disko framework config
This commit is contained in:
parent
413c9866d2
commit
24b182d016
2 changed files with 69 additions and 74 deletions
|
@ -29,14 +29,14 @@ git add keys/hosts/`hostname`.asc
|
|||
git commit -am "Setup: `whoami`@`hostname`"
|
||||
git push
|
||||
|
||||
# Fix gnupg permissions:
|
||||
find ~/.gnupg -type f -exec chmod 600 {} \;
|
||||
find ~/.gnupg -type d -exec chmod 700 {} \;
|
||||
|
||||
echo
|
||||
echo
|
||||
echo "Complete. Once '.sops.yaml' is updated, "
|
||||
echo "you may run 'update-secrets'"
|
||||
echo "and reboot."
|
||||
|
||||
# Update your .sops.yaml with this key
|
||||
echo "Upd
|
||||
|
||||
|
||||
popd
|
|
@ -1,72 +1,67 @@
|
|||
{
|
||||
boot.loader.grub.device = "/dev/nvme0";
|
||||
disko.devices = {
|
||||
disk = {
|
||||
nvme0 = {
|
||||
device = "/dev/nvme0";
|
||||
content = {
|
||||
type = "table";
|
||||
format = "gpt";
|
||||
partitions = [
|
||||
{
|
||||
name = "BOOT";
|
||||
start = "0%";
|
||||
end = "550MiB";
|
||||
bootable = true;
|
||||
flags = [ "esp" ];
|
||||
fs-type = "fat32";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
};
|
||||
} # partition 1
|
||||
{
|
||||
name = "SWAP";
|
||||
start = "550 MiB";
|
||||
end = "120GiB";
|
||||
content = {
|
||||
type = "luks";
|
||||
name = "LUKS-SWAP";
|
||||
extraOpenArgs = [ "--allow-discards" ];
|
||||
settings.keyFile = "";
|
||||
content = {
|
||||
type = "swap";
|
||||
};
|
||||
};
|
||||
} # partition 2
|
||||
{
|
||||
name = "ROOT";
|
||||
start = "120GiB";
|
||||
end = "100%";
|
||||
content = {
|
||||
type = "luks";
|
||||
name = "LUKS-ROOT";
|
||||
extraOpenArgs = [ "--allow-discards" ];
|
||||
settings.keyFile = "/tmp/secret.key";
|
||||
content = {
|
||||
type = "btrfs";
|
||||
extraArgs = [ "-f" ];
|
||||
subvolumes = {
|
||||
"/root" = {
|
||||
mountpoint = "/";
|
||||
mountOptions = [ "compress=zstd" "noatime" ];
|
||||
}; # root
|
||||
"/home" = {
|
||||
mountpoint = "/home";
|
||||
mountOptions = [ "compress=zstd" "noatime" ];
|
||||
}; # home
|
||||
"/nix" = {
|
||||
mountpoint = "/nix";
|
||||
mountOptions = [ "compress=zstd" "noatime" ];
|
||||
}; # nix
|
||||
}; # subvolumes
|
||||
}; # content.content
|
||||
}; # content
|
||||
} # partition 3
|
||||
]; # partitions
|
||||
}; # content
|
||||
}; # sda
|
||||
}; # disk
|
||||
}; # disko.devices
|
||||
boot.loader.grub.device = "/dev/nvme0n1";
|
||||
boot.initrd.luks.devices."nvme0n1p2".device = "/dev/nvme0n1p2";
|
||||
services.btrfs.autoScrub.enable = true;
|
||||
services.btrfs.autoScrub.interval = "weekly";
|
||||
|
||||
disko.devices.disk.nvme0 = {
|
||||
device = "/dev/nvme0n1";
|
||||
content = {
|
||||
type = "table";
|
||||
format = "gpt";
|
||||
partitions = [
|
||||
{
|
||||
name = "BOOT";
|
||||
start = "0%";
|
||||
end = "550MiB";
|
||||
bootable = true;
|
||||
flags = [ "esp" ];
|
||||
fs-type = "fat32";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
};
|
||||
} # partition 1 (ESP)
|
||||
{
|
||||
name = "LUKS";
|
||||
start = "550MiB";
|
||||
end = "-64GiB";
|
||||
content = {
|
||||
type = "luks";
|
||||
name = "ROOT";
|
||||
extraOpenArgs = [ "--allow-discards" ];
|
||||
content = {
|
||||
type = "btrfs";
|
||||
extraArgs = [ "-f" ];
|
||||
subvolumes = {
|
||||
"/root" = {
|
||||
mountpoint = "/";
|
||||
mountOptions = [ "compress=zstd" "noatime" ];
|
||||
}; # root
|
||||
"/home" = {
|
||||
mountpoint = "/home";
|
||||
mountOptions = [ "compress=zstd" "noatime" ];
|
||||
}; # home
|
||||
"/nix" = {
|
||||
mountpoint = "/nix";
|
||||
mountOptions = [ "compress=zstd" "noatime" ];
|
||||
}; # nix
|
||||
}; # subvolumes
|
||||
}; # content.content
|
||||
}; # content
|
||||
} # partition 2 (/ BTRFS)
|
||||
{
|
||||
name = "SWAP";
|
||||
start = "-64GiB";
|
||||
end = "100%";
|
||||
content = {
|
||||
type = "swap";
|
||||
randomEncryption = true;
|
||||
resumeDevice = true; # resume from hiberation from this device
|
||||
};
|
||||
} # partition 3 (SWAP)
|
||||
]; # partitions
|
||||
}; # content
|
||||
}; # disko.devices.disk.sda
|
||||
} # root
|
Loading…
Reference in a new issue