mirror of
https://github.com/gburd/nix-config.git
synced 2024-11-13 00:16:24 +00:00
68 lines
2 KiB
Nix
68 lines
2 KiB
Nix
{ config, disk ? "/dev/nvme0n1", ... }:
|
|
let
|
|
hostname = config.networking.hostName;
|
|
in
|
|
{
|
|
disko.devices = {
|
|
disk = {
|
|
nvme = {
|
|
type = "disk";
|
|
device = disk;
|
|
content = {
|
|
type = "gpt";
|
|
partitions = {
|
|
ESP = {
|
|
size = "512M";
|
|
type = "EF00";
|
|
content = {
|
|
type = "filesystem";
|
|
format = "vfat";
|
|
mountpoint = "/boot";
|
|
mountOptions = [ "defaults" ];
|
|
};
|
|
};
|
|
luks = {
|
|
size = "100%";
|
|
content = {
|
|
type = "luks";
|
|
name = "${hostname}_crypt";
|
|
extraOpenArgs = [ "--allow-discards" ];
|
|
# This file contains the key for interactive login which must be
|
|
# the secret without a trailing newline.
|
|
passwordFile = config.sops.secrets.luks-password.path;
|
|
content = {
|
|
type = "btrfs";
|
|
extraArgs = [ "-f" ];
|
|
subvolumes = {
|
|
"root" = {
|
|
mountpoint = "/";
|
|
mountOptions = [ "compress=zstd" ];
|
|
};
|
|
"home" = {
|
|
mountpoint = "/home";
|
|
mountOptions = [ "compress=zstd" ];
|
|
};
|
|
"nix" = {
|
|
mountpoint = "/nix";
|
|
mountOptions = [ "compress=zstd" "noatime" ];
|
|
};
|
|
"persist" = {
|
|
mountpoint = "/persist";
|
|
mountOptions = [ "compress=zstd" ];
|
|
};
|
|
"var/logs" = {
|
|
mountpoint = "/var/logs";
|
|
mountOptions = [ "compress=zstd" "noatime" ];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
fileSystems."/persist".neededForBoot = true;
|
|
}
|