add disko

2025-07-20 14:38:34 +02:00 · 2025-07-20 14:38:34 +02:00 · 56c7c95d62
parent 37355dfaa4
commit 56c7c95d62
2 changed files with 80 additions and 1 deletions
--- a/config/btrfs-disko.nix
+++ b/config/btrfs-disko.nix
@ -0,0 +1,78 @@
+{
+  disko.devices = {
+    disk = {
+      nvme0n1 = {
+        type = "disk";
+        device = "/dev/nvme0n1";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              label = "boot";
+              name = "ESP";
+              type = "EF00";
+              size = "512M";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+
+            luks = {
+              size = "100%";
+              label = "luks";
+              content = {
+                type = "luks";
+                name = "cryptroot";
+                extraOpenArgs = [
+                  "--allow-discards"
+                  "--perf-no_read_workqueue"
+                  "--perf-no_write_workqueue"
+                ];
+                # https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html
+                settings = {crypttabExtraOpts = ["tpm2-device=auto" "token-timeout=10"];};
+                content = {
+                  type = "btrfs";
+                  extraArgs = ["-L" "nixos" "-f"];
+                  subvolumes = {
+                    "@root" = {
+                      mountpoint = "/";
+                      mountOptions = ["subvol=@root" "compress=zstd" "noatime"];
+                    };
+                    "@home" = {
+                      mountpoint = "/home";
+                      mountOptions = ["subvol=@home" "compress=zstd" "noatime"];
+                    };
+                    "@nix" = {
+                      mountpoint = "/nix";
+                      mountOptions = ["subvol=@nix" "compress=zstd" "noatime"];
+                    };
+                    "@persist" = {
+                      mountpoint = "/persist";
+                      mountOptions = ["subvol=@persist" "compress=zstd" "noatime"];
+                    };
+                    "@log" = {
+                      mountpoint = "/var/log";
+                      mountOptions = ["subvol=@log" "compress=zstd" "noatime"];
+                    };
+                    "@snapshots" = {
+                    };
+                    "@swap" = {
+                      mountpoint = "/swap";
+                      swap.swapfile.size = "32G";
+                    };
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+
+  fileSystems."/persist".neededForBoot = true;
+  fileSystems."/var/log".neededForBoot = true;
+}
--- a/config/flake.nix
+++ b/config/flake.nix
@ -20,7 +20,7 @@
    #   inputs.nixpkgs.follows = "nixpkgs"; # Use the same nixpkgs as the system
    # };
  };
-  outputs = inputs @ { self, nixpkgs, home-manager, ... }:
+  outputs = inputs @ { self, disko, nixpkgs, home-manager, ... }:
    let
      system = "x86_64-linux"; # Default system architecture
    in {
@ -33,6 +33,7 @@
        modules = [
          ./configuration.nix
          home-manager.nixosModules.home-manager
+          disko.nixosModules.disko
          {
            home-manager.useGlobalPkgs = true; # Use global packages in home-manager
            home-manager.useUserPackages = true; # Use user packages in home-manager