diff --git a/machines/web-01/disko.nix b/machines/web-01/disko.nix new file mode 100644 index 0000000..8034d79 --- /dev/null +++ b/machines/web-01/disko.nix @@ -0,0 +1,71 @@ +{...}: { + disko.devices = { + disk = { + vdb = { + device = "/dev/vdb"; + type = "disk"; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { + name = "ESP"; + start = "1MiB"; + end = "512MiB"; + fs-type = "fat32"; + bootable = true; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + } + { + name = "luks"; + start = "512MiB"; + end = "-4GiB"; + content = rec { + type = "luks"; + name = "mainfs"; + extraOpenArgs = [ "--keyfile-size=1" ]; + extraFormatArgs = extraOpenArgs; + keyFile = "/dev/zero"; + content = { + type = "btrfs"; + mountpoint = "/mnt/btrfs-root"; + subvolumes = { + "/rootfs" = { + mountpoint = "/"; + mountOptions = [ "compress=zstd" ]; + }; + "/home" = { + mountOptions = [ "compress=zstd" ]; + mountpoint = "/home"; + }; + "/var-log" = { + mountOptions = [ "compress=zstd" ]; + mountpoint = "/var/log"; + }; + "/nix" = { + mountOptions = [ "noatime" "compress=zstd" ]; + mountpoint = "/nix"; + }; + }; + }; + }; + } + { + name = "swap"; + start = "-4GiB"; + end = "100%"; + content = { + type = "swap"; + randomEncryption = true; + }; + } + ]; + }; + }; + }; + }; +} diff --git a/npins/sources.json b/npins/sources.json index 31e5d7f..48e831c 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -1,5 +1,19 @@ { "pins": { + "disko": { + "type": "GitRelease", + "repository": { + "type": "GitHub", + "owner": "nix-community", + "repo": "disko" + }, + "pre_releases": false, + "version_upper_bound": null, + "version": "v1.0.0", + "revision": "6cbfde5b505bbbf0cfcfff230efb272e4d4a2230", + "url": "https://api.github.com/repos/nix-community/disko/tarball/v1.0.0", + "hash": "153cm29hjgklsi1aw85srvcd3h3afm7j77llk4fj3slf5gcwnmx9" + }, "krops": { "type": "GitRelease", "repository": { diff --git a/shell.nix b/shell.nix index 2469f62..8e9b974 100644 --- a/shell.nix +++ b/shell.nix @@ -1,6 +1,10 @@ -{ pkgs ? import (import ./npins { }).nixpkgs {} }: +let + sources = (import ./npins); + pkgs = import sources.nixpkgs {}; +in pkgs.mkShell { packages = [ pkgs.npins + (pkgs.callPackage (sources.disko + "/package.nix") {}) ]; }