kylekrein/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos-config/systems/x86_64-linux/stargate/disko.nix

70 lines
1.8 KiB
Nix
Raw Blame History

{lib, ...}: let
addHdd = device: name: {
type = "disk";
inherit device;
content = {
type = "gpt";
partitions = {
luks = {
size = "100%";
label = "luks";
content = {
type = "luks";
inherit name;
extraOpenArgs = [
"--allow-discards"
"--perf-no_read_workqueue"
"--perf-no_write_workqueue"
];
# https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html
settings = {crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];};
content = {
type = "zfs";
pool = "zstorage";
};
};
};
};
};
};
in {
disko.devices = {
disk = {
hdd1 = addHdd "/dev/sda" "crypt-hdd1";
hdd2 = addHdd "/dev/sdb" "crypt-hdd2";
hdd3 = addHdd "/dev/sdc" "crypt-hdd3";
hdd4 = addHdd "/dev/sdd" "crypt-hdd4";
};
zpool = {
zstorage = {
type = "zpool";
mode = "raidz2";
rootFsOptions = {
mountpoint = "none";
compression = "zstd";
acltype = "posixacl";
xattr = "sa";
"com.sun:auto-snapshot" = "true";
};
options.ashift = "12";
datasets = {
"services" = {
type = "zfs_fs";
mountpoint = "/var/lib";
options."com.sun:auto-snapshot" = "true";
};
"backups" = {
type = "zfs_fs";
mountpoint = "/backups";
options."com.sun:auto-snapshot" = "true";
};
"media" = {
type = "zfs_fs";
mountpoint = "/media";
options."com.sun:auto-snapshot" = "true";
};
};
};
};
};
}
Reference in a new issue View git blame Copy permalink