feat: make docker run on zfs, add unlocking docs
This commit is contained in:
parent
a10d77dcf6
commit
f013c6e3f8
|
@ -1,3 +1,9 @@
|
||||||
# Unlocking the root partition on boot
|
# Unlocking the root partition on boot
|
||||||
|
|
||||||
After a boot, the encrypted root partition will have to be unlocked. This is done by accessing the server via SSH on port 2222. After connecting, paste the crypt passphrase you can find in the shared keepass. This will disconnect the SSH session right away and the server will keep booting into stage 2.
|
After a boot, the encrypted root partition will have to be unlocked. This is done by accessing the server via SSH with user root on port 2222.
|
||||||
|
|
||||||
|
```
|
||||||
|
ssh root@nachtigall.pub.solar -p2222
|
||||||
|
```
|
||||||
|
|
||||||
|
After connecting, paste the crypt passphrase you can find in the shared keepass. This will disconnect the SSH session right away and the server will keep booting into stage 2.
|
||||||
|
|
|
@ -107,6 +107,7 @@
|
||||||
extraOptions = ''
|
extraOptions = ''
|
||||||
--data-root /var/lib/docker
|
--data-root /var/lib/docker
|
||||||
'';
|
'';
|
||||||
|
storageDriver = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
|
@ -153,6 +154,7 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
deploy.nodes = self.pub-solar.lib.deploy.mkDeployNodes self.nixosConfigurations {
|
deploy.nodes = self.pub-solar.lib.deploy.mkDeployNodes self.nixosConfigurations {
|
||||||
nachtigall = {
|
nachtigall = {
|
||||||
sshUser = username;
|
sshUser = username;
|
||||||
|
|
|
@ -28,6 +28,11 @@
|
||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
fileSystems."/var/lib/docker" =
|
||||||
|
{ device = "root_pool/data/docker";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
fileSystems."/boot1" =
|
fileSystems."/boot1" =
|
||||||
{ device = "/dev/disk/by-uuid/5493-EFF5";
|
{ device = "/dev/disk/by-uuid/5493-EFF5";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
|
|
Loading…
Reference in a new issue