Allow disableing encryption for testing

doc/src/SUMMARY.md

@@ -11,6 +11,9 @@
             - [Website](./server/website.md)
             - [musik](./projekte/musik.md)
         - [TODO](./todo.md)
+        - [Modules]()
+            - [Initrd-ssh](./module/initssh.md)
+            - [Disks](./module/disks.md)
     - [How-to]()
         - [Create New Host](./anleitung/create.md)
         - [Sops](./anleitung/sops.md)            

doc/src/module/disks.md

@@ -0,0 +1,117 @@
+# Disks
+The disks module can be used by importing `inputs.self.nixosModules.malobeo.disko`
+
+
+#### `let cfg = malobeo.disks`
+
+#### `cfg.enable` (bool)
+- **Type:** `bool`
+- **Default:** `false`
+- **Description:**  
+  Enables the disk creation process using the `disko` tool. Set to `true` to initialize disk setup.
+
+#### `cfg.hostId` (string)
+- **Type:** `string`
+- **Default:** `""`
+- **Description:**  
+  The host ID used for ZFS disks. This ID should be generated using a command like `head -c4 /dev/urandom | od -A none -t x4`.
+
+#### `cfg.encryption` (bool)
+- **Type:** `bool`
+- **Default:** `true`
+- **Description:**  
+  Determines if encryption should be enabled. Set to `false` to disable encryption for testing purposes.
+
+#### `cfg.devNodes` (string)
+- **Type:** `string`
+- **Default:** `"/dev/disk/by-id/"`
+- **Description:**  
+  Specifies where the disks should be mounted from.  
+  - Use `/dev/disk/by-id/` for general systems.
+  - Use `/dev/disk/by-path/` for VMs.
+  - For more information on disk name conventions, see [OpenZFS FAQ](https://openzfs.github.io/openzfs-docs/Project%20and%20Community/FAQ.html#selecting-dev-names-when-creating-a-pool-linux).
+
+#### `let cfg = malobeo.disks.root`
+#### `cfg.disk0` (string)
+- **Type:** `string`
+- **Default:** `""`
+- **Description:**  
+  The device name (e.g., `/dev/sda`) for the root filesystem.
+
+#### `cfg.disk1` (string)
+- **Type:** `string`
+- **Default:** `""`
+- **Description:**  
+  The device name (e.g., `/dev/sdb`) for the optional mirror disk of the root filesystem.
+
+#### `cfg.swap` (string)
+- **Type:** `string`
+- **Default:** `"8G"`
+- **Description:**  
+  Size of the swap partition on `disk0`. This is applicable only for the root disk configuration.
+
+#### `cfg.reservation` (string)
+- **Type:** `string`
+- **Default:** `"20GiB"`
+- **Description:**  
+  The ZFS reservation size for the root pool.
+
+#### `cfg.mirror` (bool)
+- **Type:** `bool`
+- **Default:** `false`
+- **Description:**  
+  Whether to configure a mirrored ZFS root pool. Set to `true` to mirror the root filesystem across `disk0` and `disk1`.
+
+#### `let cfg = malobeo.disks.storage`
+#### `cfg.enable` (bool)
+- **Type:** `bool`
+- **Default:** `false`
+- **Description:**  
+  Enables the creation of an additional storage pool. Set to `true` to create the storage pool.
+
+#### `cfg.disks` (list of strings)
+- **Type:** `listOf string`
+- **Default:** `[]`
+- **Description:**  
+  A list of device names without /dev/ prefix  (e.g., `sda`, `sdb`) to include in the storage pool.  
+  Example: `["disks/by-id/ata-ST16000NE000-2RW103_ZL2P0YSZ"]`.
+
+#### `cfg.reservation` (string)
+- **Type:** `string`
+- **Default:** `"20GiB"`
+- **Description:**  
+  The ZFS reservation size for the storage pool.
+
+#### `cfg.mirror` (bool)
+- **Type:** `bool`
+- **Default:** `false`
+- **Description:**  
+  Whether to configure a mirrored ZFS storage pool. Set to `true` to mirror the storage pool.
+
+## Example Configuration
+
+```nix
+{
+  options.malobeo.disks = {
+    enable = true;
+    hostId = "abcdef01";
+    encryption = true;
+    devNodes = "/dev/disk/by-id/";
+    
+    root = {
+      disk0 = "sda";
+      disk1 = "sdb";
+      swap = "8G";
+      reservation = "40GiB";
+      mirror = true;
+    };
+    
+    storage = {
+      enable = true;
+      disks = [ "sdc" "sdd" "disks/by-uuid/sde" ];
+      reservation = "100GiB";
+      mirror = false;
+    };
+  };
+}
+```

