zfs: Address review comments

Signed-off-by: Vunny Sodhi <[email protected]>

modules/disko/disko-ab-partitions.nix

@@ -45,6 +45,9 @@
       initrd.availableKernelModules = [ "zfs" ];
       supportedFilesystems = [ "zfs" ];
       zfs.extraPools = [ "zfs_data" ];
+      initrd.luks.devices.zfs_data = {
+        device = "/dev/disk/by-partlabel/disk-disk1-zfs_data";
+      };
     };
     disko = {
       # 8GB is the recommeneded minimum for ZFS, so we are using this for VMs to avoid `cp` oom errors.
@@ -102,14 +105,8 @@
               zfs_data = {
                 size = "100%";
                 content = {
-                  name = "zfs_data";
-                  type = "luks";
-                  # TODO: Have a better password mechanism later
-                  settings.keyFile = "${pkgs.writeText "password" "ghaf"}";
-                  content = {
-                    type = "zfs";
-                    pool = "zfs_data";
-                  };
+                  type = "zfs";
+                  pool = "zfs_data";
                 };
               };
             };

modules/disko/disko-zfs-postboot.nix

@@ -17,33 +17,50 @@ let
       set -xeuo pipefail
 
       # Check which physical disk is used by ZFS
-      ENCRYPTED_POOL=zfs_data
-      zpool import -f $ENCRYPTED_POOL
-      ZFS_POOLNAME=$(zpool list | grep -v NAME | grep $ENCRYPTED_POOL | awk '{print $1}')
-      ZFS_LOCATION=$(zpool status -P | grep dev | grep "$ZFS_POOLNAME" | awk '{print $1}')
+      ENCRYPTED_POOLNAME=zfs_data
+      zpool import -f "$ENCRYPTED_POOLNAME"
+      ZFS_POOLNAME=$(zpool list | grep -v NAME | grep $ENCRYPTED_POOLNAME | awk '{print $1}')
+      ZFS_LOCATION=$(zpool status "$ZFS_POOLNAME" -P | grep dev | awk '{print $1}')
 
       # Get the actual device path
-      P_DEVPATH=$(cryptsetup status "$ZFS_POOLNAME" | grep device | awk '{print $2}')
+      P_DEVPATH=$(readlink -f "$ZFS_LOCATION")
 
-      # Extract the partition number using regex
       if [[ "$P_DEVPATH" =~ [0-9]+$ ]]; then
         PARTNUM=$(echo "$P_DEVPATH" | grep -o '[0-9]*$')
-        PARENT_DISK=/dev/$(lsblk -no pkname "$P_DEVPATH" | head -n 1)
+        PARENT_DISK=/dev/$(lsblk -no pkname "$P_DEVPATH")
       else
-        echo "No partition number found in device path: $P_DEVPATH"
+       echo "No partition number found in device path: $P_DEVPATH"
       fi
 
-      # Fix GPT first
-      sgdisk "$PARENT_DISK" -e
+      set +o pipefail
+      # Check if zfs pool has luks headers
+      if (cryptsetup status "$ZFS_POOLNAME") | grep -q "is inactive"; then
+        # Fix GPT first
+        sgdisk "$PARENT_DISK" -e
 
-      # Call partprobe to update kernel's partitions
-      partprobe
+        # Call partprobe to update kernel's partitions
+        partprobe
 
-      # Extend the partition to use unallocated space
-      parted -s -a opt "$PARENT_DISK" "resizepart $PARTNUM 100%"
+        # Extend the partition to use unallocated space
+        parted -s -a opt "$PARENT_DISK" "resizepart $PARTNUM 100%"
 
-      # Extend ZFS pool to use newly allocated space
-      zpool online -e "$ZFS_POOLNAME" "$ZFS_LOCATION"
+        # Extend ZFS pool to use newly allocated space
+        zpool online -e "$ZFS_POOLNAME" "$ZFS_LOCATION"
+
+        # Format pool with LUKS
+        zpool export "$ZFS_POOLNAME"
+        # TODO: Remove hardcoded password and have better password mechanism for formating
+        echo -n ghaf | cryptsetup luksFormat --type luks2 -q "$ZFS_LOCATION"
+        echo -n ghaf | cryptsetup luksOpen "$ZFS_LOCATION" "$ZFS_POOLNAME" --persistent
+
+        # Create pool, datasets as luksFormat will erase pools, ZFS datasets stored on that partition
+        zpool create -f "$ZFS_POOLNAME" /dev/mapper/"$ZFS_POOLNAME"
+        zfs create -o quota=30G "$ZFS_POOLNAME"/vm_storage
+        zfs create -o quota=10G "$ZFS_POOLNAME"/reserved
+        zfs create -o quota=50G "$ZFS_POOLNAME"/gp_storage
+        zfs create "$ZFS_POOLNAME"/storagevm
+        zfs create "$ZFS_POOLNAME"/recovery
+      fi
     '';
   };