blob: 9454c989200ca047270c91b73f4a21499da61745 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
{ disks ? [ "/dev/nvme0n1" ], hostId, ... }:
let
disk = builtins.elemAt disks 0;
in {
boot.zfs.requestEncryptionCredentials = true;
boot.supportedFilesystems = [ "zfs" ];
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot.enable = true;
networking.hostId = hostId;
disko.devices = {
disk = {
nvme = {
type = "disk";
device = disk;
content = {
type = "table";
format = "gpt";
partitions = [
{
name = "ESP";
start = "0";
end = "512MiB";
fs-type = "fat32";
bootable = true;
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
}
{
name = "zfs";
start = "512MiB";
end = "100%";
content = {
type = "zfs";
pool = "tank";
};
}
];
};
};
};
zpool = {
tank = {
type = "zpool";
rootFsOptions = {
compression = "lz4";
#reservation = "5G";
"com.sun:auto-snapshot" = "false";
};
mountpoint = null;
postCreateHook = "zfs snapshot tank@blank";
datasets = {
root = {
type = "zfs_fs";
mountpoint = "/";
options = {
encryption = "aes-256-gcm";
keyformat = "passphrase";
"com.sun:auto-snapshot" = "true";
};
#keylocation = "file:///tmp/secret.key";
};
"root/home" = {
type = "zfs_fs";
mountpoint = "/home";
};
};
};
};
};
}
|
