Add script to setup k3s nvme

flake.nix

@@ -45,7 +45,9 @@
             soquartz-blade
             (btrbkModule {
               mountDir = "/btrfs/nvme";
-              subvolumes = [ ];
+              subvolumes = [
+                "@k3s-config"
+              ];
             })
             (if serverIp == null
             then
@@ -55,60 +57,109 @@
                 inherit serverIp;
                 enable = enableK3s;
               })
-            ({ config, ... }: {
-              services.lvm.enable = true;
+            ({ config, pkgs, ... }:
+              let
+                keyFilePath = config.sops.secrets.k3sKeyFile.path;
+                prepareNvme = ''
+                  #!/usr/bin/env bash
 
-              networking = {
-                interfaces.end0.ipv4.addresses = [
-                  {
-                    address = selfIp;
-                    prefixLength = 24;
-                  }
-                ];
-                defaultGateway = "192.168.20.1";
-                nameservers = [ "192.168.20.21" "192.168.20.1" ];
-              };
+                  set -e
 
-              sops.secrets.k3sKeyFile = {
-                format = "binary";
-                sopsFile = ./secrets/k3sKeyFile.bin;
-              };
+                  echo "Creating two partitions"
+                  fdisk -w always /dev/nvme0n1 << EOL
+                  g
+                  n
+                  1
 
-              environment.etc.crypttab = {
-                enable = unlockMounts;
-                text = ''
-                  cryptdrive1 /dev/nvme0n1p1 ${config.sops.secrets.k3sKeyFile.path} luks
+                  +50G
+                  n
+                  2
+
+
+                  w
+                  EOL
+
+                  echo "YES" | cryptsetup luksFormat /dev/nvme0n1p1 -d ${keyFilePath}
+                  cryptsetup luksOpen /dev/nvme0n1p1 cryptdrive1 -d ${keyFilePath}
+
+                  mkfs.btrfs /dev/mapper/cryptdrive1
+
+                  mkdir -p /btrfs/nvme
+                  mount /dev/mapper/cryptdrive1 /btrfs/nvme
+
+                  btrfs subvolume create /btrfs/nvme/@k3s-config
+                  btrfs subvolume create /btrfs/nvme/@snapshots
+                  btrfs subvolume create /btrfs/nvme/@var-lib-rancher
+                  btrfs subvolume create /btrfs/nvme/@var-log-pods
+
+                  umount /btrfs/nvme
+
+                  cryptsetup luksClose cryptdrive1
                 '';
-              };
+              in
+              {
+                services.lvm.enable = true;
 
-              fileSystems =
-                let
-                  device = "/dev/mapper/cryptdrive1";
-                  defaultOptions = [ "defaults" "rw" "compress=zstd" ];
-                  fileSystemConfig =
+                networking = {
+                  interfaces.end0.ipv4.addresses = [
                     {
-                      "/btrfs/nvme" = {
-                        inherit device;
-                        fsType = "btrfs";
-                        options = defaultOptions;
+                      address = selfIp;
+                      prefixLength = 24;
+                    }
+                  ];
+                  defaultGateway = "192.168.20.1";
+                  nameservers = [ "192.168.20.21" "192.168.20.1" ];
+                };
+
+                sops.secrets.k3sKeyFile = {
+                  format = "binary";
+                  sopsFile = ./secrets/k3sKeyFile.bin;
+                };
+
+                environment.systemPackages = with pkgs; [
+                  (writeShellScriptBin "prepare-nvme" prepareNvme)
+                ];
+
+                environment.etc.crypttab = {
+                  enable = unlockMounts;
+                  text = ''
+                    cryptdrive1 /dev/nvme0n1p1 ${keyFilePath} luks
+                  '';
+                };
+
+                fileSystems =
+                  let
+                    device = "/dev/mapper/cryptdrive1";
+                    defaultOptions = [ "defaults" "rw" "compress=zstd" ];
+                    fileSystemConfig =
+                      {
+                        "/btrfs/nvme" = {
+                          inherit device;
+                          fsType = "btrfs";
+                          options = defaultOptions;
+                        };
+                        "/k3s-config" = {
+                          inherit device;
+                          fsType = "btrfs";
+                          options = defaultOptions ++ [ "subvol=@k3s-config" ];
+                        };
+                        "/var/lib/rancher" = {
+                          inherit device;
+                          fsType = "btrfs";
+                          options = defaultOptions ++ [ "subvol=@var-lib-rancher" ];
+                        };
+                        "/var/log/pods" = {
+                          inherit device;
+                          fsType = "btrfs";
+                          options = defaultOptions ++ [ "subvol=@var-log-pods" ];
+                        };
                       };
-                      "/var/lib/rancher" = {
-                        inherit device;
-                        fsType = "btrfs";
-                        options = defaultOptions ++ [ "subvol=@var-lib-rancher" ];
-                      };
-                      "/var/log/pods" = {
-                        inherit device;
-                        fsType = "btrfs";
-                        options = defaultOptions ++ [ "subvol=@var-log-pods" ];
-                      };
-                    };
-                in
-                if unlockMounts && mountVolumes then
-                  fileSystemConfig
-                else
-                  { };
-            })
+                  in
+                  if unlockMounts && mountVolumes then
+                    fileSystemConfig
+                  else
+                    { };
+              })
           ];
         };
 
