diff --git a/flake.lock b/flake.lock index 8aa7f88..80f951c 100644 --- a/flake.lock +++ b/flake.lock @@ -255,11 +255,11 @@ "nix-secrets": { "flake": false, "locked": { - "lastModified": 1716818667, - "narHash": "sha256-t5TG+Y+T+U/a84pILOJgLBQwP6lE4MOMT1+W0+q26a8=", + "lastModified": 1716820965, + "narHash": "sha256-QqtWvCBWcgHw9gqqOsVqf1GvRtaQ5Mu5ctEiSOi16F0=", "ref": "refs/heads/master", - "rev": "658287451387f15166fe7266b411aba50d520a61", - "revCount": 61, + "rev": "440f1b55a39b38c763eb1e2609943334d9b6736e", + "revCount": 62, "type": "git", "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" }, diff --git a/hosts/common/disks/btrfs-luks.nix b/hosts/common/disks/btrfs-luks.nix new file mode 100644 index 0000000..29df75a --- /dev/null +++ b/hosts/common/disks/btrfs-luks.nix @@ -0,0 +1,37 @@ +{device ? throw "Must define a device, e.g. /dev/sda"}: +{ + disko.devices = { + disk = { + vdb = { + type = "disk"; + inherit device; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + passwordFile = "/tmp/luks_secret.key"; # Interactive + content = (import ./btrfs-persist.nix); + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/common/disks/btrfs-lvm.nix b/hosts/common/disks/btrfs-lvm.nix new file mode 100644 index 0000000..2837ab9 --- /dev/null +++ b/hosts/common/disks/btrfs-lvm.nix @@ -0,0 +1,45 @@ +{device ? throw "Must define a device, e.g. /dev/sda"}: +{ + disko.devices = { + disk.main = { + inherit device; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1M"; + end = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "lvm_pv"; + vg = "root_vg"; + }; + }; + }; + }; + }; + lvm_vg = { + root_vg = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%FREE"; + content = (import ./btrfs-persist.nix); + }; + }; + }; + }; + }; +} diff --git a/hosts/common/disks/btrfs-persist.nix b/hosts/common/disks/btrfs-persist.nix new file mode 100644 index 0000000..13f72e7 --- /dev/null +++ b/hosts/common/disks/btrfs-persist.nix @@ -0,0 +1,25 @@ +{ + type = "btrfs"; + extraArgs = ["-f"]; + subvolumes = { + "/root" = { + mountpoint = "/"; + }; + + "/persist" = { + mountOptions = [ "subvol=persist" ]; + mountpoint = "/persist"; + }; + + "/nix" = { + mountOptions = [ "subvol=nix" "noatime" ]; + mountpoint = "/nix"; + }; + + "/swap" = { + mountOptions = [ "noatime" ]; + mountpoint = "/.swapvol"; + swap.swapfile.size = "8192M"; + }; + }; +} diff --git a/hosts/common/disks/default.nix b/hosts/common/disks/default.nix index 8a33d58..22a05c9 100644 --- a/hosts/common/disks/default.nix +++ b/hosts/common/disks/default.nix @@ -1,7 +1,11 @@ { device, fsType, encrypted, ... }: let - ext4 = import ./gpt-bios-compact.nix { inherit device; }; - - btrfs = import ./luks-btrfs-subvolumes.nix { inherit device; }; + # basic and perists configs. basic fs = ext4, persist fs = btrfs either encrypted or under lvm + basic = import ./gpt-bios-compact.nix { inherit device; }; + btrfs-persist-lvm = import ./btrfs-lvm.nix { inherit device; }; + btrfs-persist-luks = import ./btrfs-luks.nix { inherit device; }; in -if fsType == "ext4" then ext4 else btrfs +if fsType == "ext4" then basic +else if fsType == "btrfs" && encrypted then btrfs-persist-luks +else if fsType == "btrfs" then btrfs-persist-lvm +else null # or some default value diff --git a/hosts/common/disks/luks-btrfs-subvolumes.nix b/hosts/common/disks/luks-btrfs-subvolumes.nix deleted file mode 100644 index 3b902bd..0000000 --- a/hosts/common/disks/luks-btrfs-subvolumes.nix +++ /dev/null @@ -1,61 +0,0 @@ -{device ? throw "Must define a device, e.g. /dev/sda"}: -{ - disko.devices = { - disk = { - vdb = { - type = "disk"; - inherit device; - content = { - type = "gpt"; - partitions = { - ESP = { - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ - "defaults" - ]; - }; - }; - luks = { - size = "100%"; - content = { - type = "luks"; - name = "crypted"; - passwordFile = "/tmp/luks_secret.key"; # Interactive - content = { - type = "btrfs"; - extraArgs = ["-f"]; - subvolumes = { - "/root" = { - mountpoint = "/"; - }; - - "/persist" = { - mountOptions = [ "subvol=persist" ]; - mountpoint = "/persist"; - }; - - "/nix" = { - mountOptions = [ "subvol=nix" "noatime" ]; - mountpoint = "/nix"; - }; - - "/swap" = { - mountOptions = [ "noatime" ]; - mountpoint = "/.swapvol"; - swap.swapfile.size = "8192M"; - }; - }; - }; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/common/disks/std-disk-config.nix b/hosts/common/disks/std-disk-config.nix deleted file mode 100644 index cf44fb6..0000000 --- a/hosts/common/disks/std-disk-config.nix +++ /dev/null @@ -1,69 +0,0 @@ -{device ? throw "Must define a device, e.g. /dev/sda"}: -{ - disko.devices = { - disk.main = { - inherit device; - type = "disk"; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - start = "1M"; - end = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - root = { - name = "root"; - size = "100%"; - content = { - type = "lvm_pv"; - vg = "root_vg"; - }; - }; - }; - }; - }; - lvm_vg = { - root_vg = { - type = "lvm_vg"; - lvs = { - root = { - size = "100%FREE"; - content = { - type = "btrfs"; - extraArgs = ["-f"]; - subvolumes = { - "/root" = { - mountpoint = "/"; - }; - - "/persist" = { - mountOptions = [ "subvol=persist" ]; - mountpoint = "/persist"; - }; - - "/nix" = { - mountOptions = [ "subvol=nix" "noatime" ]; - mountpoint = "/nix"; - }; - - "/swap" = { - mountOptions = [ "noatime" ]; - mountpoint = "/.swapvol"; - swap.swapfile.size = "8192M"; - }; - }; - }; - }; - }; - }; - }; - }; -}