Tom Hubrecht
88d9b8c3e3
Some checks failed
Check meta / check_dns (pull_request) Successful in 19s
Check meta / check_meta (pull_request) Successful in 20s
Check workflows / check_workflows (pull_request) Successful in 24s
Build all the nodes / ap01 (pull_request) Successful in 1m15s
Build all the nodes / bridge01 (pull_request) Successful in 1m53s
Build all the nodes / geo01 (pull_request) Successful in 1m55s
Build all the nodes / geo02 (pull_request) Successful in 1m53s
Build all the nodes / compute01 (pull_request) Successful in 2m33s
Build all the nodes / rescue01 (pull_request) Successful in 2m13s
Build all the nodes / storage01 (pull_request) Successful in 1m57s
Run pre-commit on all files / check (pull_request) Successful in 30s
Build all the nodes / web02 (pull_request) Successful in 1m47s
Build all the nodes / vault01 (pull_request) Successful in 2m21s
Build all the nodes / web03 (pull_request) Successful in 1m40s
Build all the nodes / web01 (pull_request) Successful in 2m54s
Check meta / check_dns (push) Successful in 20s
Check meta / check_meta (push) Successful in 19s
Check workflows / check_workflows (push) Successful in 25s
Build all the nodes / ap01 (push) Successful in 1m16s
Build all the nodes / bridge01 (push) Successful in 1m41s
Build all the nodes / geo02 (push) Successful in 1m44s
Build all the nodes / geo01 (push) Successful in 1m53s
Build all the nodes / compute01 (push) Successful in 2m20s
Build all the nodes / rescue01 (push) Successful in 1m49s
Build all the nodes / storage01 (push) Successful in 1m46s
Build all the nodes / vault01 (push) Successful in 1m45s
Run pre-commit on all files / check (push) Successful in 30s
Build all the nodes / web02 (push) Has been cancelled
Build all the nodes / web01 (push) Has been cancelled
Build all the nodes / web03 (push) Has been cancelled
Signed-off-by: Tom Hubrecht <tom.hubrecht@dgnum.eu> Acked-by: Ryan Lahfa <ryan.lahfa@dgnum.eu> Acked-by: Maurice Debray <maurice.debray@dgnum.eu> Acked-by: Lubin Bailly <lubin.bailly@dgnum.eu> Acked-by: Jean-Marc Gailis <jean-marc.gailis@dgnum.eu> as the legal authority, at the time of writing, in DGNum. Acked-by: Elias Coppens <elias.coppens@dgnum.eu> as a member, at the time of writing, of the DGNum executive counsel.
86 lines
2.3 KiB
Nix
86 lines
2.3 KiB
Nix
# SPDX-FileCopyrightText: 2024 Maurice Debray <maurice.debray@dgnum.eu>
|
|
#
|
|
# SPDX-License-Identifier: EUPL-1.2
|
|
|
|
_:
|
|
|
|
let
|
|
luksName = "mainfs";
|
|
in
|
|
{
|
|
boot.initrd.luks.devices.${luksName} = {
|
|
keyFile = "/dev/zero";
|
|
keyFileSize = 1;
|
|
};
|
|
disko.devices = {
|
|
disk = {
|
|
vdb = {
|
|
device = "/dev/vdb";
|
|
type = "disk";
|
|
content = {
|
|
type = "gpt";
|
|
partitions = {
|
|
ESP = {
|
|
start = "1MiB";
|
|
label = "ESP";
|
|
end = "512MiB";
|
|
type = "EF00";
|
|
priority = 1;
|
|
content = {
|
|
type = "filesystem";
|
|
format = "vfat";
|
|
mountpoint = "/boot";
|
|
};
|
|
};
|
|
luks = {
|
|
start = "512MiB";
|
|
end = "-4GiB";
|
|
content = rec {
|
|
type = "luks";
|
|
name = luksName;
|
|
extraOpenArgs = [ "--keyfile-size=1" ];
|
|
extraFormatArgs = extraOpenArgs;
|
|
settings.keyFile = "/dev/zero";
|
|
content = {
|
|
type = "btrfs";
|
|
mountpoint = "/mnt/btrfs-root";
|
|
subvolumes = {
|
|
"/rootfs" = {
|
|
mountpoint = "/";
|
|
mountOptions = [ "compress=zstd" ];
|
|
};
|
|
"/home" = {
|
|
mountOptions = [ "compress=zstd" ];
|
|
mountpoint = "/home";
|
|
};
|
|
"/var-log" = {
|
|
mountOptions = [ "compress=zstd" ];
|
|
mountpoint = "/var/log";
|
|
};
|
|
"/nix" = {
|
|
mountOptions = [
|
|
"noatime"
|
|
"compress=zstd"
|
|
];
|
|
mountpoint = "/nix";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
swap = {
|
|
label = "swap";
|
|
start = "-4GiB";
|
|
end = "100%";
|
|
priority = 3;
|
|
content = {
|
|
type = "swap";
|
|
randomEncryption = true;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|