codingcoffee/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nix/systems/x86_64-linux/predator/disko-config.nix
Ameya Shenoy 4998e822a7 feat: init 
Signed-off-by: Ameya Shenoy <shenoy.ameya@gmail.com>
2024-11-11 01:48:40 +05:30

167 lines
5.2 KiB
Nix
Raw Blame History

{ config, ... }: {
disko.devices = {
disk = {
main = {
type = "disk";
device = config.snowflake.hardware.diskDevice;
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
priority = 1;
};
efi = {
name = "EFI";
size = "512M";
type = "EF00";
priority = 2;
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/efi";
mountOptions = [ "fmask=0137" "dmask=0027" ];
};
};
xbootldr = {
name = "XBOOTLDR";
size = "512M";
type = "EA00";
priority = 3;
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "defaults" ];
};
};
cryptswap = {
size = "34G";
label = "luksswap";
priority = 4;
content = {
type = "luks";
name = "cryptswap";
settings = { allowDiscards = true; };
content = {
type = "swap";
randomEncryption = true;
};
};
};
cryptroot = {
size = "100%";
label = "luksroot";
priority = 5;
content = {
type = "luks";
name = "cryptroot";
# passwordFile = "/tmp/secret.key"; # Interactive; you can use this directive to automate the process. Populate using: `echo "password" >/tmp/secret.key` on the remote machine
settings = { allowDiscards = true; };
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = [ "-L" "nixos" "-f" ];
subvolumes = {
"@" = {
mountpoint = "/";
mountOptions = [
"ssd"
"noatime"
"compress=zstd:1"
"space_cache=v2"
"subvol=@"
];
};
"@home" = {
mountpoint = "/home";
mountOptions = [
"ssd"
"noatime"
"compress=zstd:1"
"space_cache=v2"
"subvol=@home"
];
};
"@log" = {
mountpoint = "/var/log";
mountOptions = [
"ssd"
"noatime"
"compress=zstd:1"
"space_cache=v2"
"subvol=@log"
];
};
"@docker" = {
mountpoint = "/var/lib/docker";
mountOptions = [
"ssd"
"noatime"
"compress=zstd:1"
"space_cache=v2"
"subvol=@docker"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"ssd"
"noatime"
"compress=zstd:1"
"space_cache=v2"
"subvol=@nix"
];
};
};
};
};
};
};
};
};
storage = {
type = "disk";
device = "/dev/sdb";
content = {
type = "gpt";
partitions = {
cryptroot = {
size = "100%";
label = "luksdata";
priority = 5;
content = {
type = "luks";
name = "cryptdata";
# passwordFile = "/tmp/secret.key"; # Interactive; you can use this directive to automate the process. Populate using: `echo "password" >/tmp/secret.key` on the remote machine
settings = { allowDiscards = true; };
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = [ "-L" "DISK1" "-f" ];
subvolumes = {
"@data" = {
mountpoint = "/mnt/disk1";
mountOptions = [
"ssd"
"noatime"
"compress=zstd:1"
"space_cache=v2"
"subvol=@"
];
};
};
};
};
};
};
};
};
};
};
}
Reference in a new issue View git blame Copy permalink