diff --git a/flake.lock b/flake.lock index 2b0310c..480ac3f 100644 --- a/flake.lock +++ b/flake.lock @@ -21,6 +21,26 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1719582740, + "narHash": "sha256-s4WsLu2L8EzF5Hg2TkelFLVhKGL108AySnlw8voPe5U=", + "owner": "nix-community", + "repo": "disko", + "rev": "115311bc395f24c1b553338fec4b3aa28cbf5ae2", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -138,11 +158,11 @@ ] }, "locked": { - "lastModified": 1719438532, - "narHash": "sha256-/Vmso2ZMoFE3M7d1MRsQ2K5sR8CVKnrM6t1ys9Xjpz4=", + "lastModified": 1719588253, + "narHash": "sha256-A03i8xiVgP14DCmV5P7VUv37eodCjY4e1iai0b2EuuM=", "owner": "nix-community", "repo": "home-manager", - "rev": "1a4f12ae0bda877ec4099b429cf439aad897d7e9", + "rev": "7e68e55d2e16d3a1e92a679430728c35a30fd24e", "type": "github" }, "original": { @@ -339,6 +359,7 @@ }, "root": { "inputs": { + "disko": "disko", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "lix-module": "lix-module", diff --git a/flake.nix b/flake.nix index e2995cb..245f373 100644 --- a/flake.nix +++ b/flake.nix @@ -38,12 +38,17 @@ flake = false; }; - # TODO: Add Disko - https://github.com/nix-community/disko + # Disko support https://github.com/nix-community/disko + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = inputs@{ self, + disko, home-manager, lanzaboote, lix-module, @@ -65,6 +70,7 @@ defaultModules = [ ./modules/autoimport.nix (import nix-secrets) + disko.nixosModules.disko lix-module.nixosModules.default lanzaboote.nixosModules.lanzaboote nix-flatpak.nixosModules.nix-flatpak diff --git a/hosts/Shura/disko.nix b/hosts/Shura/disko.nix new file mode 100644 index 0000000..3f8b844 --- /dev/null +++ b/hosts/Shura/disko.nix @@ -0,0 +1,104 @@ +{ lib, config, ... }: +let + cfg = config.disko; + + standardMountOpts = [ + "compress=zstd" + "noatime" + ]; +in +{ + options = { + disko = { + enable = lib.mkEnableOption (lib.mdDoc "Enables Disko for disk & partition management."); + primaryDisk = lib.mkOption { + type = lib.types.attrs; + description = "The disk to format using Disko."; + default = { + name = "nvme0n1"; + id = ""; + }; + }; + enableTPM = lib.mkOption { + type = lib.types.bool; + description = "Enables TPM2 support."; + default = true; + }; + swapFile = { + enable = lib.mkEnableOption (lib.mdDoc "Enables the creation of swap files."); + size = lib.mkOption { + type = lib.types.str; + description = "The size of the swap file to create (defaults to 8G, or 8 gigabytes)."; + default = "8G"; + }; + }; + }; + }; + + config = lib.mkIf cfg.enable { + # Disk management + disko.enableConfig = false; + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/disk/by-id/${cfg.primaryDisk.id}"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + label = "boot"; + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + luks = { + size = "100%"; + label = "nixos"; + content = { + type = "luks"; + name = "cryptroot"; + settings = { + allowDiscards = true; + crypttabExtraOpts = lib.mkIf cfg.enableTPM [ "tpm2-device=auto" ]; + }; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; # Override existing partitions. + # Unless otherwise specified, the subvolume name equals the mount name. + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = standardMountOpts; + }; + "/home" = { + mountOptions = standardMountOpts; + }; + "/nix" = { + mountOptions = standardMountOpts; + }; + "/swap" = lib.mkIf cfg.swapFile.enable { + mountpoint = "/.swap"; + swap.swapfile.size = cfg.swapFile.size; + }; + "/log" = { + mountpoint = "/var/log"; + mountOptions = standardMountOpts; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +}