155 lines
3.7 KiB
Nix
155 lines
3.7 KiB
Nix
|
{ config, pkgs, ... }:
|
||
|
|
||
|
{
|
||
|
boot = {
|
||
|
loader = {
|
||
|
efi = {
|
||
|
canTouchEfiVariables = true;
|
||
|
efiSysMountPoint = "/boot/efi";
|
||
|
};
|
||
|
grub = {
|
||
|
enable = true;
|
||
|
device = "nodev";
|
||
|
enableCryptodisk = true;
|
||
|
efiSupport = true;
|
||
|
};
|
||
|
};
|
||
|
initrd = {
|
||
|
luks = {
|
||
|
#yubikeySupport = true;
|
||
|
devices = {
|
||
|
"system" = {
|
||
|
device = "/dev/disk/by-uuid/b9778e01-a86c-4c6b-beb3-f97888d4a6eb";
|
||
|
keyFile = "/system_keyfile.bin";
|
||
|
allowDiscards = true;
|
||
|
# yubikey = {
|
||
|
# slot = 2;
|
||
|
# twoFactor = false;
|
||
|
# gracePeriod = 30;
|
||
|
# keyLength = 64;
|
||
|
# saltLength = 16;
|
||
|
# storage = {
|
||
|
# device = "/dev/nvme0n1p1";
|
||
|
# fsType = "vfat";
|
||
|
# path = "/crypt-storage/default";
|
||
|
# };
|
||
|
# };
|
||
|
};
|
||
|
"user" = {
|
||
|
device = "/dev/disk/by-uuid/d8e9b35d-704a-4f66-bc19-0dd3e158de36";
|
||
|
keyFile = "/user_keyfile.bin";
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
secrets = {
|
||
|
"/system_keyfile.bin" = "/etc/luks-keys/system.bin";
|
||
|
"/user_keyfile.bin" = "/etc/luks-keys/user.bin";
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
|
||
|
fileSystems = {
|
||
|
|
||
|
"/" = {
|
||
|
device = "tmpfs";
|
||
|
fsType = "tmpfs";
|
||
|
options = [ "defaults" "size=2G" "mode=755" ];
|
||
|
};
|
||
|
|
||
|
"/boot/efi" = {
|
||
|
device = "/dev/disk/by-uuid/0BFA-9A66";
|
||
|
fsType = "vfat";
|
||
|
};
|
||
|
|
||
|
"/mnt/btr_system" = {
|
||
|
device = "/dev/mapper/system";
|
||
|
fsType = "btrfs";
|
||
|
options = [ "subvolid=5" "compress=zstd" ];
|
||
|
};
|
||
|
|
||
|
"/mnt/btr_user" = {
|
||
|
device = "/dev/mapper/user";
|
||
|
fsType = "btrfs";
|
||
|
options = [ "subvolid=5" "compress=zstd" ];
|
||
|
};
|
||
|
|
||
|
"/mnt/persist" = {
|
||
|
device = "/dev/mapper/user";
|
||
|
fsType = "btrfs";
|
||
|
options = [ "subvol=persist" "compress=zstd" ];
|
||
|
neededForBoot = true;
|
||
|
};
|
||
|
|
||
|
"/mnt/data" = {
|
||
|
device = "/dev/mapper/user";
|
||
|
fsType = "btrfs";
|
||
|
options = [ "subvol=data" "compress=zstd" ];
|
||
|
neededForBoot = true;
|
||
|
};
|
||
|
|
||
|
"/mnt/vfs_share" = {
|
||
|
device = "/dev/mapper/user";
|
||
|
fsType = "btrfs";
|
||
|
options = [ "subvol=vfs_share" "compress=zstd" ];
|
||
|
neededForBoot = true;
|
||
|
};
|
||
|
|
||
|
"/nix" = {
|
||
|
device = "/dev/mapper/system";
|
||
|
fsType = "btrfs";
|
||
|
options = [ "subvol=nix" "compress=zstd" ];
|
||
|
};
|
||
|
|
||
|
"/mnt/logs" = {
|
||
|
device = "/dev/mapper/system";
|
||
|
fsType = "btrfs";
|
||
|
options = [ "subvol=logs" "compress=zstd" ];
|
||
|
neededForBoot = true;
|
||
|
};
|
||
|
|
||
|
"/boot" = {
|
||
|
device = "/dev/mapper/system";
|
||
|
fsType = "btrfs";
|
||
|
options = [ "subvol=boot" "compress=zstd" ];
|
||
|
};
|
||
|
|
||
|
"/swap" = {
|
||
|
device = "/dev/mapper/system";
|
||
|
fsType = "btrfs";
|
||
|
options = [ "subvol=swap" ];
|
||
|
};
|
||
|
|
||
|
"/mnt/narwhal" = {
|
||
|
device = "narwhal:/";
|
||
|
fsType = "nfs";
|
||
|
};
|
||
|
|
||
|
"/mnt/backups/0" = {
|
||
|
device = "/dev/mapper/backups0";
|
||
|
fsType = "btrfs";
|
||
|
options = [ "noauto" "subvolid=5" "compress=zstd" ];
|
||
|
};
|
||
|
|
||
|
"/mnt/backups/1" = {
|
||
|
device = "/dev/mapper/backups1";
|
||
|
fsType = "btrfs";
|
||
|
options = [ "noauto" "subvolid=5" "compress=zstd" ];
|
||
|
};
|
||
|
|
||
|
"/mnt/backups/2" = {
|
||
|
device = "/dev/mapper/backups2";
|
||
|
fsType = "btrfs";
|
||
|
options = [ "noauto" "subvolid=5" "compress=zstd" ];
|
||
|
};
|
||
|
|
||
|
};
|
||
|
|
||
|
swapDevices = [{ device = "/swap/swapfile"; }];
|
||
|
|
||
|
environment.etc.crypttab.text = ''
|
||
|
backups0 UUID="e45232d5-f46f-46f3-a150-be26374b3357" /etc/luks-keys/backups.bin noauto
|
||
|
backups1 UUID="5b3da928-4862-4451-89cd-5bd6a95466d0" /etc/luks-keys/backups.bin noauto
|
||
|
backups2 UUID="cbfa9cba-dee2-4d0b-8cde-2f1d1849b22c" /etc/luks-keys/backups.bin noauto
|
||
|
'';
|
||
|
}
|