disko framework config

This commit is contained in:
iFargle 2023-09-23 12:10:12 +09:00
parent 413c9866d2
commit 24b182d016
2 changed files with 69 additions and 74 deletions

View file

@ -29,14 +29,14 @@ git add keys/hosts/`hostname`.asc
git commit -am "Setup: `whoami`@`hostname`"
git push
# Fix gnupg permissions:
find ~/.gnupg -type f -exec chmod 600 {} \;
find ~/.gnupg -type d -exec chmod 700 {} \;
echo
echo
echo "Complete. Once '.sops.yaml' is updated, "
echo "you may run 'update-secrets'"
echo "and reboot."
# Update your .sops.yaml with this key
echo "Upd
popd

View file

@ -1,9 +1,11 @@
{
boot.loader.grub.device = "/dev/nvme0";
disko.devices = {
disk = {
nvme0 = {
device = "/dev/nvme0";
boot.loader.grub.device = "/dev/nvme0n1";
boot.initrd.luks.devices."nvme0n1p2".device = "/dev/nvme0n1p2";
services.btrfs.autoScrub.enable = true;
services.btrfs.autoScrub.interval = "weekly";
disko.devices.disk.nvme0 = {
device = "/dev/nvme0n1";
content = {
type = "table";
format = "gpt";
@ -20,30 +22,15 @@
format = "vfat";
mountpoint = "/boot";
};
} # partition 1
} # partition 1 (ESP)
{
name = "SWAP";
start = "550 MiB";
end = "120GiB";
name = "LUKS";
start = "550MiB";
end = "-64GiB";
content = {
type = "luks";
name = "LUKS-SWAP";
extraOpenArgs = [ "--allow-discards" ];
settings.keyFile = "";
content = {
type = "swap";
};
};
} # partition 2
{
name = "ROOT";
start = "120GiB";
end = "100%";
content = {
type = "luks";
name = "LUKS-ROOT";
extraOpenArgs = [ "--allow-discards" ];
settings.keyFile = "/tmp/secret.key";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
@ -63,10 +50,18 @@
}; # subvolumes
}; # content.content
}; # content
} # partition 3
} # partition 2 (/ BTRFS)
{
name = "SWAP";
start = "-64GiB";
end = "100%";
content = {
type = "swap";
randomEncryption = true;
resumeDevice = true; # resume from hiberation from this device
};
} # partition 3 (SWAP)
]; # partitions
}; # content
}; # sda
}; # disk
}; # disko.devices
}; # disko.devices.disk.sda
} # root