dotfiles/nixos/systems/omen/filesystems.nix

128 lines
2.9 KiB
Nix
Raw Normal View History

{secret, ...}: let
nfsOptions = [
"noauto"
"X-mount.mkdir"
"x-systemd.device-timeout=10"
"timeo=14"
"soft"
"noatime"
"x-systemd.after=wireguard-wg0.target"
"x-systemd.wants=wireguard-wg0.target"
];
blowholeAddress = secret.network.ips.blowhole.dns or "";
in {
boot.zfs.requestEncryptionCredentials = [];
systemd.services.nix-daemon.environment.TMPDIR = "/nix/tmp";
boot.initrd.luks.devices."cryptroot-2" = {
device = "/dev/disk/by-uuid/48e4fe52-9785-42cb-adfc-16776492944e";
allowDiscards = true;
crypttabExtraOpts = [
"cipher=xchacha20\\,aes-adiantum-plain64"
];
};
fileSystems = {
"/" = {
device = "none";
fsType = "tmpfs";
options = ["defaults" "size=512M" "mode=755" "noexec"];
};
"/tmp" = {
device = "none";
fsType = "tmpfs";
options = ["defaults" "size=512M" "mode=755"];
};
"/nix/persist" = {
device = "omen-ssd/persist";
fsType = "zfs";
neededForBoot = true;
};
"/old/root" = {
device = "omen-ssd/local/root";
fsType = "zfs";
neededForBoot = true;
};
"/old/home" = {
device = "omen-ssd/safe/home";
fsType = "zfs";
neededForBoot = true;
};
"/nix" = {
device = "omen-ssd/local/nix";
fsType = "zfs";
};
"/home" = {
device = "omen-ssd/ephemeral/home";
fsType = "zfs";
neededForBoot = true;
};
"/root" = {
device = "omen-ssd/ephemeral/root";
fsType = "zfs";
neededForBoot = true;
};
"/nix/tmp" = {
device = "omen-ssd/ephemeral/nix-tmp";
fsType = "zfs";
neededForBoot = true;
};
"/boot/1" = {
device = "/dev/disk/by-uuid/14647e24-3421-4398-b30e-537de6472433";
fsType = "ext4";
};
"/boot/1/EFI" = {
device = "/dev/disk/by-uuid/C58B-3BF8";
fsType = "vfat";
};
"/boot/2" = {
device = "/dev/disk/by-uuid/7DB2-70BB";
fsType = "vfat";
};
"/var/secrets" = {
device = "omen-ssd/local/secrets";
fsType = "zfs";
};
"/mnt/net/kyle" = {
fsType = "nfs";
device = "${blowholeAddress}:/mnt/kyle";
options = nfsOptions;
};
"/mnt/net/cartman" = {
fsType = "nfs";
device = "${blowholeAddress}:/mnt/cartman";
options = nfsOptions;
};
"/mnt/net/stan" = {
fsType = "nfs";
device = "${blowholeAddress}:/mnt/stan";
options = nfsOptions;
};
"/mnt/net/getmail.d" = {
fsType = "nfs";
device = "${blowholeAddress}:/var/nfs/getmail/getmail.d";
options = nfsOptions;
};
"/mnt/net/mail-configuration" = {
fsType = "nfs";
device = "${blowholeAddress}:/var/nfs/mail-configuration";
options = nfsOptions;
};
};
zfs.health = {
enable = true;
pools."omen-ssd" = {
trim = {
schedule = "Sun *-*-* 03:00:00";
};
};
};
}