main
1_: {
2 disko.devices = {
3 disk = {
4 # 512GB root/boot drive. Configured with:
5 # - A FAT32 ESP partition for systemd-boot
6 # - A LUKS container which contains an EXT4 filesystem
7 root = {
8 type = "disk";
9 device = "/dev/nvme0n1";
10 content = {
11 type = "gpt";
12 partitions = {
13 ESP = {
14 size = "1G";
15 type = "EF00";
16 content = {
17 type = "filesystem";
18 format = "vfat";
19 mountpoint = "/boot";
20 mountOptions = [ "umask=0077" ];
21 };
22 };
23 root = {
24 size = "100%";
25 content = {
26 # LUKS passphrase will be prompted interactively only
27 type = "luks";
28 name = "cryptroot";
29 askPassword = true;
30 settings = {
31 # Make sure there is no trailing newline in keyfile if used for interactive unlock.
32 # Use `echo -n "password" > /tmp/data.keyfile`
33 # keyFile = "/dev/disk/by-id/usb-_USB_DISK_2.0_070D375D84327E87-0:0";
34 # keyFileOffset = 30992883712;
35 # keyFileSize = 4096;
36 allowDiscards = true;
37 };
38 content = {
39 type = "filesystem";
40 format = "ext4";
41 mountpoint = "/";
42 mountOptions = [
43 "noatime"
44 "nodiratime"
45 "discard"
46 ];
47 };
48 };
49 };
50 };
51 };
52 };
53 };
54 };
55}