From 6795b5bd64c240cd989b2db12eb5c4652e48aecd Mon Sep 17 00:00:00 2001
From: Baitinq <manuelpalenzuelamerino@gmail.com>
Date: Fri, 9 Sep 2022 01:15:18 +0200
Subject: Implement host-hardware separation

---
 hosts/vm/hardware/virtualbox/disks.nix | 57 ++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 hosts/vm/hardware/virtualbox/disks.nix

(limited to 'hosts/vm/hardware/virtualbox/disks.nix')

diff --git a/hosts/vm/hardware/virtualbox/disks.nix b/hosts/vm/hardware/virtualbox/disks.nix
new file mode 100644
index 0000000..6ba15ec
--- /dev/null
+++ b/hosts/vm/hardware/virtualbox/disks.nix
@@ -0,0 +1,57 @@
+{ config, lib, inputs, pkgs, modulesPath, ... }:
+{
+
+  environment.persistence."/persist" = {
+    directories = [
+      "/var/log"
+      "/var/lib"
+    ];
+    files = [
+      "/etc/machine-id"
+      "/etc/nix/id_rsa"
+    ];
+  };
+
+  fileSystems."/" = {
+    device = "none";
+    fsType = "tmpfs";
+  };
+
+  boot.initrd.luks.devices."encrypted_boot".device = "/dev/disk/by-partlabel/boot";
+
+  fileSystems."/boot" = {
+    device = "/dev/mapper/encrypted_boot";
+    fsType = "vfat";
+  };
+
+  fileSystems."/boot/efi" = {
+    device = "/dev/disk/by-partlabel/efi";
+    fsType = "vfat";
+  };
+
+  boot.initrd.luks.devices."encrypted_root".device = "/dev/disk/by-partlabel/root";
+
+  fileSystems."/nix" = {
+    device = "/dev/mapper/encrypted_root";
+    fsType = "btrfs";
+    options = [ "subvol=nix" "compress-force=zstd" "noatime" ];
+  };
+
+  fileSystems."/persist" = {
+    device = "/dev/mapper/encrypted_root";
+    fsType = "btrfs";
+    neededForBoot = true;
+    options = [ "subvol=persist" "compress-force=zstd" "noatime" ];
+  };
+
+  fileSystems."/home" = {
+    device = "/dev/mapper/encrypted_root";
+    fsType = "btrfs";
+    options = [ "subvol=home" "compress-force=zstd" ];
+  };
+
+  swapDevices = [ ];
+
+  zramSwap.enable = true;
+
+}
-- 
cgit 1.4.1