nixos-config/nixos/machines/orbi/hardware-configuration/disko-config.nix

168 lines
5.2 KiB
Nix

# nix run github:nix-community/nixos-anywhere -- --copy-host-keys --disk-encryption-keys /run/secret.key /home/palo/orbi/run/secret.key --flake .#orbi root@95.216.66.212
{ config, lib, ... }:
let
disks = [ "sda" "sdb" ];
in
{
disko.devices = {
disk =
lib.genAttrs disks (disk: {
type = "disk";
device = "/dev/${disk}";
content = {
type = "gpt";
partitions = {
boot = {
priority = 0;
size = "1M";
type = "EF02"; # for grub MBR
};
ESP = {
priority = 1;
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = if disk == "sda" then "/boot" else "/boot_${disk}";
mountOptions = [ "defaults" ];
};
};
root = {
priority = 10;
size = "500G";
content = {
type = "luks";
name = "root_${disk}";
# if you want to use the key for interactive login be sure there is no trailing newline
# for example use `echo -n "password" > /run/secret.key`
# for example use `pass show hetzner/orbi/master_password | head -c -1 > /run/secret.key`
# or use nixos-anywhere --disk-encryption-keys /run/secret.key <local-path>
passwordFile = "/run/secret.key";
settings = {
allowDiscards = true;
};
content = {
type = "zfs";
pool = "zroot";
};
};
};
media = {
priority = 50;
size = "100%";
content = {
type = "luks";
# if you want to use the key for interactive login be sure there is no trailing newline
# for example use `echo -n "password" > /run/secret.key`
# for example use `pass show hetzner/orbi/master_password | head -c -1 > /run/secret.key`
# or use nixos-anywhere --disk-encryption-keys /run/secret.key <local-path>
passwordFile = "/run/secret.key";
settings = {
allowDiscards = true;
};
name = "media_${disk}";
content = {
type = "zfs";
pool = "zmedia";
};
};
};
};
};
});
zpool = {
zroot = {
type = "zpool";
mode = "mirror";
rootFsOptions = {
mountpoint = "none";
canmount = "off";
compression = "lz4";
};
datasets = {
"root" = {
type = "zfs_fs";
mountpoint = "/";
options = {
mountpoint = "legacy";
compression = "lz4";
};
};
"store" = {
type = "zfs_fs";
mountpoint = "/nix/store";
options = {
mountpoint = "legacy";
compression = "lz4";
};
};
"nextcloud" = {
type = "zfs_fs";
mountpoint = "/var/lib/nixos-containers/nextcloud";
options = {
mountpoint = "legacy";
compression = "lz4";
"com.sun:auto-snapshot:hourly" = toString true;
"com.sun:auto-snapshot:daily" = toString true;
#"com.sun:auto-snapshot:weekly" = false;
#"com.sun:auto-snapshot:monthly" = false;
};
};
"matrix-terranix" = {
type = "zfs_fs";
mountpoint = "/var/lib/nixos-containers/matrix-terranix";
options = {
mountpoint = "legacy";
compression = "lz4";
"com.sun:auto-snapshot:hourly" = toString true;
"com.sun:auto-snapshot:daily" = toString true;
#"com.sun:auto-snapshot:weekly" = false;
#"com.sun:auto-snapshot:monthly" = false;
};
};
};
};
# `zpool import -f zraid` once on the first boot and reboot
zmedia = {
type = "zpool";
rootFsOptions = {
mountpoint = "none";
canmount = "off";
};
datasets = {
media = {
type = "zfs_fs";
mountpoint = "/media";
options = {
mountpoint = "legacy";
compression = "lz4";
#"com.sun:auto-snapshot:daily" = false;
#"com.sun:auto-snapshot:weekly" = false;
#"com.sun:auto-snapshot:monthly" = false;
};
};
photoprism = {
type = "zfs_fs";
mountpoint = "/var/lib/nixos-containers/photoprism";
options = {
mountpoint = "legacy";
compression = "lz4";
"com.sun:auto-snapshot:hourly" = toString true;
"com.sun:auto-snapshot:daily" = toString true;
#"com.sun:auto-snapshot:weekly" = false;
#"com.sun:auto-snapshot:monthly" = false;
};
};
};
};
};
};
}