Skip to content

Instantly share code, notes, and snippets.

@eqyiel
Forked from dysinger/nixos-encrypted-zfs.sh
Created May 4, 2020 01:15
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save eqyiel/52d3398ac44d9d3a2b06bf1b2ebbfe3b to your computer and use it in GitHub Desktop.
Save eqyiel/52d3398ac44d9d3a2b06bf1b2ebbfe3b to your computer and use it in GitHub Desktop.
How I installed Encrypted ZFS root on NixOS
#!/bin/sh
# FIRST STOP THE zfs-zed SERVICE
systemctl stop zfs-zed
# FORCE UNLOAD ZFS KERNEL MODULES
lsmod | grep zfs | cut -d' ' -f1 | xargs rmmod -f
# NOW ADD THE FOLLOWING TO /etc/nixos/configuration.nix
#
# boot.supportedFilesystems = [ "zfs" ];
# boot.zfs.enableUnstable = true;
#
# AND REBUILD
nixos-rebuild switch --upgrade
# PARTITON DISK: 1 512MB EFI & REST ZFS
parted --script /dev/nvme0n1 -- \
mklabel gpt \
mkpart esp fat32 1MiB 512MiB \
mkpart primary 512MiB 100% \
set 1 boot on
# CREATE AN ENCRYPTED ZFS POOL
zpool create -f \
-o ashift=12 \
-O encryption=on \
-O keyformat=passphrase \
-O mountpoint=none \
rpool \
/dev/nvme0n1p2
# CREATE A SWAP PARTITION
zfs create \
-V 4G \
-b $(getconf PAGESIZE) \
-o compression=zle \
-o logbias=throughput \
-o sync=always \
-o primarycache=metadata \
-o secondarycache=none \
-o com.sun:auto-snapshot=false \
rpool/swap
mkswap -f /dev/zvol/rpool/swap
swapon /dev/zvol/rpool/swap
# CREATE A ROOT PARTITION
zfs create \
-o mountpoint=legacy \
rpool/root
mkdir -p /mnt
mount -t zfs rpool/root /mnt
# CREATE A HOME PARTITION
zfs create \
-o mountpoint=legacy \
-o compression=on \
rpool/home
mkdir -p /mnt/home
mount -t zfs rpool/home /mnt/home
# CREATE A BOOT PARTITON
mkfs.fat -F 32 -n BOOT /dev/nvme0n1p1
mkdir -p /mnt/boot
mount -t vfat /dev/nvme0n1p1 /mnt/boot
# NOW GENERATE NIXOS CONFIG FOR /mnt
nixos-generate-config --root /mnt
# NOW ADD THE FOLLOWING TO /mnt/etc/nixos/configuration.nix
#
# boot.initrd.supportedFilesystems = [ "zfs" ];
# boot.supportedFilesystems = [ "zfs" ];
# boot.zfs.enableUnstable = true;
# services.zfs.autoScrub.enable = true;
#
# network.hostName = "pants";
# network.hostId = "abcdef01";
#
# NOW INSTALL NIXOS
nixos-install
# NOW CLEANUP & REBOOT
umount /mnt/{home,boot}
umount /mnt
swapoff -a
zfs export -a
reboot
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment