71 lines
1.8 KiB
Nix
71 lines
1.8 KiB
Nix
{lib, ...}: let
|
|
addHdd = device: name: {
|
|
type = "disk";
|
|
inherit device;
|
|
content = {
|
|
type = "gpt";
|
|
partitions = {
|
|
luks = {
|
|
size = "100%";
|
|
label = "luks-${name}";
|
|
content = {
|
|
type = "luks";
|
|
inherit name;
|
|
extraOpenArgs = [
|
|
"--allow-discards"
|
|
"--perf-no_read_workqueue"
|
|
"--perf-no_write_workqueue"
|
|
];
|
|
# https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html
|
|
settings = {
|
|
keyFile = "/tmp/secret.key";
|
|
crypttabExtraOpts = [
|
|
"fido2-device=auto"
|
|
"token-timeout=10"
|
|
];
|
|
};
|
|
content = {
|
|
type = "zfs";
|
|
pool = "zstorage";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
in {
|
|
disko.devices = {
|
|
disk = {
|
|
hdd1 = addHdd "/dev/sda" "crypt-hdd1";
|
|
hdd2 = addHdd "/dev/sdb" "crypt-hdd2";
|
|
hdd3 = addHdd "/dev/sdc" "crypt-hdd3";
|
|
hdd4 = addHdd "/dev/sdd" "crypt-hdd4";
|
|
};
|
|
zpool = {
|
|
zstorage = {
|
|
type = "zpool";
|
|
mode = "raidz2";
|
|
options.compression = "zstd";
|
|
options.ashift = "12";
|
|
mountpoint = "/zstorage";
|
|
datasets = {
|
|
"services" = {
|
|
type = "zfs_fs";
|
|
mountpoint = "/var/lib";
|
|
options."com.sun:auto-snapshot" = "true";
|
|
};
|
|
"backups" = {
|
|
type = "zfs_fs";
|
|
mountpoint = "/backups";
|
|
options."com.sun:auto-snapshot" = "true";
|
|
};
|
|
"media" = {
|
|
type = "zfs_fs";
|
|
mountpoint = "/media";
|
|
options."com.sun:auto-snapshot" = "true";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|