@@ -271,7 +322,6 @@
         k3s1 = makeK3sConfig {
           hostname = "k3s1";
           selfIp = "192.168.20.120";
-          enableK3s = false;
         };
 
         k3s2 = makeK3sConfig {

modules/btrbk/restore-snapshot

@@ -39,8 +39,8 @@ fi
 if [ -d "${TARGET_SUBVOLUME}" ]
 then
 	echo "Removing existing subvolume"
-	sudo btrfs subvolume delete "${TARGET_SUBVOLUME}"
+	btrfs subvolume delete "${TARGET_SUBVOLUME}"
 fi
 
 echo "Snapshotting ${SNAPSHOT_PATH} into ${TARGET_SUBVOLUME}"
-sudo btrfs subvolume snapshot "${SNAPSHOT_PATH}" "${TARGET_SUBVOLUME}"
+btrfs subvolume snapshot "${SNAPSHOT_PATH}" "${TARGET_SUBVOLUME}"

secrets/k3s.yaml

@@ -1,4 +1,4 @@
-k3s_token: ENC[AES256_GCM,data:IXhvi05qdc51lptYzhv/c8DvFfohU3padWVSudXObwA+eaX2ToerJS9RZ7tInSHhqWbsaFETnb6kgdQ4MnW3QkbaqyrjytKJtGQ3JzxXw1iN/xLtqw8lVo86gtCn4EHGkGvVyj6xt1dtdfh3,iv:fAdT+//qvn6Gog7LZciQt7gYu4OEUiLxTUnsVP9tReI=,tag:rU7gMwEqNSRttAAwRm6S3w==,type:str]
+k3s_token: ENC[AES256_GCM,data:F/7MJFTsBnEUkHh7BCDRf/VEpg42zSTQVhr7joPtbVOjQr4TggHLErTCat4A1lLnhu0fToiUtNbmuCfUzxjaWivJ/dAWl/rhHwxabmrGosfI5u62TsG7NHkqpJFRs6bXQQac+s4f9N/rOsOR,iv:o1BSHkMVm/0Il9vlX6KDz7b4GWDBGBC8YLYmMU0qHXM=,tag:bdl9glMGFJREfyTKbg0vAg==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -23,8 +23,8 @@ sops:
             NHVtWEdPZjVFdFF0UG4xNEtoU1lBckkKj6Fx2o17lrER5SAIJcqLSlcOmz/qufyE
             P3l8RCxKtzsGoihsGME1jROMiq2hsWe5uFA7vUiOggqzWV9M9mywBQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-01-27T05:34:51Z"
-    mac: ENC[AES256_GCM,data:naz97mcTjqITvAchg/yExyCkCOZvez3uHPsiF0F9T7WVpdpGrBdn/2iJhIlpJ6mPjoKWw3g85iT80YjMVXeAHFuYR7htvtMH6mpU8dfKmYWNsW2DJs+lMV8/OwDjJ6JWeKxPfX50nOGOxTmMXcPHrh0adeI2gHUfR9FPhr+ikE8=,iv:D/H0TN5X3arYzF9cQkYB2VJ1dYgbUeaBhr1gVfNVyd4=,tag:OjXi7ZDyXFJPp0dnszCaSA==,type:str]
+    lastmodified: "2023-01-27T21:17:49Z"
+    mac: ENC[AES256_GCM,data:YGRnJjU00jLTz4crkQYbNrQCVA0K7mZmoIGlMZA+0bJLv4b5qV3Oh7X62aApCUL17tXXjjaJCVb1NZ2pOVmIlR9sx0+FurMJsjebGHu96zqxZ/NogCJ3KM10KUH1hb7wCUDdTe1wDavEjEcuNnVV2YAkGlp+qNOb9hHdafKrqwk=,iv:kDrIqT3tunv6FKUqLRwCFdBHVn2dqoYM6rgTmdy3kDE=,tag:ff0ARafpF0I8JRsSLHTQlg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3