2024-03-02 22:05:30 +01:00
|
|
|
{secret, ...}: let
|
2023-06-11 23:09:59 +02:00
|
|
|
nfsOptions = [
|
|
|
|
"noauto"
|
|
|
|
"X-mount.mkdir"
|
|
|
|
"x-systemd.device-timeout=10"
|
|
|
|
"timeo=14"
|
|
|
|
"soft"
|
|
|
|
"noatime"
|
|
|
|
"x-systemd.after=wireguard-wg0.target"
|
|
|
|
"x-systemd.wants=wireguard-wg0.target"
|
|
|
|
];
|
|
|
|
|
|
|
|
blowholeAddress = secret.network.ips.blowhole.dns or "";
|
2024-03-02 22:05:30 +01:00
|
|
|
in {
|
2023-10-03 16:55:14 +02:00
|
|
|
boot.zfs.requestEncryptionCredentials = [];
|
2023-11-03 20:12:56 +01:00
|
|
|
systemd.services.nix-daemon.environment.TMPDIR = "/nix/tmp";
|
2023-10-03 16:55:14 +02:00
|
|
|
|
2024-05-04 21:45:44 +02:00
|
|
|
boot.initrd.luks.devices."cryptroot-2" = {
|
|
|
|
device = "/dev/disk/by-uuid/48e4fe52-9785-42cb-adfc-16776492944e";
|
|
|
|
crypttabExtraOpts = [
|
|
|
|
"cipher=xchacha20\\,aes-adiantum-plain64"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
2023-06-11 23:09:59 +02:00
|
|
|
fileSystems = {
|
|
|
|
"/" = {
|
2023-10-03 16:55:14 +02:00
|
|
|
device = "none";
|
|
|
|
fsType = "tmpfs";
|
2024-03-02 22:05:30 +01:00
|
|
|
options = ["defaults" "size=512M" "mode=755" "noexec"];
|
2023-10-03 16:55:14 +02:00
|
|
|
};
|
|
|
|
"/tmp" = {
|
|
|
|
device = "none";
|
|
|
|
fsType = "tmpfs";
|
2024-03-02 22:05:30 +01:00
|
|
|
options = ["defaults" "size=512M" "mode=755"];
|
2023-10-03 16:55:14 +02:00
|
|
|
};
|
|
|
|
"/nix/persist" = {
|
|
|
|
device = "omen-ssd/persist";
|
|
|
|
fsType = "zfs";
|
|
|
|
neededForBoot = true;
|
|
|
|
};
|
|
|
|
"/old/root" = {
|
2023-06-11 23:09:59 +02:00
|
|
|
device = "omen-ssd/local/root";
|
|
|
|
fsType = "zfs";
|
2023-10-03 16:55:14 +02:00
|
|
|
neededForBoot = true;
|
|
|
|
};
|
|
|
|
"/old/home" = {
|
|
|
|
device = "omen-ssd/safe/home";
|
|
|
|
fsType = "zfs";
|
|
|
|
neededForBoot = true;
|
2023-06-11 23:09:59 +02:00
|
|
|
};
|
|
|
|
"/nix" = {
|
|
|
|
device = "omen-ssd/local/nix";
|
|
|
|
fsType = "zfs";
|
|
|
|
};
|
|
|
|
"/home" = {
|
2023-10-03 16:55:14 +02:00
|
|
|
device = "omen-ssd/ephemeral/home";
|
2023-06-11 23:09:59 +02:00
|
|
|
fsType = "zfs";
|
2023-10-03 16:55:14 +02:00
|
|
|
neededForBoot = true;
|
2023-06-11 23:09:59 +02:00
|
|
|
};
|
2023-10-22 00:34:04 +02:00
|
|
|
"/root" = {
|
|
|
|
device = "omen-ssd/ephemeral/root";
|
|
|
|
fsType = "zfs";
|
|
|
|
neededForBoot = true;
|
|
|
|
};
|
|
|
|
"/nix/tmp" = {
|
|
|
|
device = "omen-ssd/ephemeral/nix-tmp";
|
|
|
|
fsType = "zfs";
|
|
|
|
neededForBoot = true;
|
|
|
|
};
|
2023-06-11 23:09:59 +02:00
|
|
|
|
2023-09-02 16:43:30 +02:00
|
|
|
"/boot/1" = {
|
|
|
|
device = "/dev/disk/by-uuid/14647e24-3421-4398-b30e-537de6472433";
|
2023-06-11 23:09:59 +02:00
|
|
|
fsType = "ext4";
|
|
|
|
};
|
2023-09-02 16:43:30 +02:00
|
|
|
"/boot/1/EFI" = {
|
|
|
|
device = "/dev/disk/by-uuid/C58B-3BF8";
|
2023-06-11 23:09:59 +02:00
|
|
|
fsType = "vfat";
|
|
|
|
};
|
|
|
|
|
2024-05-04 21:45:44 +02:00
|
|
|
"/boot/2" = {
|
|
|
|
device = "/dev/disk/by-uuid/7DB2-70BB";
|
|
|
|
fsType = "vfat";
|
|
|
|
};
|
|
|
|
|
2023-10-03 16:55:14 +02:00
|
|
|
"/var/secrets" = {
|
2023-06-11 23:09:59 +02:00
|
|
|
device = "omen-ssd/local/secrets";
|
|
|
|
fsType = "zfs";
|
|
|
|
};
|
|
|
|
|
|
|
|
"/mnt/net/kyle" = {
|
|
|
|
fsType = "nfs";
|
|
|
|
device = "${blowholeAddress}:/mnt/kyle";
|
|
|
|
options = nfsOptions;
|
|
|
|
};
|
|
|
|
"/mnt/net/cartman" = {
|
|
|
|
fsType = "nfs";
|
|
|
|
device = "${blowholeAddress}:/mnt/cartman";
|
|
|
|
options = nfsOptions;
|
|
|
|
};
|
|
|
|
"/mnt/net/stan" = {
|
|
|
|
fsType = "nfs";
|
|
|
|
device = "${blowholeAddress}:/mnt/stan";
|
|
|
|
options = nfsOptions;
|
|
|
|
};
|
|
|
|
"/mnt/net/getmail.d" = {
|
|
|
|
fsType = "nfs";
|
|
|
|
device = "${blowholeAddress}:/var/nfs/getmail/getmail.d";
|
|
|
|
options = nfsOptions;
|
|
|
|
};
|
|
|
|
"/mnt/net/mail-configuration" = {
|
|
|
|
fsType = "nfs";
|
|
|
|
device = "${blowholeAddress}:/var/nfs/mail-configuration";
|
|
|
|
options = nfsOptions;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|