infrastructure/machines/nixos/web01/disko.nix

87 lines
2.3 KiB
Nix
Raw Permalink Normal View History

# SPDX-FileCopyrightText: 2024 Maurice Debray <maurice.debray@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
2023-05-22 15:09:04 +02:00
_:
let
luksName = "mainfs";
2023-05-12 03:22:09 +02:00
in
{
boot.initrd.luks.devices.${luksName} = {
keyFile = "/dev/zero";
keyFileSize = 1;
};
2023-05-12 02:59:03 +02:00
disko.devices = {
disk = {
vdb = {
device = "/dev/vdb";
type = "disk";
content = {
2024-03-13 23:53:01 +01:00
type = "gpt";
partitions = {
ESP = {
2023-05-12 02:59:03 +02:00
start = "1MiB";
2024-03-13 23:53:01 +01:00
label = "ESP";
2023-05-12 02:59:03 +02:00
end = "512MiB";
2024-03-13 23:53:01 +01:00
type = "EF00";
priority = 1;
2023-05-12 02:59:03 +02:00
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
2024-03-13 23:53:01 +01:00
};
luks = {
2023-05-12 02:59:03 +02:00
start = "512MiB";
end = "-4GiB";
content = rec {
2023-05-22 15:09:04 +02:00
type = "luks";
2023-05-12 03:22:09 +02:00
name = luksName;
2023-05-12 02:59:03 +02:00
extraOpenArgs = [ "--keyfile-size=1" ];
extraFormatArgs = extraOpenArgs;
2024-03-13 23:53:01 +01:00
settings.keyFile = "/dev/zero";
2023-05-12 02:59:03 +02:00
content = {
type = "btrfs";
mountpoint = "/mnt/btrfs-root";
subvolumes = {
"/rootfs" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" ];
};
"/home" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/home";
};
"/var-log" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/var/log";
};
"/nix" = {
mountOptions = [
"noatime"
"compress=zstd"
];
2023-05-12 02:59:03 +02:00
mountpoint = "/nix";
};
};
};
};
2024-03-13 23:53:01 +01:00
};
swap = {
label = "swap";
2023-05-12 02:59:03 +02:00
start = "-4GiB";
end = "100%";
2024-03-13 23:53:01 +01:00
priority = 3;
2023-05-12 02:59:03 +02:00
content = {
type = "swap";
randomEncryption = true;
};
2024-03-13 23:53:01 +01:00
};
};
2023-05-12 02:59:03 +02:00
};
};
};
};
}