disko framework config
This commit is contained in:
parent
413c9866d2
commit
24b182d016
2 changed files with 69 additions and 74 deletions
|
@ -29,14 +29,14 @@ git add keys/hosts/`hostname`.asc
|
||||||
git commit -am "Setup: `whoami`@`hostname`"
|
git commit -am "Setup: `whoami`@`hostname`"
|
||||||
git push
|
git push
|
||||||
|
|
||||||
|
# Fix gnupg permissions:
|
||||||
|
find ~/.gnupg -type f -exec chmod 600 {} \;
|
||||||
|
find ~/.gnupg -type d -exec chmod 700 {} \;
|
||||||
|
|
||||||
echo
|
echo
|
||||||
echo
|
echo
|
||||||
echo "Complete. Once '.sops.yaml' is updated, "
|
echo "Complete. Once '.sops.yaml' is updated, "
|
||||||
echo "you may run 'update-secrets'"
|
echo "you may run 'update-secrets'"
|
||||||
echo "and reboot."
|
echo "and reboot."
|
||||||
|
|
||||||
# Update your .sops.yaml with this key
|
|
||||||
echo "Upd
|
|
||||||
|
|
||||||
|
|
||||||
popd
|
popd
|
|
@ -1,72 +1,67 @@
|
||||||
{
|
{
|
||||||
boot.loader.grub.device = "/dev/nvme0";
|
boot.loader.grub.device = "/dev/nvme0n1";
|
||||||
disko.devices = {
|
boot.initrd.luks.devices."nvme0n1p2".device = "/dev/nvme0n1p2";
|
||||||
disk = {
|
services.btrfs.autoScrub.enable = true;
|
||||||
nvme0 = {
|
services.btrfs.autoScrub.interval = "weekly";
|
||||||
device = "/dev/nvme0";
|
|
||||||
content = {
|
disko.devices.disk.nvme0 = {
|
||||||
type = "table";
|
device = "/dev/nvme0n1";
|
||||||
format = "gpt";
|
content = {
|
||||||
partitions = [
|
type = "table";
|
||||||
{
|
format = "gpt";
|
||||||
name = "BOOT";
|
partitions = [
|
||||||
start = "0%";
|
{
|
||||||
end = "550MiB";
|
name = "BOOT";
|
||||||
bootable = true;
|
start = "0%";
|
||||||
flags = [ "esp" ];
|
end = "550MiB";
|
||||||
fs-type = "fat32";
|
bootable = true;
|
||||||
content = {
|
flags = [ "esp" ];
|
||||||
type = "filesystem";
|
fs-type = "fat32";
|
||||||
format = "vfat";
|
content = {
|
||||||
mountpoint = "/boot";
|
type = "filesystem";
|
||||||
};
|
format = "vfat";
|
||||||
} # partition 1
|
mountpoint = "/boot";
|
||||||
{
|
};
|
||||||
name = "SWAP";
|
} # partition 1 (ESP)
|
||||||
start = "550 MiB";
|
{
|
||||||
end = "120GiB";
|
name = "LUKS";
|
||||||
content = {
|
start = "550MiB";
|
||||||
type = "luks";
|
end = "-64GiB";
|
||||||
name = "LUKS-SWAP";
|
content = {
|
||||||
extraOpenArgs = [ "--allow-discards" ];
|
type = "luks";
|
||||||
settings.keyFile = "";
|
name = "ROOT";
|
||||||
content = {
|
extraOpenArgs = [ "--allow-discards" ];
|
||||||
type = "swap";
|
content = {
|
||||||
};
|
type = "btrfs";
|
||||||
};
|
extraArgs = [ "-f" ];
|
||||||
} # partition 2
|
subvolumes = {
|
||||||
{
|
"/root" = {
|
||||||
name = "ROOT";
|
mountpoint = "/";
|
||||||
start = "120GiB";
|
mountOptions = [ "compress=zstd" "noatime" ];
|
||||||
end = "100%";
|
}; # root
|
||||||
content = {
|
"/home" = {
|
||||||
type = "luks";
|
mountpoint = "/home";
|
||||||
name = "LUKS-ROOT";
|
mountOptions = [ "compress=zstd" "noatime" ];
|
||||||
extraOpenArgs = [ "--allow-discards" ];
|
}; # home
|
||||||
settings.keyFile = "/tmp/secret.key";
|
"/nix" = {
|
||||||
content = {
|
mountpoint = "/nix";
|
||||||
type = "btrfs";
|
mountOptions = [ "compress=zstd" "noatime" ];
|
||||||
extraArgs = [ "-f" ];
|
}; # nix
|
||||||
subvolumes = {
|
}; # subvolumes
|
||||||
"/root" = {
|
}; # content.content
|
||||||
mountpoint = "/";
|
}; # content
|
||||||
mountOptions = [ "compress=zstd" "noatime" ];
|
} # partition 2 (/ BTRFS)
|
||||||
}; # root
|
{
|
||||||
"/home" = {
|
name = "SWAP";
|
||||||
mountpoint = "/home";
|
start = "-64GiB";
|
||||||
mountOptions = [ "compress=zstd" "noatime" ];
|
end = "100%";
|
||||||
}; # home
|
content = {
|
||||||
"/nix" = {
|
type = "swap";
|
||||||
mountpoint = "/nix";
|
randomEncryption = true;
|
||||||
mountOptions = [ "compress=zstd" "noatime" ];
|
resumeDevice = true; # resume from hiberation from this device
|
||||||
}; # nix
|
};
|
||||||
}; # subvolumes
|
} # partition 3 (SWAP)
|
||||||
}; # content.content
|
]; # partitions
|
||||||
}; # content
|
}; # content
|
||||||
} # partition 3
|
}; # disko.devices.disk.sda
|
||||||
]; # partitions
|
|
||||||
}; # content
|
|
||||||
}; # sda
|
|
||||||
}; # disk
|
|
||||||
}; # disko.devices
|
|
||||||
} # root
|
} # root
|
Loading…
Reference in a new issue