diff options
Diffstat (limited to '2configs/fs/disko/single-disk-encrypted-zfs.nix')
| -rw-r--r-- | 2configs/fs/disko/single-disk-encrypted-zfs.nix | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/2configs/fs/disko/single-disk-encrypted-zfs.nix b/2configs/fs/disko/single-disk-encrypted-zfs.nix new file mode 100644 index 000000000..1b35e5b2b --- /dev/null +++ b/2configs/fs/disko/single-disk-encrypted-zfs.nix @@ -0,0 +1,71 @@ +{ disks ? [ "/dev/nvme0n1" ], ... }: +let + disk = builtins.elemAt disks 0; +in { + boot.supportedFilesystems = [ "zfs" ]; + disko.devices = { + disk = { + nvme = { + type = "disk"; + device = disk; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { + name = "ESP"; + start = "0"; + end = "512MiB"; + fs-type = "fat32"; + bootable = true; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + } + { + name = "zfs"; + start = "512MiB"; + end = "100%"; + content = { + type = "zfs"; + pool = "tank"; + }; + } + ]; + }; + }; + }; + zpool = { + tank = { + type = "zpool"; + rootFsOptions = { + compression = "lz4"; + #reservation = "5G"; + "com.sun:auto-snapshot" = "false"; + }; + mountpoint = null; + postCreateHook = "zfs snapshot tank@blank"; + + datasets = { + + root = { + type = "zfs_fs"; + mountpoint = "/"; + options = { + encryption = "aes-256-gcm"; + keyformat = "passphrase"; + "com.sun:auto-snapshot" = "true"; + }; + #keylocation = "file:///tmp/secret.key"; + }; + "root/home" = { + type = "zfs_fs"; + mountpoint = "/home"; + }; + }; + }; + }; + }; +} |