mauville: migrate to disko (#43)

* mauville: move to disko with btrfs on /dev/nvme0n1

* mauville: add media and archive disks with btrfs

* mauville: run ssh in initrd to type luks password

mauville: force system.autoUpgrade.allowReboot to false

mauville: bump stateVersion

no public secrets, autogen initrd ssh on activation

hosts/mauville/default.nix

@@ -12,7 +12,7 @@
 in {
   imports = [
     ../common
-    ./filesystems.nix
+    ./disko.nix
     ./home.nix
     self.inputs.nixhw.nixosModules.common-amd-cpu
     self.inputs.nixhw.nixosModules.common-amd-gpu
@@ -48,8 +48,44 @@ in {
     syncthingKey.file = ../../secrets/syncthing/mauville/key.age;
   };
 
+  system.activationScripts.gen-initrd-ssh.text = ''
+    KEY_PATH="/etc/secrets/initrd/ssh_host_ed25519_key"
+
+    mkdir -p /etc/secrets/initrd
+
+    # Check if the file already exists
+    if [ -f "$KEY_PATH" ]; then
+      echo "Key already exists at $KEY_PATH. Skipping ssh-keygen."
+    else
+      # Generate the SSH key if it doesn't exist
+      ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f "$KEY_PATH"
+      echo "SSH key generated at $KEY_PATH."
+    fi
+  '';
+
   boot = {
-    initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod"];
+    initrd = {
+      availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod" "r8169"];
+
+      network = {
+        enable = true;
+        flushBeforeStage2 = true;
+
+        ssh = {
+          enable = true;
+          port = 22;
+          authorizedKeyFiles = config.users.users.root.openssh.authorizedKeys.keyFiles;
+          hostKeys = [/etc/secrets/initrd/ssh_host_ed25519_key];
+        };
+
+        udhcpc.enable = true;
+
+        postCommands = ''
+          # Automatically ask for the password on SSH login
+          echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile
+        '';
+      };
+    };
 
     loader = {
       efi.canTouchEfiVariables = true;
@@ -98,7 +134,12 @@ in {
   };
 
   environment.variables.GDK_SCALE = "1.25";
-  system.stateVersion = "23.11";
+
+  system = {
+    autoUpgrade.allowReboot = lib.mkForce false;
+    stateVersion = "24.05";
+  };
+
   zramSwap.memoryPercent = 100;
 
   ar = {

hosts/mauville/disko.nix

@@ -0,0 +1,94 @@
+{
+  disko.devices = {
+    disk = {
+      media = {
+        type = "disk";
+        device = "/dev/sda1";
+        content = {
+          type = "gpt";
+          partitions = {
+            root = {
+              size = "100%";
+              content = {
+                type = "btrfs";
+                extraArgs = ["-f"]; # Override existing partition
+                mountpoint = "/mnt/Media";
+                mountOptions = ["compress=zstd" "noatime"];
+              };
+            };
+          };
+        };
+      };
+
+      archive = {
+        type = "disk";
+        device = "/dev/sda2";
+        content = {
+          type = "gpt";
+          partitions = {
+            root = {
+              size = "100%";
+              content = {
+                type = "btrfs";
+                extraArgs = ["-f"]; # Override existing partition
+                mountpoint = "/mnt/Archive";
+                mountOptions = ["compress=zstd" "noatime"];
+              };
+            };
+          };
+        };
+      };
+
+      vdb = {
+        type = "disk";
+        device = "/dev/nvme0n1";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "1024M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [
+                  "defaults"
+                ];
+              };
+            };
+            luks = {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "crypted";
+                content = {
+                  type = "btrfs";
+                  extraArgs = ["-f"];
+                  subvolumes = {
+                    "/root" = {
+                      mountpoint = "/";
+                      mountOptions = ["compress=zstd" "noatime"];
+                    };
+                    "persist" = {
+                      mountpoint = "/persist";
+                      mountOptions = ["compress=zstd" "noatime"];
+                    };
+                    "/home" = {
+                      mountpoint = "/home";
+                      mountOptions = ["compress=zstd" "noatime"];
+                    };
+                    "/nix" = {
+                      mountpoint = "/nix";
+                      mountOptions = ["compress=zstd" "noatime"];
+                    };
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

hosts/mauville/filesystems.nix

@@ -1,36 +0,0 @@
-{
-  config,
-  inputs,
-  lib,
-  pkgs,
-  ...
-}: {
-  fileSystems = {
-    "/" = {
-      device = "/dev/disk/by-uuid/c4217c88-3101-434b-8321-58e2ac89527c";
-      fsType = "ext4";
-    };
-
-    "/boot" = {
-      device = "/dev/disk/by-uuid/3445-B2A0";
-      fsType = "vfat";
-    };
-
-    "/mnt/Archive" = {
-      device = "/dev/disk/by-uuid/f7e9e6d6-2bf6-429a-aaf0-49b55d53fc83";
-      fsType = "ext4";
-    };
-
-    "/mnt/Media" = {
-      device = "/dev/disk/by-uuid/d988d5ca-f9d6-4d85-aa0e-8a437b3c859a";
-      fsType = "ext4";
-    };
-  };
-
-  swapDevices = [
-    {
-      device = "/dev/disk/by-uuid/26094ada-7ba4-4437-bacb-b3cdf6c3397b";
-      priority = 1;
-    }
-  ];
-}