me/nix-system-configurations
1
0
Fork 0
Code Activity
nix-system-configurations/nixos/disko-config.nix
Ethan Reece b67b17e6f3
Tweak ISO config
2025-09-21 17:43:16 -05:00

116 lines
3.7 KiB
Nix
Raw Permalink Blame History

# SPDX-FileCopyrightText: 2025 Ethan Reece <contact@ethanreece.com>
#
# SPDX-License-Identifier: MIT
{ ... }:
{
disko = {
devices = {
# SPDX-SnippetBegin
# SPDX-License-Identifier: Unlicense
# SPDX-SnippetCopyrightText: 2022-2025 Haseeb Majid <https://gitlab.com/hmajid2301/nixicle/-/blob/main/systems/x86_64-linux/framework/disks.nix?ref_type=heads>
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
label = "boot";
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "defaults" ];
};
};
luks = {
size = "100%";
label = "luks";
content = {
type = "luks";
name = "cryptroot";
extraOpenArgs = [
"--allow-discards"
"--perf-no_read_workqueue"
"--perf-no_write_workqueue"
];
# https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html
settings = {
crypttabExtraOpts = [
"fido2-device=auto"
"token-timeout=10"
];
};
content = {
type = "btrfs";
extraArgs = [
"-L"
"nixos"
"-f"
];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [
"subvol=root"
"compress=zstd"
"noatime"
];
};
"/home" = {
mountpoint = "/home";
mountOptions = [
"subvol=home"
"compress=zstd"
"noatime"
];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [
"subvol=nix"
"compress=zstd"
"noatime"
];
};
"/persist" = {
mountpoint = "/persist";
mountOptions = [
"subvol=persist"
"compress=zstd"
"noatime"
];
};
"/log" = {
mountpoint = "/var/log";
mountOptions = [
"subvol=log"
"compress=zstd"
"noatime"
];
};
"/swap" = {
mountpoint = "/swap";
swap.swapfile.size = "32G";
};
};
};
};
};
};
};
};
};
};
};
fileSystems = {
"/persist".neededForBoot = true;
"/var/log".neededForBoot = true;
};
# SPDX-SnippetEnd
}
View git blame Copy permalink