{ config, lib, pkgs, ... }: lib.mkIf (!config.me.buildingIso) { disko.devices = { disk = { main = { type = "disk"; device = "/dev/nvme0n1"; content = { type = "gpt"; partitions = { ESP = { size = "1G"; type = "EF00"; content = { type = "filesystem"; format = "vfat"; mountpoint = "/boot"; mountOptions = [ "umask=0077" "noatime" "discard" ]; }; }; zfs = { size = "100%"; content = { type = "zfs"; pool = "zroot"; }; }; }; }; }; }; zpool = { zroot = { type = "zpool"; # mode = "mirror"; # Workaround: cannot import 'zroot': I/O error in disko tests options.cachefile = "none"; options = { ashift = "12"; compatibility = "openzfs-2.2-freebsd"; autotrim = "on"; }; rootFsOptions = { acltype = "posixacl"; atime = "off"; relatime = "off"; xattr = "sa"; mountpoint = "none"; compression = "lz4"; canmount = "off"; utf8only = "on"; dnodesize = "auto"; normalization = "formD"; }; datasets = { "linux/nix" = { type = "zfs_fs"; options.mountpoint = "none"; options = { encryption = "aes-256-gcm"; keyformat = "passphrase"; # keylocation = "file:///tmp/secret.key"; }; }; "linux/nix/root" = { type = "zfs_fs"; options.mountpoint = "legacy"; mountpoint = "/"; postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank"; }; "linux/nix/nix" = { type = "zfs_fs"; options.mountpoint = "legacy"; mountpoint = "/nix"; postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank"; options = { recordsize = "16MiB"; compression = "zstd-19"; }; }; "linux/nix/home" = { type = "zfs_fs"; options.mountpoint = "legacy"; mountpoint = "/home"; postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank"; }; "linux/nix/persist" = { type = "zfs_fs"; options.mountpoint = "legacy"; mountpoint = "/persist"; postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank"; }; "linux/nix/state" = { type = "zfs_fs"; options.mountpoint = "legacy"; mountpoint = "/state"; postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank"; }; }; }; }; }; # Make sure all persistent volumes are marked as neededForBoot # # Also mounts /home so it is mounted before the user home directories are created. fileSystems."/persist".neededForBoot = true; fileSystems."/state".neededForBoot = true; fileSystems."/home".neededForBoot = true; fileSystems."/".options = [ "noatime" "norelatime" ]; fileSystems."/nix".options = [ "noatime" "norelatime" ]; fileSystems."/persist".options = [ "noatime" "norelatime" ]; fileSystems."/state".options = [ "noatime" "norelatime" ]; fileSystems."/home".options = [ "noatime" "norelatime" ]; # Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used. boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ]; }