taxborn.com / disks.nix
My disko layout for my desktop
disks.nix
126 lines 4.4 kB view raw
1# Uranium Drive setup (`nvme list`) 2# Node Generic SN Model Namespace Usage Format FW Rev 3# --------------------- --------------------- -------------------- ---------------------------------------- ---------- -------------------------- ---------------- -------- 4# /dev/nvme0n1 /dev/ng0n1 S76ENL0X900787H Samsung SSD 980 PRO 2TB 0x1 244.43 GB / 2.00 TB 512 B + 0 B 5B2QGXA7 5# /dev/nvme1n1 /dev/ng1n1 S76ENL0X900698K Samsung SSD 980 PRO 2TB 0x1 592.59 GB / 2.00 TB 512 B + 0 B 5B2QGXA7 6# /dev/nvme2n1 /dev/ng2n1 P300PBBB240118013691 Patriot M.2 P300 512GB 0x1 512.11 GB / 512.11 GB 512 B + 0 B W0505A3 7# 8# # References 9# FIDO2: https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html 10# Multi-drive: https://github.com/soulcramer/Wimpy-nix-config/blob/main/nixos/maul/disks.nix 11let 12 nvme0 = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S76ENL0X900787H"; 13 nvme1 = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S76ENL0X900698K"; 14 # leaving these unused for now 15 _nvme2 = "/dev/disk/by-id/nvme-Patriot_M.2_P300_512GB_P300PBBB240118013691"; 16 _ssd0 = "/dev/disk/by-id/ata-Samsung_SSD_850_EVO_250GB_S21NNXAG817864H"; 17 18 defaultBtrfsOpts = [ 19 "compress=zstd:1" 20 "discard=async" 21 "noatime" 22 "rw" 23 "space_cache=v2" 24 "ssd" 25 ]; 26 27 defaultExtraFormatArgs = [ 28 "--cipher=aes-xts-plain64" 29 "--hash=sha256" 30 "--iter-time=1000" 31 "--key-size=256" 32 "--pbkdf-memory=1048576" 33 "--sector-size=4096" 34 ]; 35in 36{ 37 disko.devices = { 38 disk = { 39 root-disk = { 40 device = nvme0; 41 type = "disk"; 42 43 content = { 44 type = "gpt"; 45 partitions = { 46 # Boot partition 47 ESP = { 48 # Oversize, but I'd rather have too much here. 49 size = "4G"; 50 type = "EF00"; 51 content = { 52 type = "filesystem"; 53 format = "vfat"; 54 mountpoint = "/boot"; 55 mountOptions = [ "umask=0077" ]; 56 }; 57 }; 58 luks-root = { 59 size = "100%"; 60 content = { 61 type = "luks"; 62 name = "cryptroot"; 63 settings.allowDiscards = true; 64 extraFormatArgs = defaultExtraFormatArgs; 65 postCreateHook = '' 66 sudo systemd-cryptenroll ${nvme0}-part2 --fido2-device=auto 67 ''; 68 content = { 69 type = "btrfs"; 70 extraArgs = [ "-f" ]; 71 subvolumes = { 72 "/root" = { 73 mountpoint = "/"; 74 mountOptions = defaultBtrfsOpts; 75 }; 76 "/nix" = { 77 mountpoint = "/nix"; 78 mountOptions = defaultBtrfsOpts; 79 }; 80 "/swap" = { 81 mountpoint = "/.swapvol"; 82 # 32 GB of RAM + some space 83 swap.swapfile.size = "34G"; 84 }; 85 }; 86 }; 87 }; 88 }; 89 }; 90 }; 91 }; 92 93 home-disk = { 94 device = nvme1; 95 type = "disk"; 96 content = { 97 type = "gpt"; 98 partitions = { 99 luks-home = { 100 size = "100%"; 101 content = { 102 type = "luks"; 103 name = "crypthome"; 104 settings.allowDiscards = true; 105 extraFormatArgs = defaultExtraFormatArgs; 106 postCreateHook = '' 107 sudo systemd-cryptenroll ${nvme1}-part1 --fido2-device=auto 108 ''; 109 content = { 110 type = "btrfs"; 111 extraArgs = [ "-f" ]; 112 subvolumes = { 113 "/home" = { 114 mountpoint = "/home"; 115 mountOptions = defaultBtrfsOpts; 116 }; 117 }; 118 }; 119 }; 120 }; 121 }; 122 }; 123 }; 124 }; 125 }; 126}