mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-11-27 02:26:14 +01:00
aff0158ef7
Signed-off-by: magic_rb <magic_rb@redalder.org>
161 lines
3.9 KiB
Nix
161 lines
3.9 KiB
Nix
{...}: {
|
|
disko.devices = {
|
|
disk.boot = {
|
|
type = "disk";
|
|
device = "/dev/sda";
|
|
|
|
content = {
|
|
type = "table";
|
|
format = "gpt";
|
|
|
|
partitions = [
|
|
{
|
|
name = "boot";
|
|
start = "0";
|
|
end = "1MiB";
|
|
part-type = "primary";
|
|
flags = ["bios_grub"];
|
|
}
|
|
{
|
|
name = "ESP";
|
|
start = "1MiB";
|
|
end = "513MiB";
|
|
bootable = true;
|
|
content = {
|
|
type = "filesystem";
|
|
format = "vfat";
|
|
mountpoint = "/boot";
|
|
};
|
|
}
|
|
{
|
|
name = "swap";
|
|
start = "513MiB";
|
|
end = "4609MiB";
|
|
content = {
|
|
type = "swap";
|
|
randomEncryption = true;
|
|
};
|
|
}
|
|
{
|
|
name = "altra-zpool";
|
|
start = "4609MiB";
|
|
end = "100%";
|
|
content = {
|
|
type = "zfs";
|
|
pool = "altra-zpool";
|
|
};
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
zpool.altra-zpool = {
|
|
type = "zpool";
|
|
rootFsOptions = {
|
|
compression = "zstd-2";
|
|
acltype = "posixacl";
|
|
xattr = "sa";
|
|
atime = "off";
|
|
};
|
|
|
|
datasets = {
|
|
"local" = {
|
|
type = "zfs_fs";
|
|
options.mountpoint = "none";
|
|
};
|
|
|
|
"local/nix" = {
|
|
type = "zfs_fs";
|
|
mountpoint = "/nix";
|
|
options.mountpoint = "legacy";
|
|
};
|
|
|
|
"persist" = {
|
|
type = "zfs_fs";
|
|
options.mountpoint = "none";
|
|
};
|
|
|
|
"persist/nomad" = {
|
|
type = "zfs_fs";
|
|
mountpoint = "/var/lib/nomad";
|
|
options.mountpoint = "legacy";
|
|
mountOptions = ["defaults" "noexec"];
|
|
};
|
|
|
|
"persist/consul" = {
|
|
type = "zfs_fs";
|
|
mountpoint = "/var/lib/consul";
|
|
options.mountpoint = "legacy";
|
|
mountOptions = ["defaults" "noexec"];
|
|
};
|
|
|
|
"persist/log" = {
|
|
type = "zfs_fs";
|
|
mountpoint = "/var/log";
|
|
options.mountpoint = "legacy";
|
|
mountOptions = ["defaults" "noexec"];
|
|
};
|
|
|
|
"persist/etc" = {
|
|
type = "zfs_fs";
|
|
mountpoint = "/nix/persist/etc";
|
|
options.mountpoint = "legacy";
|
|
mountOptions = ["defaults" "noexec"];
|
|
};
|
|
|
|
"persist/secret" = {
|
|
type = "zfs_fs";
|
|
mountpoint = "/var/secrets";
|
|
options.mountpoint = "legacy";
|
|
mountOptions = ["defaults" "noexec"];
|
|
};
|
|
|
|
"persist/var" = {
|
|
type = "zfs_fs";
|
|
options.mountpoint = "none";
|
|
};
|
|
|
|
"persist/var/lib" = {
|
|
type = "zfs_fs";
|
|
options.mountpoint = "none";
|
|
};
|
|
|
|
"persist/var/lib/nixos" = {
|
|
type = "zfs_fs";
|
|
mountpoint = "/var/lib/nixos";
|
|
options.mountpoint = "legacy";
|
|
mountOptions = ["defaults" "noexec"];
|
|
};
|
|
};
|
|
};
|
|
|
|
nodev = {
|
|
"/" = {
|
|
fsType = "tmpfs";
|
|
mountOptions = ["defaults" "size=512M" "mode=755" "noexec"];
|
|
};
|
|
"/tmp" = {
|
|
fsType = "tmpfs";
|
|
mountOptions = ["defaults" "size=1024M" "mode=755" "exec"];
|
|
};
|
|
};
|
|
};
|
|
|
|
fileSystems."/nix/persist/etc".neededForBoot = true;
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"d /nix/persist/etc/ssh - - - - -"
|
|
];
|
|
|
|
system.activationScripts = {
|
|
machine-id = ''
|
|
ln -sf /nix/persist/etc/machine-id /etc/machine-id
|
|
'';
|
|
};
|
|
|
|
environment.etc."ssh/ssh_host_rsa_key".source = "/nix/persist/etc/ssh/ssh_host_rsa_key";
|
|
environment.etc."ssh/ssh_host_rsa_key.pub".source = "/nix/persist/etc/ssh/ssh_host_rsa_key.pub";
|
|
environment.etc."ssh/ssh_host_ed25519_key".source = "/nix/persist/etc/ssh/ssh_host_ed25519_key";
|
|
environment.etc."ssh/ssh_host_ed25519_key.pub".source = "/nix/persist/etc/ssh/ssh_host_ed25519_key.pub";
|
|
}
|