diff options
| author | Franck Cuny <franck@fcuny.net> | 2026-01-24 10:55:16 -0800 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2026-01-24 10:55:16 -0800 |
| commit | 737b74c58de0712973f81c91aa07748c02deef70 (patch) | |
| tree | 671639fb8ae43ff9482d36331cf6f706bfb01d1a /profiles/disk | |
| parent | update documentation for creating an ISO (diff) | |
| download | infra-737b74c58de0712973f81c91aa07748c02deef70.tar.gz | |
adding a new VM for testing
Re-key all the secrets.
Diffstat (limited to '')
| -rw-r--r-- | profiles/disk/btrfs-on-luks.nix | 102 |
1 files changed, 54 insertions, 48 deletions
diff --git a/profiles/disk/btrfs-on-luks.nix b/profiles/disk/btrfs-on-luks.nix index 3fe57f7..aea2c0c 100644 --- a/profiles/disk/btrfs-on-luks.nix +++ b/profiles/disk/btrfs-on-luks.nix @@ -1,4 +1,4 @@ -{ ... }: +{ lib, config, ... }: let btrfsopt = [ "compress=zstd" @@ -13,55 +13,52 @@ in ]; disko.devices = { - disk = { - main = { - type = "disk"; - device = "/dev/nvme0n1"; - content = { - type = "gpt"; - partitions = { - ESP = { - size = "2G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ - "fmask=0022" - "dmask=0022" - ]; - }; + disk.disk1 = { + type = "disk"; + device = lib.mkDefault "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + size = "2G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; }; - luks = { - size = "100%"; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "nixos"; + passwordFile = "/tmp/disk.key"; + settings.allowDiscards = true; content = { - type = "luks"; - name = "nixos"; - passwordFile = "/tmp/pass"; - settings = { - allowDiscards = true; - }; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "@root" = { - mountpoint = "/"; - mountOptions = btrfsopt; - }; - "@home" = { - mountpoint = "/home"; - mountOptions = btrfsopt; - }; - "@nix" = { - mountpoint = "/nix"; - mountOptions = btrfsopt; - }; - "@data" = { - mountpoint = "/data"; - mountOptions = btrfsopt; - }; + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = lib.mkIf (!config.ephemeralRoot) { + mountpoint = "/"; + mountOptions = btrfsopt; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = btrfsopt; + }; + "/data" = { + mountpoint = "/data"; + mountOptions = btrfsopt; + }; + "/persist" = { + mountpoint = "/persist"; + mountOptions = btrfsopt; }; }; }; @@ -70,5 +67,14 @@ in }; }; }; + nodev."/" = lib.mkIf config.ephemeralRoot { + fsType = "tmpfs"; + mountOptions = [ + "size=16G" + "defaults" + "mode=755" + ]; + }; }; + fileSystems."/persist".neededForBoot = true; } |