disko framework config

This commit is contained in:
iFargle 2023-09-23 12:10:12 +09:00
parent 413c9866d2
commit 24b182d016
2 changed files with 69 additions and 74 deletions

View file

@ -29,14 +29,14 @@ git add keys/hosts/`hostname`.asc
git commit -am "Setup: `whoami`@`hostname`" git commit -am "Setup: `whoami`@`hostname`"
git push git push
# Fix gnupg permissions:
find ~/.gnupg -type f -exec chmod 600 {} \;
find ~/.gnupg -type d -exec chmod 700 {} \;
echo echo
echo echo
echo "Complete. Once '.sops.yaml' is updated, " echo "Complete. Once '.sops.yaml' is updated, "
echo "you may run 'update-secrets'" echo "you may run 'update-secrets'"
echo "and reboot." echo "and reboot."
# Update your .sops.yaml with this key
echo "Upd
popd popd

View file

@ -1,9 +1,11 @@
{ {
boot.loader.grub.device = "/dev/nvme0"; boot.loader.grub.device = "/dev/nvme0n1";
disko.devices = { boot.initrd.luks.devices."nvme0n1p2".device = "/dev/nvme0n1p2";
disk = { services.btrfs.autoScrub.enable = true;
nvme0 = { services.btrfs.autoScrub.interval = "weekly";
device = "/dev/nvme0";
disko.devices.disk.nvme0 = {
device = "/dev/nvme0n1";
content = { content = {
type = "table"; type = "table";
format = "gpt"; format = "gpt";
@ -20,30 +22,15 @@
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/boot";
}; };
} # partition 1 } # partition 1 (ESP)
{ {
name = "SWAP"; name = "LUKS";
start = "550 MiB"; start = "550MiB";
end = "120GiB"; end = "-64GiB";
content = { content = {
type = "luks"; type = "luks";
name = "LUKS-SWAP";
extraOpenArgs = [ "--allow-discards" ];
settings.keyFile = "";
content = {
type = "swap";
};
};
} # partition 2
{
name = "ROOT"; name = "ROOT";
start = "120GiB";
end = "100%";
content = {
type = "luks";
name = "LUKS-ROOT";
extraOpenArgs = [ "--allow-discards" ]; extraOpenArgs = [ "--allow-discards" ];
settings.keyFile = "/tmp/secret.key";
content = { content = {
type = "btrfs"; type = "btrfs";
extraArgs = [ "-f" ]; extraArgs = [ "-f" ];
@ -63,10 +50,18 @@
}; # subvolumes }; # subvolumes
}; # content.content }; # content.content
}; # content }; # content
} # partition 3 } # partition 2 (/ BTRFS)
{
name = "SWAP";
start = "-64GiB";
end = "100%";
content = {
type = "swap";
randomEncryption = true;
resumeDevice = true; # resume from hiberation from this device
};
} # partition 3 (SWAP)
]; # partitions ]; # partitions
}; # content }; # content
}; # sda }; # disko.devices.disk.sda
}; # disk
}; # disko.devices
} # root } # root