-
-
Notifications
You must be signed in to change notification settings - Fork 228
/
Copy pathzfs-encrypted-root.nix
81 lines (79 loc) · 1.96 KB
/
zfs-encrypted-root.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
{
disko.devices = {
disk = {
root = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "nofail" ];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
rootFsOptions = {
mountpoint = "none";
compression = "zstd";
acltype = "posixacl";
xattr = "sa";
"com.sun:auto-snapshot" = "true";
};
options.ashift = "12";
datasets = {
"root" = {
type = "zfs_fs";
options = {
encryption = "aes-256-gcm";
keyformat = "passphrase";
#keylocation = "file:///tmp/secret.key";
keylocation = "prompt";
};
mountpoint = "/";
};
"root/nix" = {
type = "zfs_fs";
options.mountpoint = "/nix";
mountpoint = "/nix";
};
# README MORE: https://wiki.archlinux.org/title/ZFS#Swap_volume
"root/swap" = {
type = "zfs_volume";
size = "10M";
content = {
type = "swap";
};
options = {
volblocksize = "4096";
compression = "zle";
logbias = "throughput";
sync = "always";
primarycache = "metadata";
secondarycache = "none";
"com.sun:auto-snapshot" = "false";
};
};
};
};
};
};
}