Disko
This commit is contained in:
parent
c47019b66c
commit
189c0fd3b7
5 changed files with 132 additions and 161 deletions
115
disko.nix
Normal file
115
disko.nix
Normal file
|
@ -0,0 +1,115 @@
|
|||
{}: {
|
||||
standard = { disks ? [ "/dev/vda" ], ... }: {
|
||||
# this is my standard partitioning scheme for my machines: an LUKS-encrypted
|
||||
# btrfs volume
|
||||
disko.devices = {
|
||||
disk = {
|
||||
primary = {
|
||||
type = "disk";
|
||||
device = builtins.elemAt disks 0;
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
ESP = {
|
||||
label = "EFI";
|
||||
name = "ESP";
|
||||
size = "512M";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
mountOptions = [
|
||||
"defaults"
|
||||
];
|
||||
};
|
||||
};
|
||||
luks = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "luks";
|
||||
name = "crypted";
|
||||
extraOpenArgs = [ "--allow-discards" ];
|
||||
# if you want to use the key for interactive login be sure there is no trailing newline
|
||||
# for example use `echo -n "password" > /tmp/secret.key`
|
||||
keyFile = "/tmp/secret.key"; # Interactive
|
||||
# settings.keyFile = "/tmp/password.key";
|
||||
# additionalKeyFiles = ["/tmp/additionalSecret.key"];
|
||||
content = {
|
||||
type = "btrfs";
|
||||
extraArgs = [ "-f" ];
|
||||
subvolumes = {
|
||||
"/root" = {
|
||||
mountpoint = "/";
|
||||
mountOptions = [ "compress=zstd" "noatime" ];
|
||||
};
|
||||
"/home" = {
|
||||
mountpoint = "/home";
|
||||
mountOptions = [ "compress=zstd" "noatime" ];
|
||||
};
|
||||
"/nix" = {
|
||||
mountpoint = "/nix";
|
||||
mountOptions = [ "compress=zstd" "noatime" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
unencrypted = { disks ? [ "/dev/vda" ], ... }: {
|
||||
disko.devices = {
|
||||
disk = {
|
||||
primary = {
|
||||
type = "disk";
|
||||
device = builtins.elemAt disks 0;
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
ESP = {
|
||||
label = "EFI";
|
||||
name = "ESP";
|
||||
size = "512M";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
mountOptions = [
|
||||
"defaults"
|
||||
];
|
||||
};
|
||||
};
|
||||
root = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "btrfs";
|
||||
extraArgs = [ "-f" ];
|
||||
subvolumes = {
|
||||
"/root" = {
|
||||
mountpoint = "/";
|
||||
mountOptions = [ ];
|
||||
};
|
||||
"/home" = {
|
||||
mountpoint = "/home";
|
||||
mountOptions = [ "compress=zstd" ];
|
||||
};
|
||||
"/nix" = {
|
||||
mountpoint = "/nix";
|
||||
mountOptions = [ "compress=zstd" "noatime" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
51
flake.nix
51
flake.nix
|
@ -1,46 +1,25 @@
|
|||
# Welcome to my nix config! I'm just getting started with flakes, so please
|
||||
# forgive the mess.
|
||||
|
||||
# TODO: declarative disks with https://github.com/nix-community/disko
|
||||
# TODO: home-manager?
|
||||
|
||||
{
|
||||
inputs = {
|
||||
inputs =
|
||||
let
|
||||
followedInput = url: {
|
||||
url = url;
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
in
|
||||
{
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
|
||||
|
||||
# TODO: this could be a release tarball? fully recompiling this on every change suuuucks
|
||||
api-lyte-dev.url = "git+ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git";
|
||||
api-lyte-dev = followedInput "git+ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git";
|
||||
|
||||
home-manager = {
|
||||
url = "github:nix-community/home-manager/release-23.05";
|
||||
|
||||
# use the version of nixpkgs we specified above rather than the one HM would ordinarily use
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
home-manager = followedInput "github:nix-community/home-manager/release-23.05";
|
||||
disko = followedInput "github:nix-community/disko/master"; # NOTE: lock update!
