
Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

190 lines
5.7 KiB
Raw Permalink Normal View History

2023-05-08 23:33:12 +02:00
{ config, lib, ... }:
2023-04-29 23:03:39 +02:00
2023-05-08 23:33:12 +02:00
cfg = config.disko.disks;
2023-05-08 23:33:12 +02:00
2023-04-29 23:03:39 +02:00
2023-05-19 01:57:15 +02:00
options.disko.disks = lib.mkOption {
description = lib.mdDoc "Disk names to format.";
type = with lib.types; listOf (submodule (_: {
2023-05-19 01:57:15 +02:00
options = {
device = lib.mkOption {
type = lib.types.str;
default = null;
example = "/dev/sda";
description = "Path of the disk.";
2023-04-29 23:03:39 +02:00
2023-05-19 01:57:15 +02:00
name = lib.mkOption {
type = lib.types.str;
default = null;
example = "ssd0";
description = "Name of the disk.";
2023-04-29 23:03:39 +02:00
partitionTableFormat = lib.mkOption {
type = lib.types.enum [ "gpt" "msdos" ];
default = "gpt";
description = "Which parition table format to use.";
2023-05-19 01:57:15 +02:00
withBoot = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Wether to include a boot partition.";
2023-04-29 23:03:39 +02:00
2023-05-19 01:57:15 +02:00
withCeph = lib.mkOption {
type = lib.types.bool;
default = false;
2023-05-19 01:57:15 +02:00
description = "Wether to include a ceph partition.";
2023-04-29 23:03:39 +02:00
2023-05-19 01:57:15 +02:00
withLuks = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Wether to encrypt the paritions.";
withZfs = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Wether to include a zfs parition.";
default = [ ];
2023-04-29 23:03:39 +02:00
2023-05-08 23:33:12 +02:00
config = {
assertions = lib.mkIf (cfg != [ ]) (lib.head (map
2023-05-19 01:57:15 +02:00
(disk: [
assertion = disk.withCeph || disk.withZfs;
message = "Must enable ceph or zfs!";
assertion = disk.withCeph -> disk.withLuks;
message = "Ceph requires Luks!";
2023-05-08 23:33:12 +02:00
disko = {
devices = lib.mkIf (cfg != [ ]) (lib.head (map
diskName = if != "" then "-${}" else "";
luksName = "crypt-${config.networking.hostName}${diskName}";
zfs = {
size = "100%FREE";
content = {
pool = zfsName;
type = "zfs";
zfsName = "${config.networking.hostName}${diskName}";
disk.${disk.device} = {
inherit (disk) device;
type = "disk";
content = {
type = "table";
format = disk.partitionTableFormat;
partitions = lib.optional disk.withZfs {
name = "ESP";
start = "1MiB";
end = "512MiB";
bootable = true;
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
} ++ [
name = "root";
start = if disk.withZfs then "512MiB" else "1MiB";
end = "100%";
part-type = "primary";
content = lib.optionalAttrs disk.withLuks {
type = "luks";
name = luksName;
askPassword = true;
inherit (zfs) content;
} // lib.optionalAttrs (!disk.withLuks) zfs.content;
2023-05-10 20:34:18 +02:00
} // {
zpool.${zfsName} = {
type = "zpool";
# -O
rootFsOptions = {
acltype = "posixacl";
compression = "zstd";
dnodesize = "auto";
normalization = "formD";
xattr = "sa";
# -o
options = {
ashift = "12";
autotrim = "on";
datasets =
dataset = mountpoint: {
inherit mountpoint;
options = {
canmount = "on";
inherit mountpoint;
type = "zfs_fs";
2023-05-10 20:34:18 +02:00
datasetNoMount = {
mountpoint = null;
options = {
canmount = "off";
mountpoint = "none";
type = "zfs_fs";
2023-05-10 20:34:18 +02:00
"root" = dataset "/";
"data" = datasetNoMount;
# used by services.postgresqlBackup and later by restic
"data/backup" = dataset "/var/backup";
"data/etc" = dataset "/etc";
"data/lib" = dataset "/var/lib";
"home" = dataset "/home";
"nix" = lib.recursiveUpdate (dataset "/nix") {
options.atime = "off";
"nix/store" = dataset "/nix/store";
"nix/var" = dataset "/nix/var";
# zfs uses copy on write and requires some free space to delete files when the disk is completely filled
"reserved" = lib.recursiveUpdate (dataset "reserved") {
mountpoint = null;
options = {
canmount = "off";
mountpoint = "none";
reservation = "5GiB";
type = "zfs_fs";
2023-05-10 20:34:18 +02:00
2023-05-08 23:33:12 +02:00
# we do not want changes to this module render machines unbootable
enableConfig = false;
2023-05-08 23:33:12 +02:00
2023-04-29 23:03:39 +02:00