diff --git a/config/nutty-noon.nix b/config/nutty-noon.nix index 6860736f..48e8e8c3 100644 --- a/config/nutty-noon.nix +++ b/config/nutty-noon.nix @@ -20,6 +20,7 @@ ./services/postgres.nix ./services/woodpecker-agent.nix ./users/remote-build.nix + ../modules/bcachefs.nix ]; hardware.cpu.amd.updateMicrocode = true; boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" "k10temp"]; @@ -29,7 +30,7 @@ config.boot.kernelPackages.zenpower ]; - boot.kernelPackages = lib.mkForce pkgs.linuxPackages_testing_bcachefs; + boot.kernelPackages = lib.mkForce (pkgs.linuxPackagesFor pkgs.linux-bcachefs); boot.supportedFilesystems = lib.mkForce ["bcachefs" "vfat"]; fileSystems."/" = { diff --git a/flake.lock b/flake.lock index 1e586963..1a155a8b 100644 --- a/flake.lock +++ b/flake.lock @@ -1226,11 +1226,11 @@ ] }, "locked": { - "lastModified": 1687677942, - "narHash": "sha256-HaHbNHFvX9BbQ4QGButNYK3uWkpA0PoMEZ7PZ/l0S14=", + "lastModified": 1687708750, + "narHash": "sha256-3kOrSanzNn+BFqV+AmpQoxSlZXolnCt9GL6P5mBlE/E=", "ref": "main", - "rev": "b5e19754995075ef621c2acf808d306135a99bd3", - "revCount": 916, + "rev": "b15e4ae106af506fec5a1549c7250ce7f6d8d7d5", + "revCount": 922, "type": "git", "url": "https://git.chir.rs/darkkirb/nix-packages.git" }, @@ -1553,11 +1553,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1687677983, - "narHash": "sha256-eaVk+DZ4fVbF/u4hdygHCtS1qfxMvP0bWawwPhTwIAg=", + "lastModified": 1687708260, + "narHash": "sha256-yDKHrL1nRIwe7d81WZoUKpjCsqk0/mJwjlq+InarGZo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c07741265292d6fc5b0e499072ea9f4b1124744b", + "rev": "06429924a77c374940b0ac0c87d669ccda48cdc5", "type": "github" }, "original": { @@ -1583,11 +1583,11 @@ }, "nur_2": { "locked": { - "lastModified": 1687666225, - "narHash": "sha256-ldABbbs4tP6SGigIc3ihm1962thOpZ9wT9NpX2vHaKc=", + "lastModified": 1687703991, + "narHash": "sha256-qobiIdBXPNWHEembddq5EIwg8MFYtl5JVZY4yR4pD5c=", "owner": "nix-community", "repo": "NUR", - "rev": "e9ad8e2cc54478c5e537822a24d2f80772e4574b", + "rev": "ff6e6849d68109e7feefe1346def311bb4d8c3a7", "type": "github" }, "original": { diff --git a/modules/bcachefs.nix b/modules/bcachefs.nix new file mode 100644 index 00000000..82c7b717 --- /dev/null +++ b/modules/bcachefs.nix @@ -0,0 +1,82 @@ +{ + config, + lib, + pkgs, + utils, + ... +}: +with lib; let + bootFs = filterAttrs (n: fs: (fs.fsType == "bcachefs") && (utils.fsNeededForBoot fs)) config.fileSystems; + + mountCommand = pkgs.runCommand "mount.bcachefs" {} '' + mkdir -p $out/bin + cat > $out/bin/mount.bcachefs < /dev/null 2> /dev/null; then # test for encryption + prompt $name + until bcachefs unlock $path 2> /dev/null; do # repeat until successfully unlocked + printf "unlocking failed!\n" + prompt $name + done + printf "unlocking successful.\n" + fi + } + ''; + + openCommand = name: fs: let + # we need only unlock one device manually, and cannot pass multiple at once + # remove this adaptation when bcachefs implements mounting by filesystem uuid + # also, implement automatic waiting for the constituent devices when that happens + # bcachefs does not support mounting devices with colons in the path, ergo we don't (see #49671) + firstDevice = head (splitString ":" fs.device); + in '' + tryUnlock ${name} ${firstDevice} + ''; +in { + config = mkIf (elem "bcachefs" config.boot.supportedFilesystems) (mkMerge [ + { + # We do not want to include bachefs in the fsPackages for systemd-initrd + # because we provide the unwrapped version of mount.bcachefs + # through the extraBin option, which will make it available for use. + system.fsPackages = lib.optional (!config.boot.initrd.systemd.enable) pkgs.bcachefs-tools; + environment.systemPackages = lib.optional (config.boot.initrd.systemd.enable) pkgs.bcachefs-tools; + + # use kernel package with bcachefs support until it's in mainline + boot.kernelPackages = pkgs.linuxPackages_testing_bcachefs; + } + + (mkIf ((elem "bcachefs" config.boot.initrd.supportedFilesystems) || (bootFs != {})) { + # chacha20 and poly1305 are required only for decryption attempts + boot.initrd.availableKernelModules = ["bcachefs" "sha256" "chacha20" "poly1305"]; + + boot.initrd.systemd.extraBin = { + "bcachefs" = "${pkgs.bcachefs-tools}/bin/bcachefs"; + "mount.bcachefs" = "${mountCommand}/bin/mount.bcachefs"; + }; + + boot.initrd.extraUtilsCommands = lib.mkIf (!config.boot.initrd.systemd.enable) '' + copy_bin_and_libs ${pkgs.bcachefs-tools}/bin/bcachefs + copy_bin_and_libs ${mountCommand}/bin/mount.bcachefs + ''; + boot.initrd.extraUtilsCommandsTest = '' + $out/bin/bcachefs version + ''; + + boot.initrd.postDeviceCommands = commonFunctions + concatStrings (mapAttrsToList openCommand bootFs); + }) + ]); + disabledModules = ["tasks/filesystems/bcachefs.nix"]; +}