makefu/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

fs/disko: add encrypted-zfs

Browse source
This commit is contained in:
makefu 2023-06-14 21:37:13 +02:00
parent bc92453745
commit 828fdb9736
2 changed files with 73 additions and 1 deletions

3
2configs/fs/disko/single-disk-bcachefs.nix
View file

@ -1,4 +1,5 @@
{ disks ? [ "/dev/sda" ], ... }: {
boot.supportedFilesystems = [ "bcachefs" ];
disko.devices = {
disk = {
vdb = {
@ -26,7 +27,7 @@
part-type = "primary";
content = {
type = "filesystem";
format = "bcachefs";
format = "btrfs";
mountpoint = "/";
};
}

71
2configs/fs/disko/single-disk-encrypted-zfs.nix Normal file
View file

@ -0,0 +1,71 @@
{ disks ? [ "/dev/nvme0n1" ], ... }:
let
disk = builtins.elemAt disks 0;
in {
boot.supportedFilesystems = [ "zfs" ];
disko.devices = {
disk = {
nvme = {
type = "disk";
device = disk;
content = {
type = "table";
format = "gpt";
partitions = [
{
name = "ESP";
start = "0";
end = "512MiB";
fs-type = "fat32";
bootable = true;
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
}
{
name = "zfs";
start = "512MiB";
end = "100%";
content = {
type = "zfs";
pool = "tank";
};
}
];
};
};
};
zpool = {
tank = {
type = "zpool";
rootFsOptions = {
compression = "lz4";
#reservation = "5G";
"com.sun:auto-snapshot" = "false";
};
mountpoint = null;
postCreateHook = "zfs snapshot tank@blank";
datasets = {
root = {
type = "zfs_fs";
mountpoint = "/";
options = {
encryption = "aes-256-gcm";
keyformat = "passphrase";
"com.sun:auto-snapshot" = "true";
};
#keylocation = "file:///tmp/secret.key";
};
"root/home" = {
type = "zfs_fs";
mountpoint = "/home";
};
};
};
};
};
}