{...}: { disko.devices = { disk.boot = { type = "disk"; device = "/dev/sda"; content = { type = "table"; format = "gpt"; partitions = [ { name = "boot"; start = "0"; end = "1MiB"; part-type = "primary"; flags = ["bios_grub"]; } { name = "ESP"; start = "1MiB"; end = "513MiB"; bootable = true; content = { type = "filesystem"; format = "vfat"; mountpoint = "/boot"; }; } { name = "swap"; start = "513MiB"; end = "4609MiB"; content = { type = "swap"; randomEncryption = true; }; } { name = "altra-zpool"; start = "4609MiB"; end = "100%"; content = { type = "zfs"; pool = "altra-zpool"; }; } ]; }; }; zpool.altra-zpool = { type = "zpool"; rootFsOptions = { compression = "zstd-2"; acltype = "posixacl"; xattr = "sa"; atime = "off"; }; datasets = { "local" = { type = "zfs_fs"; options.mountpoint = "none"; }; "local/nix" = { type = "zfs_fs"; mountpoint = "/nix"; options.mountpoint = "legacy"; }; "persist" = { type = "zfs_fs"; options.mountpoint = "none"; }; "persist/nomad" = { type = "zfs_fs"; mountpoint = "/var/lib/nomad"; options.mountpoint = "legacy"; mountOptions = ["defaults" "noexec"]; }; "persist/consul" = { type = "zfs_fs"; mountpoint = "/var/lib/consul"; options.mountpoint = "legacy"; mountOptions = ["defaults" "noexec"]; }; "persist/log" = { type = "zfs_fs"; mountpoint = "/var/log"; options.mountpoint = "legacy"; mountOptions = ["defaults" "noexec"]; }; "persist/etc" = { type = "zfs_fs"; mountpoint = "/nix/persist/etc"; options.mountpoint = "legacy"; mountOptions = ["defaults" "noexec"]; }; "persist/secret" = { type = "zfs_fs"; mountpoint = "/var/secrets"; options.mountpoint = "legacy"; mountOptions = ["defaults" "noexec"]; }; "persist/var" = { type = "zfs_fs"; options.mountpoint = "none"; }; "persist/var/lib" = { type = "zfs_fs"; options.mountpoint = "none"; }; "persist/var/lib/nixos" = { type = "zfs_fs"; mountpoint = "/var/lib/nixos"; options.mountpoint = "legacy"; mountOptions = ["defaults" "noexec"]; }; "persist/var/lib/acme.sh" = { type = "zfs_fs"; mountpoint = "/var/lib/acme.sh"; options.mountpoint = "legacy"; mountOptions = ["defaults" "noexec"]; }; }; }; nodev = { "/" = { fsType = "tmpfs"; mountOptions = ["defaults" "size=512M" "mode=755" "noexec"]; }; "/tmp" = { fsType = "tmpfs"; mountOptions = ["defaults" "size=1024M" "mode=755" "exec"]; }; }; }; fileSystems."/nix/persist/etc".neededForBoot = true; systemd.tmpfiles.rules = [ "d /nix/persist/etc/ssh - - - - -" ]; system.activationScripts = { machine-id = '' ln -sf /nix/persist/etc/machine-id /etc/machine-id ''; }; environment.etc."ssh/ssh_host_rsa_key".source = "/nix/persist/etc/ssh/ssh_host_rsa_key"; environment.etc."ssh/ssh_host_rsa_key.pub".source = "/nix/persist/etc/ssh/ssh_host_rsa_key.pub"; environment.etc."ssh/ssh_host_ed25519_key".source = "/nix/persist/etc/ssh/ssh_host_ed25519_key"; environment.etc."ssh/ssh_host_ed25519_key.pub".source = "/nix/persist/etc/ssh/ssh_host_ed25519_key.pub"; }