modify some disko config
This commit is contained in:
parent
1b1815312b
commit
d47202c383
GPG key ID:
63E86C3C14A0D721
3 changed files with 139 additions and 38 deletions
|
|
@ -16,6 +16,7 @@
|
|||
# Include the hardware related config
|
||||
./hardware-configuration.nix
|
||||
./networking.nix
|
||||
./disk-config.nix
|
||||
];
|
||||
|
||||
youthlic = {
|
||||
|
|
|
|||
133
nixos/configurations/Tytonidae/disk-config.nix
Normal file
133
nixos/configurations/Tytonidae/disk-config.nix
Normal file
|
|
@ -0,0 +1,133 @@
|
|||
{ ... }:
|
||||
{
|
||||
disko.devices = {
|
||||
disk = {
|
||||
disk1 = {
|
||||
type = "disk";
|
||||
device = "/dev/nvme0n1";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
ESP = {
|
||||
name = "ESP";
|
||||
size = "512M";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
mountOptions = [
|
||||
"umask=0077"
|
||||
"defaults"
|
||||
];
|
||||
};
|
||||
};
|
||||
crypto1 = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "luks";
|
||||
name = "crypto1";
|
||||
passwordFile = "/tmp/secret.key";
|
||||
settings = {
|
||||
allowDiscards = true;
|
||||
fallbackToPassword = true;
|
||||
# keyFile = "/dev/disk/by-label/LUKS_DECR";
|
||||
# keyFileSize = 512 * 64;
|
||||
# keyFileOffset = 512 * 192;
|
||||
};
|
||||
initrdUnlock = true;
|
||||
extraFormatArgs = [
|
||||
"--type luks2"
|
||||
"--cipher aes-xts-plain64"
|
||||
"--hash sha512"
|
||||
"--iter-time 5000"
|
||||
"--pbkdf argon2id"
|
||||
"--key-size 256"
|
||||
"--use-random"
|
||||
];
|
||||
extraOpenArgs = [
|
||||
"--timeout 10"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
disk2 = {
|
||||
type = "disk";
|
||||
device = "/dev/nvme1n1";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
crypto2 = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "luks";
|
||||
name = "crypto2";
|
||||
passwordFile = "/tmp/secret.key";
|
||||
settings = {
|
||||
allowDiscards = true;
|
||||
fallbackToPassword = true;
|
||||
# keyFile = "/dev/disk/by-label/LUKS_DECR";
|
||||
# keyFileSize = 512 * 64;
|
||||
# keyFileOffset = 512 * 192;
|
||||
};
|
||||
initrdUnlock = true;
|
||||
extraFormatArgs = [
|
||||
"--type luks2"
|
||||
"--cipher aes-xts-plain64"
|
||||
"--hash sha512"
|
||||
"--iter-time 5000"
|
||||
"--pbkdf argon2id"
|
||||
"--key-size 256"
|
||||
"--use-random"
|
||||
];
|
||||
extraOpenArgs = [
|
||||
"--timeout 10"
|
||||
];
|
||||
content = {
|
||||
type = "btrfs";
|
||||
extraArgs = [
|
||||
"-f"
|
||||
"-m dup"
|
||||
"-d raid0"
|
||||
"/dev/mapper/crypto1"
|
||||
];
|
||||
subvolumes = {
|
||||
"@root" = {
|
||||
mountpoint = "/";
|
||||
mountOptions = [
|
||||
"compress=zstd"
|
||||
"noatime"
|
||||
];
|
||||
};
|
||||
"@nix" = {
|
||||
mountpoint = "/nix";
|
||||
mountOptions = [
|
||||
"compress=zstd"
|
||||
"noatime"
|
||||
];
|
||||
};
|
||||
"@home" = {
|
||||
mountpoint = "/home";
|
||||
mountOptions = [
|
||||
"compress=zstd"
|
||||
"noatime"
|
||||
];
|
||||
};
|
||||
"@swap" = {
|
||||
mountpoint = "/swap";
|
||||
swap = {
|
||||
swapfile.size = "32G";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -1,57 +1,24 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
modulesPath,
|
||||
...
|
||||
}:
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [
|
||||
"xhci_pci"
|
||||
"thunderbolt"
|
||||
"nvme"
|
||||
"usbhid"
|
||||
"usb_storage"
|
||||
"sd_mod"
|
||||
];
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/b638dbc9-8945-482d-9d10-193271d3df98";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/A779-6930";
|
||||
fsType = "vfat";
|
||||
options = [
|
||||
"fmask=0077"
|
||||
"dmask=0077"
|
||||
];
|
||||
};
|
||||
|
||||
swapDevices = [
|
||||
{ device = "/dev/disk/by-uuid/7f7e95f2-8f2a-4998-bd71-01466e8ecc98"; }
|
||||
];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp0s13f0u1u1.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue