disko icon indicating copy to clipboard operation
disko copied to clipboard

Published 20 hours ago verified publisher icon nix-community

Add bcachefs type with support for encryption

Open onny opened this issue 2 years ago • 7 comments

Fixes https://github.com/nix-community/disko/issues/240

Example usage

{ disks ? [ "/dev/vdb" ], ... }: {
  disko.devices = {
    disk = {
      vdb = {
        device = builtins.elemAt disks 0;
        type = "disk";
        content = {
          type = "table";
          format = "gpt";
          partitions = [
            {
              name = "ESP";
              start = "1MiB";
              end = "100MiB";
              bootable = true;
              content = {
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
              };
            }
            {
              name = "root";
              start = "100MiB";
              end = "100%";
              part-type = "primary";
              content = {
                type = "bcachefs";
                # if you want to use the key for interactive login be sure there is no trailing newline
                # for example use `echo -n "password" > /tmp/secret.key`
                keyFile = "/tmp/secret.key";
                mountpoint = "/";
              };
            }
          ];
        };
      };
    };
  };
}

Feel free to test or pickup this work. Guess it shouldn't be too difficult to add support for this. Would be really happy to see it supported :)

onny avatar May 20 '23 10:05 onny

If we add a type we should also think about multi device support.

Mic92 avatar Jun 16 '23 20:06 Mic92

If we add a type we should also think about multi device support.

What does this mean exactly?

@Lassulus I was able to add keyFile support. The test now correctly encrypts the bcachefs rootfs and mounts it. Now the test hangs after reboot probably because the boot process expects a password?

onny avatar Aug 12 '23 20:08 onny

https://wiki.archlinux.org/title/Bcachefs#Multiple_drives bcachefs has support for multiple devices. so we need some abstraction like for lvm or mdadm to be feature complete

Lassulus avatar Aug 13 '23 13:08 Lassulus

https://wiki.archlinux.org/title/Bcachefs#Multiple_drives bcachefs has support for multiple devices. so we need some abstraction like for lvm or mdadm to be feature complete

@Lassulus should this be done with a new top level element, e.g. a bcachefs_pool? Or just with an option to list other devices (with theirs labels?) that should be used when bcachefs create is called? Also keep in mind that bcachefs mount might expect a list of devices separated by :.

{
  disko.devices = {
    disk = {
      x = {
        type = "disk";
        device = "/dev/nvme0";
        content = {
          type = "gpt";
          content = {
            type = "bcachefs";
            label = "ssd.ssd1";
          };
        };
      };
      y = {
        type = "disk";
        device = "/dev/sda;
        content = {
          type = "bcachefs";
          label = "hdd.hdd1";
        };
      };
    };

    bcachefs_pool = {
      rpool = {
        type = "bcachefs_pool";
        mountpoint = "/";
        passwordFile = "secret.key";
        extraArgs = [
          "--metadata_target=ssd"
          "--foreground_target=ssd"
          "--background_target=hdd"
          "--promote_target=ssd"
        ];
      };
    };
  };
}

vs

{
  disko.devices = {
    disk = {
      x = {
        device = "/dev/nvme0";
        type = "disk";
        content = {
          type = "gpt";
          partitions = {
            root = {
              size = "100%";
              content = {
                type = "bcachefs";
                label = "ssd.sdd1";
                otherDevices = {
                  "hdd.hdd1" = "/dev/sda";
                  "hdd.hdd2" = "/dev/sdb";
                };
              };
            };
          };
        };
      };
    };
  };
}

ThyMYthOS avatar Jan 10 '24 10:01 ThyMYthOS