diff options
| author | Baitinq <manuelpalenzuelamerino@gmail.com> | 2022-10-03 11:36:24 +0200 |
|---|---|---|
| committer | Baitinq <manuelpalenzuelamerino@gmail.com> | 2022-10-04 23:43:17 +0200 |
| commit | 0392a184fc08d748d61e74f5dcce9d2880b71dd2 (patch) | |
| tree | 966cb5f733b090322520b5438f0c96a7575cfd1d | |
| parent | mkHost: Set hostname as host + "-" + hardware (diff) | |
| download | nixos-config-0392a184fc08d748d61e74f5dcce9d2880b71dd2.tar.gz nixos-config-0392a184fc08d748d61e74f5dcce9d2880b71dd2.tar.bz2 nixos-config-0392a184fc08d748d61e74f5dcce9d2880b71dd2.zip | |
Hardware: Laptop: Add disks utilities programs
| -rw-r--r-- | hardware/laptop/disks.nix | 166 |
1 files changed, 128 insertions, 38 deletions
diff --git a/hardware/laptop/disks.nix b/hardware/laptop/disks.nix index c2487e9..4131912 100644 --- a/hardware/laptop/disks.nix +++ b/hardware/laptop/disks.nix @@ -1,53 +1,143 @@ { config, lib, inputs, pkgs, modulesPath, isIso, ... }: +let + HDD = "/dev/disk/by-id/wwn-0x5000c5009e0984c7"; + + partitionsCreateScript = '' + parted -s "${HDD}" mklabel gpt + parted -s "${HDD}" mkpart "efi" fat32 1024KiB 64M + parted -s "${HDD}" set 1 esp on + parted -s -a optimal "${HDD}" mkpart "boot" 64M 264M + parted -s -a optimal "${HDD}" mkpart "root" 264M 100% + + udevadm trigger --subsystem-match=block; udevadm settle + ''; + partitionsFormatScript = '' + mkfs.vfat "${HDD}"-part1 + cryptsetup -q luksFormat "${HDD}"-part2 --type luks1 + cryptsetup open --type luks "${HDD}"-part2 encrypted_boot + mkfs.ext4 /dev/mapper/encrypted_boot + cryptsetup close encrypted_boot + cryptsetup -q luksFormat "${HDD}"-part3 --type luks2 + cryptsetup open --type luks "${HDD}"-part3 encrypted_root + pvcreate /dev/mapper/encrypted_root + vgcreate encrypted_root_pool /dev/mapper/encrypted_root + lvcreate -L 4G -n persist encrypted_root_pool + mkfs.btrfs -f /dev/mapper/encrypted_root_pool-persist + lvcreate -L 128G -n nix encrypted_root_pool + mkfs.btrfs -f /dev/mapper/encrypted_root_pool-nix + lvcreate -l 100%FREE -n home encrypted_root_pool + mkfs.btrfs -f /dev/mapper/encrypted_root_pool-home + vgchange -a n encrypted_root_pool + cryptsetup close encrypted_root + ''; + partitionsMountScript = '' + mount -t tmpfs none /mnt + mkdir -p /mnt/{boot,nix,persist,home} + + cryptsetup open --type luks /dev/disk/by-partlabel/boot encrypted_boot + mount /dev/mapper/encrypted_boot /mnt/boot + mkdir -p /mnt/boot/efi + mount /dev/disk/by-partlabel/efi /mnt/boot/efi + cryptsetup open --type luks /dev/disk/by-partlabel/root encrypted_root + vgchange -ay encrypted_root_pool + mount -o compress-force=zstd /dev/mapper/encrypted_root_pool-home /mnt/home + mount -o compress-force=zstd,noatime /dev/mapper/encrypted_root_pool-persist /mnt/persist + mount -o compress-force=zstd,noatime /dev/mapper/encrypted_root_pool-nix /mnt/nix + ''; +in { + config = { - environment.persistence."/persist" = { - directories = [ - "/var/log" - "/var/lib" - ]; - files = [ - "/etc/machine-id" - "/etc/nix/id_rsa" - ]; - }; + environment.persistence."/persist" = { + directories = [ + "/var/log" + "/var/lib" + ]; + files = [ + "/etc/machine-id" + "/etc/nix/id_rsa" + ]; + }; - fileSystems."/" = { - device = "none"; - fsType = "tmpfs"; - options = [ "defaults" "mode=755" ]; - }; + fileSystems."/" = { + device = "none"; + fsType = "tmpfs"; + options = [ "defaults" "mode=755" ]; + }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/0A8B-3968"; - fsType = "vfat"; - }; + boot.initrd.luks.devices."encrypted_boot" = { + device = "/dev/disk/by-partlabel/boot"; + preLVM = true; + }; - boot.initrd.luks.devices."encrypted_root".device = "/dev/disk/by-uuid/6db0e43d-f73f-4cf0-81f6-9391f9d03ca0"; + fileSystems."/boot" = { + device = "/dev/mapper/encrypted_boot"; + fsType = "ext4"; + }; - fileSystems."/persist" = { - device = "/dev/mapper/encrypted_root"; - fsType = "btrfs"; - neededForBoot = true; - options = [ "subvol=persist" "compress-force=zstd" "noatime" ]; - }; + fileSystems."/boot/efi" = { + device = "/dev/disk/by-partlabel/efi"; + fsType = "vfat"; + }; - fileSystems."/nix" = { - device = "/dev/mapper/encrypted_root"; - fsType = "btrfs"; - options = [ "subvol=nix" "compress-force=zstd" "noatime" ]; - }; + boot.initrd.luks.devices."encrypted_root".device = "/dev/disk/by-partlabel/root"; + + fileSystems."/nix" = { + device = "/dev/mapper/encrypted_root_pool-nix"; + fsType = "btrfs"; + neededForBoot = true; + options = [ "compress-force=zstd" "noatime" ]; + }; - fileSystems."/home" = { - device = "/dev/mapper/encrypted_root"; - fsType = "btrfs"; - options = [ "subvol=home" "compress-force=zstd" ]; + fileSystems."/persist" = { + device = "/dev/mapper/encrypted_root_pool-persist"; + fsType = "btrfs"; + neededForBoot = true; + options = [ "compress-force=zstd" "noatime" ]; + }; + + fileSystems."/home" = { + device = "/dev/mapper/encrypted_root_pool-home"; + fsType = "btrfs"; + options = [ "compress-force=zstd" ]; + }; + + swapDevices = [ ]; + + services.btrfs.autoScrub.enable = true; + + zramSwap.enable = true; + + + environment.systemPackages = [ + config.disks-create + config.disks-format + config.disks-mount + ]; }; - swapDevices = [ ]; + options.disks-create = with lib; mkOption rec { + type = types.package; + default = with pkgs; symlinkJoin { + name = "disks-create"; + paths = [ (writeScriptBin default.name partitionsCreateScript) parted ]; + }; + }; - services.btrfs.autoScrub.enable = true; + options.disks-format = with lib; mkOption rec { + type = types.package; + default = with pkgs; symlinkJoin { + name = "disks-format"; + paths = [ (writeScriptBin default.name partitionsFormatScript) cryptsetup lvm2 dosfstools e2fsprogs btrfs-progs ]; + }; + }; - zramSwap.enable = true; + options.disks-mount = with lib; mkOption rec { + type = types.package; + default = with pkgs; symlinkJoin { + name = "disks-mount"; + paths = [ (writeScriptBin default.name partitionsMountScript) cryptsetup lvm2 ]; + }; + }; } |