feat: make docker run on zfs, add unlocking docs

2023-10-29 20:33:11 +01:00 · 2023-10-29 20:33:11 +01:00 · 80328959af
parent b3e8e45966
commit 80328959af
3 changed files with 14 additions and 1 deletions
--- a/docs/unlocking-root.md
+++ b/docs/unlocking-root.md
@ -1,3 +1,9 @@
 # Unlocking the root partition on boot

-After a boot, the encrypted root partition will have to be unlocked. This is done by accessing the server via SSH on port 2222. After connecting, paste the crypt passphrase you can find in the shared keepass. This will disconnect the SSH session right away and the server will keep booting into stage 2.
+After a boot, the encrypted root partition will have to be unlocked. This is done by accessing the server via SSH with user root on port 2222.
+
+```
+ssh root@nachtigall.pub.solar -p2222
+```
+
+ After connecting, paste the crypt passphrase you can find in the shared keepass. This will disconnect the SSH session right away and the server will keep booting into stage 2.
--- a/flake.nix
+++ b/flake.nix
@ -108,6 +108,7 @@
                extraOptions = ''
                  --data-root /var/lib/docker
                '';
+                storageDriver = "zfs";
              };

              services.openssh.enable = true;
@ -154,6 +155,7 @@
              };
            };
          };
+
          deploy.nodes = self.pub-solar.lib.deploy.mkDeployNodes self.nixosConfigurations {
            nachtigall = {
              sshUser = username;
--- a/hosts/nachtigall/hardware-configuration.nix
+++ b/hosts/nachtigall/hardware-configuration.nix
@ -28,6 +28,11 @@
      fsType = "zfs";
    };

+  fileSystems."/var/lib/docker" =
+    { device = "root_pool/data/docker";
+      fsType = "zfs";
+    };
+
  fileSystems."/boot1" =
    { device = "/dev/disk/by-uuid/5493-EFF5";
      fsType = "vfat";