From e8c9ea3af09bc5dc3dd933d042546ba7ecf39632 Mon Sep 17 00:00:00 2001 From: Hektor Misplon Date: Mon, 17 Nov 2025 21:20:00 +0000 Subject: [PATCH] Improve disko declarations --- hosts/andromache/default.nix | 27 +++++- hosts/astyanax/default.nix | 7 +- modules/disko.zfs-encrypted-root.nix | 137 ++++++++++++++------------- 3 files changed, 105 insertions(+), 66 deletions(-) diff --git a/hosts/andromache/default.nix b/hosts/andromache/default.nix index 1637a9b..85b5052 100644 --- a/hosts/andromache/default.nix +++ b/hosts/andromache/default.nix @@ -1,4 +1,5 @@ { + lib, inputs, config, pkgs, @@ -13,7 +14,11 @@ inputs.home-manager.nixosModules.default ./hard.nix ../../modules/bootloader.nix - ../../modules/disko.zfs-encrypted-root.nix + (import ../../modules/disko.zfs-encrypted-root.nix { + device = "/dev/nvme1n1"; + inherit lib; + inherit config; + }) ../../modules/gnome.nix ../../modules/bluetooth.nix ../../modules/keyboard @@ -26,6 +31,26 @@ ../../modules/ssh/hardened-openssh.nix ]; + disko.devices = { + disk.data = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + data = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/data"; + }; + }; + }; + }; + }; + }; + hardware = { graphics.enable = true; nvidia = { diff --git a/hosts/astyanax/default.nix b/hosts/astyanax/default.nix index 26880ac..355e7d9 100644 --- a/hosts/astyanax/default.nix +++ b/hosts/astyanax/default.nix @@ -1,4 +1,5 @@ { + lib, inputs, config, pkgs, @@ -13,7 +14,11 @@ inputs.home-manager.nixosModules.default ./hard.nix ../../modules/bootloader.nix - ../../modules/disko.zfs-encrypted-root.nix + (import ../../modules/disko.zfs-encrypted-root.nix { + inherit lib; + inherit config; + device = "/dev/nvme0n1"; + }) ../../modules/gnome.nix ../../modules/bluetooth.nix ../../modules/keyboard diff --git a/modules/disko.zfs-encrypted-root.nix b/modules/disko.zfs-encrypted-root.nix index 871f0cd..cf4cb22 100644 --- a/modules/disko.zfs-encrypted-root.nix +++ b/modules/disko.zfs-encrypted-root.nix @@ -1,78 +1,87 @@ +{ lib, config, ... }: + { - disko.devices = { - disk = { - root = { - type = "disk"; - device = "/dev/vda"; - content = { - type = "gpt"; - partitions = { - ESP = { - size = "1G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "nofail" ]; + options.device = lib.mkOption { + type = lib.types.str; + example = "/dev/nvme0n1"; + }; + + config = { + disko.devices = { + disk = { + root = { + type = "disk"; + device = config.device; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "nofail" ]; + }; }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "zroot"; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; }; }; }; }; }; - }; - zpool = { - zroot = { - type = "zpool"; - rootFsOptions = { - mountpoint = "none"; - compression = "zstd"; - acltype = "posixacl"; - xattr = "sa"; - "com.sun:auto-snapshot" = "true"; - }; - options.ashift = "12"; - datasets = { - "root" = { - type = "zfs_fs"; - options = { - encryption = "aes-256-gcm"; - keyformat = "passphrase"; - #keylocation = "file:///tmp/secret.key"; - keylocation = "prompt"; - }; - mountpoint = "/"; - - }; - "root/nix" = { - type = "zfs_fs"; - options.mountpoint = "/nix"; - mountpoint = "/nix"; + zpool = { + zroot = { + type = "zpool"; + rootFsOptions = { + mountpoint = "none"; + compression = "zstd"; + acltype = "posixacl"; + xattr = "sa"; + "com.sun:auto-snapshot" = "true"; }; + options.ashift = "12"; + datasets = { + "root" = { + type = "zfs_fs"; + options = { + encryption = "aes-256-gcm"; + keyformat = "passphrase"; + #keylocation = "file:///tmp/secret.key"; + keylocation = "prompt"; + }; + mountpoint = "/"; - # README MORE: https://wiki.archlinux.org/title/ZFS#Swap_volume - "root/swap" = { - type = "zfs_volume"; - size = "10M"; - content = { - type = "swap"; }; - options = { - volblocksize = "4096"; - compression = "zle"; - logbias = "throughput"; - sync = "always"; - primarycache = "metadata"; - secondarycache = "none"; - "com.sun:auto-snapshot" = "false"; + "root/nix" = { + type = "zfs_fs"; + options.mountpoint = "/nix"; + mountpoint = "/nix"; }; + + # # README MORE: https://wiki.archlinux.org/title/ZFS#Swap_volume + # "root/swap" = { + # type = "zfs_volume"; + # size = "10M"; + # content = { + # type = "swap"; + # }; + # options = { + # volblocksize = "4096"; + # compression = "zle"; + # logbias = "throughput"; + # sync = "always"; + # primarycache = "metadata"; + # secondarycache = "none"; + # "com.sun:auto-snapshot" = "false"; + # }; + # }; }; }; };