bernardo/Nomarchy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f318585dc4d13332dc940138544b5af9981470c3
Nomarchy/installer/disko-config.nix
Bernardo Magri f318585dc4 fix(installer): harden disk selection and partitioning phase 
The disk phase was the dominant source of incomplete installs. Six
concrete failure modes addressed in one pass:

1. Live-ISO USB excluded from the disk picker. select_disk previously
   filtered loop|ram|zram|sr but not the device the installer booted
   from; picking it would format the boot media mid-install. New
   detect_live_iso_devices walks /, /iso, /run/initramfs/live,
   /nix/.ro-store, /nix/store and resolves each backing device to its
   parent disk via lsblk -no PKNAME. Override with
   NOMARCHY_INSTALL_ALLOW_ISO_TARGET=1 for the developer case.

2. 10 GiB minimum-capacity preflight. Disko fails late and obscurely
   on undersized media; surface it while the picker is still open.

3. prewipe_target_drive rewritten:
   - Enumerates every active dm-crypt mapping via dmsetup ls and
     closes those whose backing device is on the target drive. The
     old version only knew about the hardcoded names "crypted" /
     "crypted_main" so an aborted multi-disk run or a non-Nomarchy
     install would leave a holder open and silently break the wipe.
   - Drops `|| true` from wipefs / sgdisk / dd. After the LUKS and
     swap teardown above, a real failure means something is still
     holding the device — surface that instead of papering over it.
   - udevadm settle bounded to 30s so a flapping USB can't hang.
   - Post-wipe sanity check: refuse to hand the disk to disko if
     anything is still mounted off it.

4. run_disko_with_retry wraps the disko call. On failure, shows the
   last 30 lines of output via gum style and offers Retry /
   View full log / Abort. set -e is suspended for the disko call so
   the exit code can be inspected. The previous bare `disko --mode
   disko` aborted the whole installer with output scrolled past.

5. Sed-templated disko-golden.nix + disko-btrfs-multi.nix pair
   replaced by a single disko-config.nix Nix function of
   { mainDrive, extraDrives ? [] } called via --argstr / --arg.
   Templating Nix via shell-escaped string substitution caused at
   least one production bug (3aadc36 fixed embedded-newline
   escaping); function arguments are the right shape and eliminate
   the entire class of escaping concerns. Single-disk path is
   `extraDrives = []`; multi-disk gets BTRFS `-d single -m raid1`
   plus the additional /dev/mapper/* devices. Hosts that shipped
   /etc/disko-golden.nix now ship /etc/disko-config.nix.

6. EXIT trap added so the tmpfs LUKS key file (/dev/shm/nomarchy-
   luks.key) is removed even if the script aborts between key-write
   and the explicit unset. Replaced redundant `shred -u` on tmpfs
   with `rm -f` (already in RAM).

Verification: bash -n on install.sh, nix-instantiate parse + strict
eval on disko-config.nix in both single and multi shapes, full
nix flake check --no-build evaluating all three NixOS configurations
(default, nomarchy-installer, nomarchy-live) plus the installerVm.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-30 19:42:00 +01:00

128 lines
4.3 KiB
Nix
Raw Blame History

# Nomarchy Golden-Path Disk Configuration
#
# Single source of truth for the installer's disko layout. The single-disk
# and multi-disk paths differ only in (a) whether `extraDrives` is empty and
# (b) the BTRFS profile (multi adds `-d single -m raid1` plus the additional
# /dev/mapper/* devices). Pass arguments via:
#
# disko --argstr mainDrive /dev/nvme0n1 \
# --arg extraDrives '[]' \
# disko-config.nix
#
# disko --argstr mainDrive /dev/nvme0n1 \
# --arg extraDrives '[ "/dev/sdb" "/dev/sdc" ]' \
# disko-config.nix
#
# Replaces the previous sed-templated disko-golden.nix + disko-btrfs-multi.nix
# pair. Templating Nix via shell-escaped string substitution proved fragile
# (commit 3aadc36 fixed one escaping bug; another was waiting to happen) —
# function arguments are the right shape.
{ mainDrive
, extraDrives ? []
}:
let
hasExtras = extraDrives != [];
# Sanitize a device path into something usable as both a disko attr name
# and a /dev/mapper/ name. /dev/sdb -> dev_sdb, /dev/nvme0n2 -> dev_nvme0n2.
sanitize = path: builtins.replaceStrings [ "/" "-" ] [ "_" "_" ] path;
extraName = drive: "extra_" + sanitize drive;
extraLuks = drive: "crypted_" + sanitize drive;
mkExtraDisk = drive: {
name = extraName drive;
value = {
type = "disk";
device = drive;
content = {
type = "gpt";
partitions.luks = {
size = "100%";
content = {
type = "luks";
name = extraLuks drive;
settings.allowDiscards = true;
settings.passwordFile = "/dev/shm/nomarchy-luks.key";
content.type = "btrfs";
};
};
};
};
};
# BTRFS extraArgs:
# - single: just `-f` (force) — no need to enumerate devices, the FS is
# created on the one /dev/mapper/crypted device disko emits.
# - multi: `-f -d single -m raid1 <extra mappers...>` — data striped
# across devices for capacity, metadata mirrored for safety.
btrfsExtraArgs =
if hasExtras then
[ "-f" "-d" "single" "-m" "raid1" ]
++ map (d: "/dev/mapper/" + extraLuks d) extraDrives
else
[ "-f" ];
# The main LUKS mapping name varies between layouts so the postCreateHook
# (which mounts the freshly created BTRFS to take the impermanence-rollback
# snapshot) targets the right /dev/mapper entry.
mainLuksName = if hasExtras then "crypted_main" else "crypted";
rootBtrfs = {
type = "btrfs";
extraArgs = btrfsExtraArgs;
subvolumes = {
"@" = { mountpoint = "/"; mountOptions = [ "compress=zstd" "noatime" ]; };
"@persist" = { mountpoint = "/persist"; mountOptions = [ "compress=zstd" "noatime" ]; };
"@home" = { mountpoint = "/home"; mountOptions = [ "compress=zstd" "noatime" ]; };
"@nix" = { mountpoint = "/nix"; mountOptions = [ "compress=zstd" "noatime" ]; };
"@log" = { mountpoint = "/var/log"; mountOptions = [ "compress=zstd" "noatime" ]; };
"@snapshots" = { mountpoint = "/.snapshots"; mountOptions = [ "compress=zstd" "noatime" ]; };
};
postCreateHook = ''
MNTPOINT=$(mktemp -d)
mount -t btrfs /dev/mapper/${mainLuksName} $MNTPOINT
btrfs subvolume snapshot -r $MNTPOINT/@ $MNTPOINT/root-blank
umount $MNTPOINT
'';
};
in {
disko.devices.disk = {
main = {
type = "disk";
device = mainDrive;
content = {
type = "gpt";
partitions = {
# 1 GiB ESP — fits several kernel generations + initrd + Plymouth.
ESP = {
priority = 1;
name = "ESP";
start = "1M";
end = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = mainLuksName;
settings.allowDiscards = true;
settings.passwordFile = "/dev/shm/nomarchy-luks.key";
content = rootBtrfs;
};
};
};
};
};
} // builtins.listToAttrs (map mkExtraDisk extraDrives);
}
Reference in New Issue View Git Blame Copy Permalink