2024-05-26 13:13:35 +01:00
|
|
|
{lib, inputs, config, device ? throw "Must define a device, e.g. /dev/sda", ...}:
|
2024-05-26 13:11:54 +01:00
|
|
|
let
|
|
|
|
|
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/root".path;
|
|
|
|
|
in
|
2024-05-16 16:54:21 +01:00
|
|
|
{
|
|
|
|
|
disko.devices = {
|
|
|
|
|
disk = {
|
|
|
|
|
vdb = {
|
|
|
|
|
type = "disk";
|
2024-05-26 13:11:54 +01:00
|
|
|
inherit device;
|
2024-05-16 16:54:21 +01:00
|
|
|
content = {
|
|
|
|
|
type = "gpt";
|
|
|
|
|
partitions = {
|
|
|
|
|
ESP = {
|
|
|
|
|
size = "512M";
|
|
|
|
|
type = "EF00";
|
|
|
|
|
content = {
|
|
|
|
|
type = "filesystem";
|
|
|
|
|
format = "vfat";
|
|
|
|
|
mountpoint = "/boot";
|
|
|
|
|
mountOptions = [
|
|
|
|
|
"defaults"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
luks = {
|
|
|
|
|
size = "100%";
|
|
|
|
|
content = {
|
|
|
|
|
type = "luks";
|
|
|
|
|
name = "crypted";
|
|
|
|
|
# disable settings.keyFile if you want to use interactive password entry
|
|
|
|
|
#passwordFile = "/tmp/secret.key"; # Interactive
|
|
|
|
|
settings = {
|
|
|
|
|
allowDiscards = true;
|
2024-05-26 13:11:54 +01:00
|
|
|
keyFile = "${sopsHashedPasswordFile}";
|
2024-05-16 16:54:21 +01:00
|
|
|
};
|
2024-05-26 13:11:54 +01:00
|
|
|
content = {
|
|
|
|
|
type = "btrfs";
|
|
|
|
|
extraArgs = ["-f"];
|
|
|
|
|
subvolumes = {
|
|
|
|
|
"/root" = {
|
|
|
|
|
mountpoint = "/";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
"/persist" = {
|
|
|
|
|
mountOptions = [ "subvol=persist" ];
|
|
|
|
|
mountpoint = "/persist";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
"/nix" = {
|
|
|
|
|
mountOptions = [ "subvol=nix" "noatime" ];
|
|
|
|
|
mountpoint = "/nix";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
"/swap" = {
|
|
|
|
|
mountOptions = [ "noatime" ];
|
|
|
|
|
mountpoint = "/.swapvol";
|
|
|
|
|
swap.swapfile.size = "8192M";
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-05-16 16:54:21 +01:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
