Skip to content

NixOS All The Things

One laptop at a time, an SBC running home automation tasks in the corner over there, and now a core backup server has been moved over to NixOS.

git + nix + tailscale ❤️

I have reached nerdvana and it is all that I hoped it could be.

A few .nix files per system that are only a git pull away, and a simple nixos-rebuild switch 🥲 ZFS on NixOS

After a system backup, I booted NixOS live, imported my encryption keys for the pool, and zfs load-key file:///location/of/key tank/enc. Everything imported as expected, I was underwhelmed but pleasantly surprised.

After I installed NixOS 23.11 and ported some nix config from my repository I gave the system and sources an update and upgrade, annnnnnd was promptly met by ZFS errors and was unable to mount my pool. Wasn't that the point of the test 😒 lol. Wait a second.. error in chair, not with system I didn't update and upgrade the testing system before importing ZFS pools. So that tells me with a kernel rev ZFS is breaking but was functional on the older kernel version. Working Stuff Out

First thing is to fix ZFS not building which should be pretty simple to track down since NixOS has great support for ZFS and all the magic 🧙‍♂️.

There is a boot.kernelPackages feature in ZFS that you can specify zfs.package.latestCompatibleLinuxPackages to keep the kernel from upgrading past ZFS stable support 💯.

In order to enable this feature ZFS requires network.hostId be set to a uniquely random string of 8 characters. I came across a nice one liner on StackOverflow using tr to strip unwanted characters and /dev/urandom for the source.

tr -dc A-Za-z0-9 </dev/urandom | head -c 8; echo

  boot.supportedFilesystems = [ "zfs" ];
  networking.hostId = "2357f95a";
  boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;

After populating some new datasets and resolving some snapshot drift between these two servers I started to run into the issue of my pools not mounting at boot.

boot.zfs.extraPools = [ "tank" ]; fixed that up. But I now have a few encrypted datasets that aren't mounting at boot, or using their keys to unlock, I just keep getting prompted for encryption passwords during my boot cycle.

zfs get keylocation tank/enc which is as you'd expect and working, zfs get keylocation tank/enc/media/video on a separate dataset which is reporting "password prompt" which isn't what I want.

zfs change-key -o keylocation=file:///location/to/key -o keyformat=raw tank/enc/media/video

Everything is ironed out and humming along at this point.

Time to bring some services up 👍