# nix run github:nix-community/nixos-anywhere -- --copy-host-keys --disk-encryption-keys /run/secret.key /home/palo/orbi/run/secret.key --flake .#orbi root@95.216.66.212 { config, lib, ... }: let disks = [ "sda" "sdb" ]; in { disko.devices = { disk = lib.genAttrs disks (disk: { type = "disk"; device = "/dev/${disk}"; content = { type = "gpt"; partitions = { boot = { priority = 0; size = "1M"; type = "EF02"; # for grub MBR }; ESP = { priority = 1; size = "500M"; type = "EF00"; content = { type = "filesystem"; format = "vfat"; mountpoint = if disk == "sda" then "/boot" else "/boot_${disk}"; mountOptions = [ "defaults" ]; }; }; root = { priority = 10; size = "500G"; content = { type = "luks"; name = "root_${disk}"; # if you want to use the key for interactive login be sure there is no trailing newline # for example use `echo -n "password" > /run/secret.key` # for example use `pass show hetzner/orbi/master_password | head -c -1 > /run/secret.key` # or use nixos-anywhere --disk-encryption-keys /run/secret.key passwordFile = "/run/secret.key"; settings = { allowDiscards = true; }; content = { type = "zfs"; pool = "zroot"; }; }; }; media = { priority = 50; size = "100%"; content = { type = "luks"; # if you want to use the key for interactive login be sure there is no trailing newline # for example use `echo -n "password" > /run/secret.key` # for example use `pass show hetzner/orbi/master_password | head -c -1 > /run/secret.key` # or use nixos-anywhere --disk-encryption-keys /run/secret.key passwordFile = "/run/secret.key"; settings = { allowDiscards = true; }; name = "media_${disk}"; content = { type = "zfs"; pool = "zmedia"; }; }; }; }; }; }); zpool = { zroot = { type = "zpool"; mode = "mirror"; rootFsOptions = { mountpoint = "none"; canmount = "off"; compression = "lz4"; }; datasets = { "root" = { type = "zfs_fs"; mountpoint = "/"; options = { mountpoint = "legacy"; compression = "lz4"; }; }; "store" = { type = "zfs_fs"; mountpoint = "/nix/store"; options = { mountpoint = "legacy"; compression = "lz4"; }; }; "nextcloud" = { type = "zfs_fs"; mountpoint = "/var/lib/nixos-containers/nextcloud"; options = { mountpoint = "legacy"; compression = "lz4"; "com.sun:auto-snapshot:hourly" = toString true; "com.sun:auto-snapshot:daily" = toString true; # "com.sun:auto-snapshot:weekly" = toString true; # "com.sun:auto-snapshot:monthly" = toString true; }; }; "matrix-terranix" = { type = "zfs_fs"; mountpoint = "/var/lib/nixos-containers/matrix-terranix"; options = { mountpoint = "legacy"; compression = "lz4"; "com.sun:auto-snapshot:hourly" = toString true; "com.sun:auto-snapshot:daily" = toString true; # "com.sun:auto-snapshot:weekly" = toString true; # "com.sun:auto-snapshot:monthly" = toString true; }; }; "surrealdb" = { type = "zfs_fs"; mountpoint = "/var/lib/nixos-containers/surrealdb"; options = { mountpoint = "legacy"; compression = "lz4"; "com.sun:auto-snapshot:hourly" = toString true; #"com.sun:auto-snapshot:daily" = toString true; #"com.sun:auto-snapshot:weekly" = toString true; #"com.sun:auto-snapshot:monthly" = toString true; }; }; "taskchampion" = { type = "zfs_fs"; mountpoint = config.services.taskchampion-sync-server.dataDir; # "/var/lib/taskchampion-sync-server"; options = { mountpoint = "legacy"; compression = "lz4"; "com.sun:auto-snapshot:hourly" = toString true; "com.sun:auto-snapshot:daily" = toString true; #"com.sun:auto-snapshot:weekly" = toString true; #"com.sun:auto-snapshot:monthly" = toString true; }; }; }; }; # `zpool import -f zraid` once on the first boot and reboot zmedia = { type = "zpool"; rootFsOptions = { mountpoint = "none"; canmount = "off"; }; datasets = { media = { type = "zfs_fs"; mountpoint = "/media"; options = { mountpoint = "legacy"; compression = "lz4"; }; }; photoprism = { type = "zfs_fs"; mountpoint = "/var/lib/nixos-containers/photoprism"; options = { mountpoint = "legacy"; compression = "lz4"; "com.sun:auto-snapshot:hourly" = toString true; "com.sun:auto-snapshot:daily" = toString true; }; }; }; }; }; }; }