From 48798433f9cdf0c84be9a7838e695afe79d7b47e Mon Sep 17 00:00:00 2001 From: Nico Date: Sat, 3 May 2025 16:16:01 +1000 Subject: [PATCH] nix: init disko --- flake.lock | 22 ++++++++++ flake.nix | 6 ++- hosts/disko-desktop.nix | 61 ++++++++++++++++++++++++++ hosts/pluto/hardware-configuration.nix | 17 ------- 4 files changed, 88 insertions(+), 18 deletions(-) create mode 100644 hosts/disko-desktop.nix diff --git a/flake.lock b/flake.lock index 6c1e74e..38e9068 100644 --- a/flake.lock +++ b/flake.lock @@ -21,6 +21,27 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736864502, + "narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=", + "owner": "nix-community", + "repo": "disko", + "rev": "0141aabed359f063de7413f80d906e1d98c0c123", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "latest", + "repo": "disko", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -206,6 +227,7 @@ }, "root": { "inputs": { + "disko": "disko", "lanzaboote": "lanzaboote", "nix-darwin": "nix-darwin", "nixpkgs": "nixpkgs" diff --git a/flake.nix b/flake.nix index a4b21f9..fb37b9c 100644 --- a/flake.nix +++ b/flake.nix @@ -8,9 +8,11 @@ lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; nix-darwin.url = "github:LnL7/nix-darwin"; nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; + disko.url = "github:nix-community/disko/latest"; + disko.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = { self, nixpkgs, lanzaboote, nix-darwin, ... }@inputs: { + outputs = { self, nixpkgs, lanzaboote, nix-darwin, disko, ... }@inputs: { nixosConfigurations.pluto = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ @@ -31,6 +33,8 @@ ./modules/linux/secureboot.nix lanzaboote.nixosModules.lanzaboote + ./hosts/disko-desktop.nix + disko.nixosModules.disko ./hosts/pluto/conf.nix ./hosts/pluto/hardware-configuration.nix ]; diff --git a/hosts/disko-desktop.nix b/hosts/disko-desktop.nix new file mode 100644 index 0000000..5d73a54 --- /dev/null +++ b/hosts/disko-desktop.nix @@ -0,0 +1,61 @@ +{ ... }: + +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "root"; + passwordFile = "/tmp/secret.key"; + settings = { + allowDiscards = true; + }; +# additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/swap" = { + mountpoint = "/.swapvol"; + swap.swapfile.size = "1G"; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/pluto/hardware-configuration.nix b/hosts/pluto/hardware-configuration.nix index 3799a99..861da36 100644 --- a/hosts/pluto/hardware-configuration.nix +++ b/hosts/pluto/hardware-configuration.nix @@ -13,23 +13,6 @@ boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/d987bb46-2de5-4e0a-a1dd-381118166968"; - fsType = "btrfs"; - }; - - boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/64a5f122-22e5-4d81-b249-d29ea111f69c"; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/88BC-99EF"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/f738dd4d-1f52-41df-b91b-f56e5ed99b27"; } - ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction