boot.kernelPatches;
+          };
+          meta = old.meta or { } // {
+            broken = false;
+          };
+        })
+    );
+  };
+}
--- a/nixosConfigurations/gerg-desktop/main.nix
+++ b/nixosConfigurations/gerg-desktop/main.nix
@ -58,7 +58,21 @@
      nixpkgs-review = pkgs.nixpkgs-review.override { nix = config.nix.package; };
    };
  };
-  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+  boot = {
+    binfmt.emulatedSystems = [ "aarch64-linux" ];
+
+    supportedFilesystems.ntfs = true;
+    initrd = {
+      availableKernelModules = [
+        "nvme"
+        "xhci_pci"
+        "ahci"
+        "usbhid"
+        "sd_mod"
+      ];
+      includeDefaultModules = false;
+    };
+  };

  hardware.nvidia = {
    package = config.boot.kernelPackages.nvidiaPackages.beta;
@ -213,16 +227,6 @@
      root.hashedPassword = "!";
    };
  };
-  boot.initrd = {
-    availableKernelModules = [
-      "nvme"
-      "xhci_pci"
-      "ahci"
-      "usbhid"
-      "sd_mod"
-    ];
-    includeDefaultModules = false;
-  };

  system.stateVersion = "24.11";
  networking.hostName = "gerg-desktop";
--- a/nixosConfigurations/gerg-desktop/zfs.nix
+++ b/nixosConfigurations/gerg-desktop/zfs.nix
@ -1,6 +1,7 @@
 {
  config,
  lib,
+  pkgs,
 }:
 {
  #link some stuff
@ -18,9 +19,8 @@
  #make sure the sopskey is found
  sops.age.sshKeyPaths = lib.mkForce [ "/persist/ssh/ssh_host_ed25519_key" ];
  fileSystems."/persist".neededForBoot = true;
-  boot = {
-    supportedFilesystems.ntfs = true;

+  boot = {
    zfs = {
      devNodes = "/dev/disk/by-id/";
      forceImportAll = true;
@ -35,23 +35,49 @@
        "dm_mod"
        #keyboard module for zfs password
        "hid_generic"
+        #stage one internet
+        "igc"
      ];

-      systemd.services.rollback = {
-        serviceConfig = {
-          Type = "oneshot";
-          RemainAfterExit = true;
+      network = {
+        enable = true;
+        ssh = {
+          enable = true;
+          port = 22;
+          hostKeys = [ "/persist/initrd-keys/ssh_host_ed5519_key" ];
+          authorizedKeys = [ config.local.keys.gerg_gerg-phone ];
        };
-        unitConfig.DefaultDependencies = "no";
-        wantedBy = [ "initrd.target" ];
-        after = [ "zfs-import.target" ];
-        before = [ "sysroot.mount" ];
-        path = [ config.boot.zfs.package ];
-        script = ''
+      };
+      systemd = {
+        network = {
+          enable = true;
+          networks.enp11s0 = {
+            name = "enp11s0";
+            address = [ "192.168.1.4/24" ];
+            gateway = [ "192.168.1.1" ];
+            dns = [ "192.168.1.1" ];
+            DHCP = "no";
+            linkConfig = {
+              MACAddress = "D8:5E:D3:E5:47:90";
+              RequiredForOnline = "routable";
+            };
+          };
+          wait-online.enable = false;
+        };
+        users.root.shell = "/bin/systemd-tty-ask-password-agent";
+      };
+    };
+  };
+
+  systemd.shutdownRamfs = {
+    enable = true;
+    contents."/etc/systemd/system-shutdown/zfs-rollback".source =
+      pkgs.writeShellScript "zfs-rollback" ''
+        zfs='${lib.getExe config.boot.zfs.package}'
        zfs rollback -r rpool/root@empty
        zfs rollback -r rpool/var@empty
      '';
+    storePaths = [ (lib.getExe config.boot.zfs.package) ];
  };
-    };
-  };
+
 }