doc/src/module/initssh.md

@@ -0,0 +1,29 @@
+# Initrd-ssh
+The initssh module can be used by importing `inputs.self.nixosModules.malobeo.initssh`
+
+#### `let cfg = malobeo.initssh`
+
+## cfg.enable   
+Enable the initssh module
+
+*Default*
+false
+
+
+## cfg.authorizedKeys
+Authorized keys for the initrd ssh
+
+*Default*
+`[ ]`
+
+
+## cfg.ethernetDrivers
+
+Ethernet drivers to load in the initrd.   
+Run ` lspci -k | grep -iA4 ethernet `
+
+*Default:*
+` [ ] `
+
+*Example:*
+`[ "r8169" ]`

machines/modules/disko/default.nix

@@ -1,4 +1,4 @@
-{config, lib, inputs, ...}:
+{config, inputs, lib, ...}:
 let 
   cfg = config.malobeo.disks;
 in
@@ -15,6 +15,11 @@ in
       default = "";
       description = "Host ID for zfs disks, generate with 'head -c4 /dev/urandom | od -A none -t x4'";
     };
+    encryption = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "Allows encryption to be disabled for testing";
+    };
     devNodes = lib.mkOption {
       type = lib.types.str;
       default = "/dev/disk/by-id/";
@@ -174,12 +179,12 @@ in
               type = "zfs_fs";
               options = {
                 mountpoint = "none";
-                encryption = "aes-256-gcm";
+                encryption = lib.mkIf cfg.encryption "aes-256-gcm";
-                keyformat = "passphrase";
+                keyformat = lib.mkIf cfg.encryption "passphrase";
-                keylocation = "file:///tmp/secret.key";
+                keylocation = lib.mkIf cfg.encryption "file:///tmp/secret.key";
               };
               # use this to read the key during boot
-              postCreateHook = ''
+              postCreateHook = lib.mkIf cfg.encryption ''
                 zfs set keylocation="prompt" zroot/encrypted;
               '';
             };
@@ -233,12 +238,12 @@ in
               type = "zfs_fs";
               options = {
                 mountpoint = "none";
-                encryption = "aes-256-gcm";
+                encryption = lib.mkIf cfg.encryption "aes-256-gcm";
-                keyformat = "passphrase";
+                keyformat = lib.mkIf cfg.encryption "passphrase";
-                keylocation = "file:///tmp/secret.key";
+                keylocation = lib.mkIf cfg.encryption "file:///tmp/secret.key";
               };
               # use this to read the key during boot
-              postCreateHook = ''
+              postCreateHook = lib.mkIf cfg.encryption ''
                 zfs set keylocation="prompt" storage/encrypted;
               '';
             };
@@ -261,7 +266,7 @@ in
       };
     };
 
-    boot.zfs.devNodes = cfg.devNodes;
+    boot.zfs.devNodes = lib.mkDefault cfg.devNodes;
 
     fileSystems."/".neededForBoot = true;
     fileSystems."/etc".neededForBoot = true;
@@ -269,6 +274,5 @@ in
     fileSystems."/var".neededForBoot = true;
     fileSystems."/home".neededForBoot = true;
     fileSystems."/nix".neededForBoot = true;
-    fileSystems."/data".neededForBoot = true;
   };
 }

machines/modules/malobeo/initssh.nix

@@ -24,7 +24,7 @@ in
     };
   };
   
-  config = lib.mkIf cfg.enable {
+  config = lib.mkIf (cfg.enable && config.malobeo.disks.encryption) {
     boot = {
       loader.systemd-boot.enable = true;
       loader.efi.canTouchEfiVariables = true;

machines/testvm/default.nix

@@ -22,6 +22,7 @@ in
 
   malobeo.disks = {
     enable = true;
+    encryption = false;
     hostId = "83abc8cb";
     devNodes = "/dev/disk/by-path/";
     root = {