|
||||
sops-nix = followedInput "github:Mic92/sops-nix";
|
||||
helix = followedInput "github:helix-editor/helix";
|
||||
};
|
||||
|
||||
disko = {
|
||||
url = "github:nix-community/disko/master"; # NOTE: lock update!
|
||||
|
||||
# use the version of nixpkgs we specified above rather than the one HM would ordinarily use
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
sops-nix = {
|
||||
url = "github:Mic92/sops-nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
helix = {
|
||||
url = "github:helix-editor/helix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = inputs: {
|
||||
diskoConfigurations = {
|
||||
encryptedUefiBtrfs = import ./machines/thinker-disks.nix;
|
||||
normalUefiBtrfs = import ./machines/musicbox-disks.nix;
|
||||
};
|
||||
outputs = { self, ... }@inputs: {
|
||||
diskoConfigurations = import ./disko.nix;
|
||||
homeConfigurations =
|
||||
let
|
||||
system = "x86_64-linux";
|
||||
|
|
|
@ -1,52 +0,0 @@
|
|||
{ disks ? [ "/dev/vda" ], ... }: {
|
||||
disko.devices = {
|
||||
disk = {
|
||||
# TODO: would be nice to give this a good name?
|
||||
primary = {
|
||||
type = "disk";
|
||||
device = builtins.elemAt disks 0;
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
ESP = {
|
||||
label = "EFI";
|
||||
name = "ESP";
|
||||
size = "512M";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
mountOptions = [
|
||||
"defaults"
|
||||
];
|
||||
};
|
||||
};
|
||||
root = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "btrfs";
|
||||
extraArgs = [ "-f" ];
|
||||
subvolumes = {
|
||||
"/root" = {
|
||||
mountpoint = "/";
|
||||
mountOptions = [ ];
|
||||
};
|
||||
"/home" = {
|
||||
mountpoint = "/home";
|
||||
mountOptions = [ "compress=zstd" ];
|
||||
};
|
||||
"/nix" = {
|
||||
mountpoint = "/nix";
|
||||
mountOptions = [ "compress=zstd" "noatime" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -1,60 +0,0 @@
|
|||
{ disks ? [ "/dev/vda" ], ... }: {
|
||||
disko.devices = {
|
||||
disk = {
|
||||
vdb = {
|
||||
type = "disk";
|
||||
device = builtins.elemAt disks 0;
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
ESP = {
|
||||
label = "EFI";
|
||||
name = "ESP";
|
||||
size = "512M";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
mountOptions = [
|
||||
"defaults"
|
||||
];
|
||||
};
|
||||
};
|
||||
luks = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "luks";
|
||||
name = "crypted";
|
||||
extraOpenArgs = [ "--allow-discards" ];
|
||||
# if you want to use the key for interactive login be sure there is no trailing newline
|
||||
# for example use `echo -n "password" > /tmp/secret.key`
|
||||
keyFile = "/tmp/secret.key"; # Interactive
|
||||
# settings.keyFile = "/tmp/password.key";
|
||||
# additionalKeyFiles = ["/tmp/additionalSecret.key"];
|
||||
content = {
|
||||
type = "btrfs";
|
||||
extraArgs = [ "-f" ];
|
||||
subvolumes = {
|
||||
"/root" = {
|
||||
mountpoint = "/";
|
||||
mountOptions = [ "compress=zstd" "noatime" ];
|
||||
};
|
||||
"/home" = {
|
||||
mountpoint = "/home";
|
||||
mountOptions = [ "compress=zstd" "noatime" ];
|
||||
};
|
||||
"/nix" = {
|
||||
mountpoint = "/nix";
|
||||
mountOptions = [ "compress=zstd" "noatime" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,11 +0,0 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
|
||||
in {
|
||||
programs.fish = {
|
||||
enable = true;
|
||||
};
|
||||
environment.systemPackages = [ unstable.fish ];
|
||||
}
|
||||
|
Loading…
Reference in a new issue