Changes for the new limina

config/hardware/limina.nix

@@ -15,47 +15,43 @@ with lib; {
       systemd-boot.enable = true;
       efi.canTouchEfiVariables = true;
     };
-
-    supportedFilesystems = [ "zfs" ];
-    # kernelPackages = pkgs.linuxPackages_latest;
   };
 
   fileSystems = {
-    "/boot" = {
+    "/" = {
-      device = "/dev/disk/by-label/BOOT";
+      device = "limina-root";
-      fsType = "vfat";
+      fsType = "tmpfs";
+      options = [ "mode=755" "noexec" ];
     };
 
-    "/" = {
+    "/boot" = {
-      device = "zroot/transient/root";
+      device = "/dev/disk/by-label/LIM-BOOT";
-      fsType = "zfs";
+      fsType = "vfat";
+      options = [ "noexec" "noatime" "nodiratime" ];
     };
 
     "/nix" = {
-      device = "zroot/transient/nix";
+      device = "/dev/disk/by-label/limina-root";
-      fsType = "zfs";
+      fsType = "btrfs";
+      options = [ "subvol=@nix" "noexec" "noatime" "nodiratime" ];
     };
 
     "/var/log" = {
-      device = "zroot/transient/logs";
+      device = "/dev/disk/by-label/limina-root";
-      fsType = "zfs";
+      fsType = "btrfs";
+      options = [ "subvol=@log" "noexec" "noatime" "nodiratime" ];
       neededForBoot = true;
     };
 
-    "/home" = {
-      device = "zroot/persistent/home";
-      fsType = "zfs";
-    };
-
     "/state" = {
-      device = "zroot/persistent/state";
+      device = "/dev/disk/by-label/limina-root";
-      fsType = "zfs";
+      fsType = "btrfs";
+      options = [ "subvol=@state" "noexec" "noatime" "nodiratime" ];
+      neededForBoot = true;
     };
   };
 
-  services.zfs.autoScrub.enable = true;
+  swapDevices = [{ device = "/dev/disk/by-label/limina-swap"; }];
-
-  swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
 
   nix.maxJobs = lib.mkDefault 4;
 

config/host-config/limina.nix

@@ -14,9 +14,6 @@ let
 
 in {
   config = {
-
-    boot.zfs.enableUnstable = true;
-
     networking = {
       interfaces = {
         enp1s0 = { useDHCP = true; };
@@ -65,9 +62,6 @@ in {
 
       client.dns = {
         enable = true;
-        ipv4 = true;
-        ipv6 = true;
-        user = "fudo-client";
         external-interface = "enp1s0";
         ## This is now set by hosts.nix
         # password-file =
@@ -102,7 +96,7 @@ in {
         backend = "docker";
         containers = {
           pihole = {
-            image = "pihole/pihole:v5.7";
+            image = "pihole/pihole:2021.10";
             autoStart = true;
             ports = [ "5353:53/tcp" "5353:53/udp" "3080:80/tcp" ];
             environment = {
@@ -111,8 +105,8 @@ in {
               DNS1 = "${primary-ip}#${toString dns-proxy-port}";
             };
             volumes = [
-              "/srv/pihole/etc-pihole/:/etc/pihole/"
+              "/state/pihole/etc-pihole/:/etc/pihole/"
-              "/srv/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/"
+              "/state/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/"
             ];
           };
         };
@@ -121,22 +115,13 @@ in {
 
     # Support for statelessness
     environment.etc = {
+      # TODO: replace with current config
       nixos.source = "/state/nixos";
       adjtime.source = "/state/etc/adjtime";
       NIXOS.source = "/state/etc/NIXOS";
       "host-config.nix".source = "/state/etc/host-config.nix";
-      ## This should be handled by nixops deploy
-      # "krb5.keytab" = {
-      #   source = "/state/etc/limina.keytab";
-      #   user = "root";
-      #   mode = "0400";
-      # };
     };
 
-    boot.initrd.postDeviceCommands = lib.mkAfter ''
-      ${pkgs.zfs}/bin/zfs rollback -r zroot/transient/root@blank
-    '';
-
     security.sudo.extraConfig = ''
       # rollback results in sudo lectures after each reboot
       Defaults lecture = never