rename nodes and add runner for gitea instance
This commit is contained in:
shobu
136
hosts/sin/luks-btrfs-raid.nix
Normal file
136
hosts/sin/luks-btrfs-raid.nix
Normal file
@@ -0,0 +1,136 @@
|
||||
{...}: {
|
||||
disko.devices = {
|
||||
disk = {
|
||||
# Devices will be mounted and formatted in alphabetical order, and btrfs can only mount raids
|
||||
# when all devices are present. So we define an "empty" luks device on the first disk,
|
||||
# and the actual btrfs raid on the second disk, and the name of these entries matters!
|
||||
system = {
|
||||
type = "disk";
|
||||
device = "/dev/mmcblk0";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
boot = {
|
||||
name = "boot";
|
||||
size = "1M";
|
||||
type = "EF02";
|
||||
};
|
||||
ESP = {
|
||||
size = "512M";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
mountOptions = [ "umask=0077" ];
|
||||
};
|
||||
};
|
||||
crypt_root = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "luks";
|
||||
name = "p_root";
|
||||
settings = {
|
||||
allowDiscards = true;
|
||||
keyFile = "/dev/disk/by-uuid/2021-07-11-12-33-27-00";
|
||||
keyFileSize = 4096;
|
||||
};
|
||||
content = {
|
||||
type = "btrfs";
|
||||
subvolumes = {
|
||||
"/root" = {
|
||||
mountpoint = "/";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
data1 = {
|
||||
type = "disk";
|
||||
device = "/dev/sda";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
crypt_p1 = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "luks";
|
||||
name = "p_data1"; # device-mapper name when decrypted
|
||||
# Remove settings.keyFile if you want to use interactive password entry
|
||||
settings = {
|
||||
allowDiscards = true;
|
||||
keyFile = "/dev/disk/by-uuid/2021-07-11-12-33-27-00";
|
||||
keyFileSize = 4096;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
data2 = {
|
||||
type = "disk";
|
||||
device = "/dev/sdb";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
crypt_p2 = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "luks";
|
||||
name = "p_data2";
|
||||
# Remove settings.keyFile if you want to use interactive password entry
|
||||
settings = {
|
||||
allowDiscards = true;
|
||||
keyFile = "/dev/disk/by-uuid/2021-07-11-12-33-27-00"; # Same key for both devices
|
||||
keyFileSize = 4096;
|
||||
};
|
||||
content = {
|
||||
type = "btrfs";
|
||||
extraArgs = [
|
||||
"-d raid0"
|
||||
"/dev/mapper/p_data1" # Use decrypted mapped device, same name as defined in disk1
|
||||
];
|
||||
subvolumes = {
|
||||
"/" = {
|
||||
mountpoint = "/mnt/fs";
|
||||
mountOptions = [ "compress=zstd:3" ];
|
||||
};
|
||||
"/nix" = {
|
||||
mountpoint = "/nix";
|
||||
mountOptions = [ "compress=zstd:3" ];
|
||||
};
|
||||
|
||||
"/data" = {
|
||||
mountpoint = "/mnt/data";
|
||||
mountOptions = [ "compress=zstd:3" ];
|
||||
};
|
||||
"/mediacenter" = {
|
||||
mountpoint = "/mnt/mediacenter";
|
||||
mountOptions = [ "compress=zstd:3" ];
|
||||
};
|
||||
"/backups" = {
|
||||
mountpoint = "/mnt/backups";
|
||||
mountOptions = [ "compress=zstd:6" ];
|
||||
};
|
||||
"/jellyfin" = {
|
||||
mountpoint = "/mnt/jellyfin";
|
||||
mountOptions = [ ];
|
||||
};
|
||||
"/containers" = {
|
||||
mountpoint = "/var/lib/containers";
|
||||
mountOptions = [ ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
Reference in New Issue
Block a user