tux19
/
nixos-configuration
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
46 Commits
2 Branches
0 Tags
6.8 MiB
 
 
Tag: Branch: Tree: 6ba096b77b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6ba096b77b'
${ noResults }
nixos-configuration/disko.nix

114 lines
4.0 KiB
Raw Blame History

{
# https://github.com/nix-community/disko/blob/master/docs/quickstart.md
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme1n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "2G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
size = "2004G";
content = {
type = "luks";
name = "crypted_root";
settings = {
allowDiscards = true;
bypassWorkqueues = true;
keyFile = "/tmp/yk/yk_mini.key";
};
additionalKeyFiles = [ "/tmp/yk/yk_the_big_one.key" "/tmp/yk/yk_on_key.key" "/tmp/yk/yk_round.key" ];
# https://github.com/sgillespie/nixos-yubikey-luks
extraFormatArgs = [ "--cipher=aes-xts-plain64" "--key-size=512" "--hash=sha512" ];
initrdUnlock = false; # we have to add it manually because of the yubikeys
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
# https://unix.stackexchange.com/questions/752741/what-is-the-mount-option-space-cache-v2
mountOptions = [ "compress=zstd" "noatime" "space_cache=v2" "commit=120"];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" "space_cache=v2" "commit=120"];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" "space_cache=v2" "commit=120"];
};
"/var" = {
mountpoint = "/var";
mountOptions = [ "compress=zstd" "noatime" "space_cache=v2" "commit=120"];
};
"/docker-btrfs" = {
mountpoint = "/var/lib/docker/btrfs";
mountOptions = [ "compress=zstd" "noatime" "space_cache=v2" "commit=120"];
};
};
};
};
};
};
};
};
backup = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "40M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
};
};
luks = {
size = "1024G";
content = {
type = "luks";
name = "crypted_backup";
settings = {
allowDiscards = true;
bypassWorkqueues = true;
keyFile = "/tmp/yk/yk_mini.key";
};
additionalKeyFiles = [ "/tmp/yk/yk_the_big_one.key" "/tmp/yk/yk_on_key.key" "/tmp/yk/yk_round.key" ];
extraFormatArgs = [ "--cipher=aes-xts-plain64" "--key-size=512" "--hash=sha512" ];
initrdUnlock = false; # we have to add it manually because of the yubikeys
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/backup" = {
mountpoint = "/backup";
mountOptions = [ "compress=zstd" "noatime" "space_cache=v2" "commit=120"];
};
};
};
};
};
};
};
};
};
};
}

Powered by TurnKey Linux.