{ config, disks ? [ "/dev/nvme0n1" ], ... }: let hostname = config.networking.hostName; in { disko.devices = { disk = { nvme = { type = "disk"; device = builtins.elementAt disks 0; content = { type = "gpt"; partitions = { ESP = { size = "512M"; type = "EF00"; content = { type = "filesystem"; format = "vfat"; mountpoint = "/boot"; mountOptions = [ "defaults" ]; }; }; luks = { size = "100%"; content = { type = "luks"; name = "${hostname}_crypt"; extraOpenArgs = [ "--allow-discards" ]; # This file contains the key for interactive login which must be # the secret without a trailing newline. passwordFile = config.sops.secrets.luks-password.path; content = { type = "btrfs"; extraArgs = [ "-f" ]; subvolumes = { "root" = { mountpoint = "/"; mountOptions = [ "compress=zstd" ]; }; "home" = { mountpoint = "/home"; mountOptions = [ "compress=zstd" ]; }; "nix" = { mountpoint = "/nix"; mountOptions = [ "compress=zstd" "noatime" ]; }; "persist" = { mountpoint = "/persist"; mountOptions = [ "compress=zstd" ]; }; "log" = { mountpoint = "/var/log"; mountOptions = [ "compress=zstd" "noatime" ]; }; }; }; }; }; }; }; }; }; }; fileSystems."/persist".neededForBoot = true; }