tristan/nix
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity
nix/systems/nixos-he4/disko.nix

375 lines
11 KiB
Nix
Raw Blame History

###############################################################################
# WARNING
#
# This is only a tempalte used on system setup
# due to relatively early bachefs support in disko.nix
# everything was partitioned manually, this conf is here for reference
# but not used in the live system
#
###############################################################################
###############################################################################
# sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko systems/nixos-he4/disko.nix
#
# pci-0000:2c:00.0-nvme-1 -> ../../nmve1n1 -> crypted_ssd0
# pci-0000:2d:00.0-nvme-1 -> ../../nvme0n1 -> crypted_ssd1
# pci-0000:01:00.0-ata-1 -> ../../sda -> crypted_hdd_0
# pci-0000:01:00.0-ata-2 -> ../../sdb -> crypted_hdd_1
# pci-0000:01:00.0-ata-3 -> ../../sdc -> crypted_hdd_2
# pci-0000:01:00.0-ata-4 -> ../../sdd -> crypted_hdd_3
# pci-0000:02:00.1-ata-3 -> ../../sde -> crypted_hdd_4
# pci-0000:02:00.1-ata-4 -> ../../sdf -> crypted_hdd_5
# pci-0000:25:00.0-ata-1 -> ../../sdg -> crypted_hdd_6
# pci-0000:25:00.0-ata-2 -> ../../sdh -> crypted_hdd_7
# pci-0000:25:00.0-ata-3 -> ../../sdi -> crypted_hdd_8
# pci-0000:25:00.0-ata-4 -> ../../sdj -> crypted_hdd_9
#
# FORMAT:
# bcachefs format \
# --label=hdd.hdd0 /dev/mapper/crypted_hdd0 \
# --label=hdd.hdd1 /dev/mapper/crypted_hdd1 \
# --label=hdd.hdd2 /dev/mapper/crypted_hdd2 \
# --label=hdd.hdd3 /dev/mapper/crypted_hdd3 \
# --label=hdd.hdd4 /dev/mapper/crypted_hdd4 \
# --label=hdd.hdd5 /dev/mapper/crypted_hdd5 \
# --label=hdd.hdd6 /dev/mapper/crypted_hdd6 \
# --label=hdd.hdd7 /dev/mapper/crypted_hdd7 \
# --label=hdd.hdd8 /dev/mapper/crypted_hdd8 \
# --label=hdd.hdd9 /dev/mapper/crypted_hdd9 \
# --label=ssd.ssd0 /dev/mapper/crypted_ssd0 \
# --label=ssd.ssd1 /dev/mapper/crypted_ssd1 \
# --replicas=2 \
# --erasure_code \
# --background_compression=zstd \
# --foreground_target=ssd \
# --promote_target=ssd \
# --background_target=hdd
#
##############################
##############################
# MOUNT
#
# mount -t bcachefs \
# /dev/mapper/crypted_ssd0:\
# /dev/mapper/crypted_ssd1:\
# /dev/mapper/crypted_hdd0:\
# /dev/mapper/crypted_hdd1:\
# /dev/mapper/crypted_hdd2:\
# /dev/mapper/crypted_hdd3:\
# /dev/mapper/crypted_hdd4:\
# /dev/mapper/crypted_hdd5:\
# /dev/mapper/crypted_hdd6:\
# /dev/mapper/crypted_hdd7:\
# /dev/mapper/crypted_hdd8:\
# /dev/mapper/crypted_hdd9\
# /mnt
#
##############################
let
cryptOpenArgs = [
"--allow-discards"
"--perf-same_cpu_crypt"
"--perf-submit_from_crypt_cpus"
"--perf-no_read_workqueue"
"--perf-no_write_workqueue"
];
in
{
# The manual definitions are generated by nixos-generate-config
# the commented out stuff are partitions created by disko
# bcachefs is not handled well by disko so it is handled seperately
fileSystems."/" = {
device = "UUID=22d3e827-0ac1-4c66-ab88-bcd8b1cfd788";
fsType = "bcachefs";
};
# fileSystems."/boot" = {
# device = "/dev/disk/by-uuid/2877-9E1D";
# fsType = "vfat";
# };
#swapDevices = [
# { device = "/dev/disk/by-uuid/82221e84-072a-4f68-a78b-59eb368f684f"; }
# { device = "/dev/disk/by-uuid/cc0792e2-c67c-44af-af28-6645f6e5dda2"; }
# ];
disko.devices = {
disk = {
crypt_ssd0 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:2c:00.0-nvme-1";
content = {
type = "gpt";
partitions = {
ESP = {
label = "fake_EFI";
name = "fake_ESP";
size = "1024M";
type = "8300";
};
luks = {
end = "-96G";
content = {
type = "luks";
name = "crypted_ssd0";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
luksSwap = {
end = "-32G";
content = {
type = "luks";
name = "crypted_swap0";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
content = {
type = "swap";
};
};
};
};
};
};
crypt_ssd1 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:2d:00.0-nvme-1";
content = {
type = "gpt";
partitions = {
ESP = {
label = "real_EFI";
name = "ESP";
size = "1024M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
end = "-96G";
content = {
type = "luks";
name = "crypted_ssd1";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
luksSwap = {
end = "-32G";
content = {
type = "luks";
name = "crypted_swap1";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key ";
additionalKeyFiles = [ ];
content = {
type = "swap";
resumeDevice = true;
};
};
};
};
};
};
crypt_hdd0 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:01:00.0-ata-1";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd0";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd1 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:01:00.0-ata-2";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd1";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd2 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:01:00.0-ata-3";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd2";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd3 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:01:00.0-ata-4";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd3";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd4 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:02:00.1-ata-3";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd4";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd5 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:02:00.1-ata-4";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd5";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd6 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:25:00.0-ata-1";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd6";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd7 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:25:00.0-ata-2";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd7";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd8 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:25:00.0-ata-3";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd8";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd9 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:25:00.0-ata-4";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd9";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
};
};
}
Reference in a new issue View git blame Copy permalink