145 lines
4.3 KiB
Nix
145 lines
4.3 KiB
Nix
# nix run github:nix-community/nixos-anywhere -- --copy-host-keys --disk-encryption-keys /run/secret.key /home/palo/orbi/run/secret.key --flake .#orbi root@95.216.66.212
|
|
{ config, lib, ... }:
|
|
let
|
|
disks = [ "sda" "sdb" ];
|
|
in
|
|
{
|
|
disko.devices = {
|
|
disk =
|
|
lib.genAttrs disks (disk: {
|
|
type = "disk";
|
|
device = "/dev/${disk}";
|
|
content = {
|
|
type = "gpt";
|
|
partitions = {
|
|
boot = {
|
|
priority = 0;
|
|
size = "1M";
|
|
type = "EF02"; # for grub MBR
|
|
};
|
|
ESP = {
|
|
priority = 1;
|
|
size = "500M";
|
|
type = "EF00";
|
|
content = {
|
|
type = "filesystem";
|
|
format = "vfat";
|
|
mountpoint = if disk == "sda" then "/boot" else "/boot_${disk}";
|
|
mountOptions = [ "defaults" ];
|
|
};
|
|
};
|
|
root = {
|
|
priority = 10;
|
|
size = "500G";
|
|
content = {
|
|
type = "luks";
|
|
name = "root_${disk}";
|
|
# if you want to use the key for interactive login be sure there is no trailing newline
|
|
# for example use `echo -n "password" > /run/secret.key`
|
|
# for example use `pass show hetzner/orbi/master_password | head -c -1 > /run/secret.key`
|
|
# or use nixos-anywhere --disk-encryption-keys /run/secret.key <local-path>
|
|
passwordFile = "/run/secret.key";
|
|
settings = {
|
|
allowDiscards = true;
|
|
};
|
|
content = {
|
|
type = "zfs";
|
|
pool = "zroot";
|
|
};
|
|
};
|
|
};
|
|
media = {
|
|
priority = 50;
|
|
size = "100%";
|
|
content = {
|
|
type = "luks";
|
|
# if you want to use the key for interactive login be sure there is no trailing newline
|
|
# for example use `echo -n "password" > /run/secret.key`
|
|
# for example use `pass show hetzner/orbi/master_password | head -c -1 > /run/secret.key`
|
|
# or use nixos-anywhere --disk-encryption-keys /run/secret.key <local-path>
|
|
passwordFile = "/run/secret.key";
|
|
settings = {
|
|
allowDiscards = true;
|
|
};
|
|
name = "media_${disk}";
|
|
content = {
|
|
type = "zfs";
|
|
pool = "zmedia";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
});
|
|
|
|
|
|
zpool = {
|
|
|
|
zroot = {
|
|
type = "zpool";
|
|
mode = "mirror";
|
|
rootFsOptions = {
|
|
mountpoint = "none";
|
|
canmount = "off";
|
|
compression = "lz4";
|
|
};
|
|
datasets = {
|
|
"root" = {
|
|
type = "zfs_fs";
|
|
mountpoint = "/";
|
|
options = {
|
|
mountpoint = "legacy";
|
|
compression = "lz4";
|
|
};
|
|
};
|
|
"store" = {
|
|
type = "zfs_fs";
|
|
mountpoint = "/nix/store";
|
|
options = {
|
|
mountpoint = "legacy";
|
|
compression = "lz4";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
# `zpool import -f zraid` once on the first boot and reboot
|
|
zmedia = {
|
|
type = "zpool";
|
|
rootFsOptions = {
|
|
mountpoint = "none";
|
|
canmount = "off";
|
|
};
|
|
datasets = {
|
|
"media" = {
|
|
type = "zfs_fs";
|
|
mountpoint = "/media";
|
|
options = {
|
|
mountpoint = "legacy";
|
|
compression = "lz4";
|
|
#"com.sun:auto-snapshot:daily" = false;
|
|
#"com.sun:auto-snapshot:weekly" = false;
|
|
#"com.sun:auto-snapshot:monthly" = false;
|
|
};
|
|
};
|
|
# todo make sure this disk has some minimum space
|
|
"nextcloud" = {
|
|
type = "zfs_fs";
|
|
mountpoint = "/var/lib/nextcloud";
|
|
options = {
|
|
mountpoint = "legacy";
|
|
compression = "lz4";
|
|
"com.sun:auto-snapshot:hourly" = toString true;
|
|
"com.sun:auto-snapshot:daily" = toString true;
|
|
#"com.sun:auto-snapshot:weekly" = false;
|
|
#"com.sun:auto-snapshot:monthly" = false;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
};
|
|
};
|
|
|
|
}
|
|
|