{ ... }: { disko.devices = { disk.boot = { type = "disk"; device = "/dev/sda"; content = { type = "table"; format = "gpt"; partitions = [ { name = "boot"; start = "0"; end = "1MiB"; part-type = "primary"; flags = [ "bios_grub" ]; } { name = "ESP"; start = "1MiB"; end = "513MiB"; bootable = true; content = { type = "filesystem"; format = "vfat"; mountpoint = "/boot"; }; } { name = "swap"; start = "513MiB"; end = "4609MiB"; content = { type = "swap"; randomEncryption = true; }; } { name = "altra-zpool"; start = "4609MiB"; end = "100%"; content = { type = "zfs"; pool = "altra-zpool"; }; } ]; }; }; zpool.altra-zpool = { type = "zpool"; rootFsOptions = { compression = "zstd-2"; acltype = "posixacl"; xattr = "sa"; atime = "off"; }; datasets = { "local" = { type = "zfs_fs"; options.mountpoint = "none"; }; "local/nix" = { type = "zfs_fs"; mountpoint = "/nix"; options.mountpoint = "legacy"; }; "persist" = { type = "zfs_fs"; options.mountpoint = "none"; }; "persist/nomad" = { type = "zfs_fs"; mountpoint = "/var/lib/nomad"; options.mountpoint = "legacy"; mountOptions = [ "defaults""noexec" ]; }; "persist/consul" = { type = "zfs_fs"; mountpoint = "/var/lib/consul"; options.mountpoint = "legacy"; mountOptions = [ "defaults" "noexec" ]; }; "persist/log" = { type = "zfs_fs"; mountpoint = "/var/log"; options.mountpoint = "legacy"; mountOptions = [ "defaults" "noexec" ]; }; "persist/etc" = { type = "zfs_fs"; mountpoint = "/nix/persist/etc"; options.mountpoint = "legacy"; mountOptions = [ "defaults" "noexec" ]; }; "persist/secret" = { type = "zfs_fs"; mountpoint = "/var/secret"; options.mountpoint = "legacy"; mountOptions = [ "defaults" "noexec" ]; }; "persist/var" = { type = "zfs_fs"; options.mountpoint = "none"; }; "persist/var/lib" = { type = "zfs_fs"; options.mountpoint = "none"; }; "persist/var/lib/nixos" = { type = "zfs_fs"; mountpoint = "/var/lib/nixos"; options.mountpoint = "legacy"; mountOptions = [ "defaults" "noexec" ]; }; }; }; nodev = { "/" = { fsType = "tmpfs"; mountOptions = [ "defaults" "size=512M" "mode=755" "noexec" ]; }; }; }; fileSystems."/nix/persist/etc".neededForBoot = true; systemd.tmpfiles.rules = [ "d /nix/persist/etc/ssh - - - - -" ]; system.activationScripts = { machine-id = '' ln -sf /nix/persist/etc/machine-id /etc/machine-id ''; }; environment.etc."ssh/ssh_host_rsa_key".source = "/nix/persist/etc/ssh/ssh_host_rsa_key"; environment.etc."ssh/ssh_host_rsa_key.pub".source = "/nix/persist/etc/ssh/ssh_host_rsa_key.pub"; environment.etc."ssh/ssh_host_ed25519_key".source = "/nix/persist/etc/ssh/ssh_host_ed25519_key"; environment.etc."ssh/ssh_host_ed25519_key.pub".source = "/nix/persist/etc/ssh/ssh_host_ed25519_key.pub"; }