disk-config.nix
1 { 2 disko.devices = { 3 disk = { 4 sda = { 5 type = "disk"; 6 device = "/dev/sda"; 7 content = { 8 type = "gpt"; 9 partitions = { 10 ESP = { 11 size = "512M"; 12 type = "EF00"; 13 content = { 14 type = "filesystem"; 15 format = "vfat"; 16 mountpoint = "/boot"; 17 mountOptions = [ 18 "defaults" 19 ]; 20 }; 21 }; 22 luks = { 23 size = "100%"; 24 content = { 25 type = "luks"; 26 name = "ssd-crypt"; 27 # disable settings.keyFile if you want to use interactive password entry 28 #passwordFile = "/tmp/secret.key"; # Interactive 29 settings = { 30 allowDiscards = true; 31 #keyFile = "/tmp/secret.key"; 32 }; 33 #additionalKeyFiles = ["/tmp/additionalSecret.key"]; 34 content = { 35 type = "btrfs"; 36 extraArgs = ["-f"]; 37 postCreateHook = 38 /* 39 sh 40 */ 41 '' 42 MNTPOINT=$(mktemp -d) 43 mount "/dev/mapper/ssd-crypt" "$MNTPOINT" -o subvol=/ 44 trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT 45 btrfs subvolume snapshot -r $MNTPOINT/@ROOT $MNTPOINT/@ROOT-BLANK 46 ''; 47 subvolumes = { 48 "/@ROOT" = { 49 mountpoint = "/"; 50 mountOptions = ["compress=zstd" "noatime"]; 51 }; 52 "/@HOME" = { 53 mountpoint = "/home"; 54 mountOptions = ["compress=zstd" "noatime"]; 55 }; 56 "/@NIX" = { 57 mountpoint = "/nix"; 58 mountOptions = ["compress=zstd" "noatime"]; 59 }; 60 "/@PERSIST" = { 61 mountpoint = "/persist"; 62 mountOptions = ["compress=zstd" "noatime"]; 63 }; 64 "/@LOG" = { 65 mountpoint = "/var/log"; 66 mountOptions = ["compress=zstd" "noatime"]; 67 }; 68 "/@SWAP" = { 69 mountpoint = "/.swapvol"; 70 swap.swapfile.size = "8G"; 71 }; 72 }; 73 }; 74 }; 75 }; 76 }; 77 }; 78 }; 79 }; 80 }; 81 fileSystems."/persist".neededForBoot = true; 82 fileSystems."/var/log".neededForBoot = true; 83 }