tux19
/
nixos-configuration
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
70 Commits
2 Branches
0 Tags
6.8 MiB
 
 
Tag: Branch: Tree: a377905297
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a377905297'
${ noResults }
nixos-configuration/disko.nix

160 lines
4.9 KiB
Raw Blame History

{
# https://github.com/nix-community/disko/blob/master/docs/quickstart.md
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme1n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "2G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
size = "2004G";
content = {
type = "luks";
name = "crypted_root";
settings = {
allowDiscards = true;
bypassWorkqueues = true;
keyFile = "/tmp/yk/yk_mini.key";
};
additionalKeyFiles = [
"/tmp/yk/yk_the_big_one.key"
"/tmp/yk/yk_on_key.key"
"/tmp/yk/yk_round.key"
];
# https://github.com/sgillespie/nixos-yubikey-luks
extraFormatArgs = [
"--cipher=aes-xts-plain64"
"--key-size=512"
"--hash=sha512"
];
initrdUnlock = false; # we have to add it manually because of the yubikeys
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
# https://unix.stackexchange.com/questions/752741/what-is-the-mount-option-space-cache-v2
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
"commit=120"
];
};
"/home" = {
mountpoint = "/home";
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
"commit=120"
];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
"commit=120"
];
};
"/var" = {
mountpoint = "/var";
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
"commit=120"
];
};
"/docker-btrfs" = {
mountpoint = "/var/lib/docker/btrfs";
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
"commit=120"
];
};
};
};
};
};
};
};
};
backup = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "40M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
};
};
luks = {
size = "1024G";
content = {
type = "luks";
name = "crypted_backup";
settings = {
allowDiscards = true;
bypassWorkqueues = true;
keyFile = "/tmp/yk/yk_mini.key";
};
additionalKeyFiles = [
"/tmp/yk/yk_the_big_one.key"
"/tmp/yk/yk_on_key.key"
"/tmp/yk/yk_round.key"
];
extraFormatArgs = [
"--cipher=aes-xts-plain64"
"--key-size=512"
"--hash=sha512"
];
initrdUnlock = false; # we have to add it manually because of the yubikeys
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/backup" = {
mountpoint = "/backup";
mountOptions = [
"compress=zstd"
"noatime"
"space_cache=v2"
"commit=120"
];
};
};
};
};
};
};
};
};
};
};
}

Powered by TurnKey Linux.