Changed framework12 disk

2025-07-28 20:13:59 +02:00 · 2025-07-28 20:13:59 +02:00 · 598b1b89f6
commit 598b1b89f6
parent 59b84ad9f0
3 changed files with 93 additions and 1 deletions
--- a/disko/impermanence-btrfs-luks.nix
+++ b/disko/impermanence-btrfs-luks.nix
@ -0,0 +1,85 @@
+{ device ? throw "Set this to your disk device, e.g. /dev/sda", , ... }:
+# IMPORTANT
+# Calculate offset using https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Acquire_swap_file_offset
+# AND create this config
+# {
+#  boot = {
+#    kernelParams = [
+#      "resume_offset=YOUR_OFFSET"
+#    ];
+#    resumeDevice = "/dev/disk/by-label/nixos";
+#  };
+#}
+
+{
+  disko.devices = {
+    disk = {
+      nvme0n1 = {
+        type = "disk";
+        inherit device;
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              label = "boot";
+              name = "ESP";
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [
+                  "defaults"
+                ];
+              };
+            };
+            luks = {
+              size = "100%";
+              label = "luks";
+              content = {
+                type = "luks";
+                name = "root_vg";
+                extraOpenArgs = [
+                  "--allow-discards"
+                  "--perf-no_read_workqueue"
+                  "--perf-no_write_workqueue"
+                ];
+                # https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html
+                settings = {crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];};
+                content = {
+                  type = "btrfs";
+                  extraArgs = ["-L" "nixos" "-f"];
+                  subvolumes = {
+                    "/root" = {
+                      mountpoint = "/";
+                      mountOptions = ["subvol=root" "compress=zstd" "noatime"];
+                    };
+                    "/home" = {
+                      mountpoint = "/home";
+                      mountOptions = ["subvol=home" "compress=zstd" "noatime"];
+                    };
+                    "/nix" = {
+                      mountpoint = "/nix";
+                      mountOptions = ["subvol=nix" "compress=zstd" "noatime"];
+                    };
+                    "/persist" = {
+                      mountpoint = "/persist";
+                      mountOptions = ["subvol=persist" "compress=zstd" "noatime"];
+                    };
+                    "/swap" = {
+                      mountpoint = "/swap";
+                      swap.swapfile.size = "64G";
+                    };
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+
+  fileSystems."/persist".neededForBoot = true;
+}
--- a/flake.nix
+++ b/flake.nix
@ -263,7 +263,7 @@
        system = x86;
        pkgs = kylekrein-framework12-pkgs nixpkgs;
        modules = [
-          (import ./disko/impermanence-tmpfs-luks.nix {device = "/dev/nvme0n1";})
+          (import ./disko/impermanence-btrfs-luks.nix {device = "/dev/nvme0n1";})
          ./nixos/configuration.nix
        ];
      };
--- a/nixos/hosts/kylekrein-framework12/default.nix
+++ b/nixos/hosts/kylekrein-framework12/default.nix
@ -20,6 +20,13 @@

    ../../users/tania
  ];
+  boot = {
+  #  kernelParams = [
+  #    "resume_offset=YOUR_OFFSET"
+  #  ];
+ #   resumeDevice = "/dev/disk/by-label/nixos";
+  };
+
  sops.secrets."ssh_keys/${hwconfig.hostname}" = {};
  facter.reportPath = lib.mkForce null; #changeme ?
  services.fwupd.enable = true; #fwupdmgr update