support unencrypted disk provisioning

2020-12-31 02:12:29 +01:00 · 2020-12-31 02:12:29 +01:00 · 2a2715d447
commit 2a2715d447
parent 2a5495f9bb
11 changed files with 69 additions and 39 deletions
--- a/nix/os/modules/opinionatedDisk.nix
+++ b/nix/os/modules/opinionatedDisk.nix
@ -0,0 +1,62 @@
+{ lib
+, config
+, ... }:
+with lib;                     
+
+let
+  cfg = config.hardware.opinionatedDisk;
+  ownLib = import ../lib/default.nix { };
+in {
+  options.hardware.opinionatedDisk = {
+    enable = mkEnableOption "Enable opinionated filesystem layout";
+    diskId = mkOption {
+      type = types.str;
+    };
+    encrypted = mkOption {
+      default = true;
+      type = types.bool;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    fileSystems."/boot" = {
+      device = (ownLib.disk.bootFsDevice cfg.diskId);
+      fsType = "vfat";
+    };
+
+    fileSystems."/" = {
+      device = (ownLib.disk.rootFsDevice cfg.diskId);
+      fsType = "btrfs";
+      options = [ "subvol=nixos" ];
+    };
+
+    fileSystems."/home" = {
+      device = (ownLib.disk.rootFsDevice cfg.diskId);
+      fsType = "btrfs";
+      options = [ "subvol=home" ];
+    };
+
+    swapDevices = [ { device = (ownLib.disk.swapFsDevice cfg.diskId); } ];
+
+    boot.loader.grub = {
+      device = (ownLib.disk.bootGrubDevice cfg.diskId);
+      enableCryptodisk = cfg.encrypted;
+    };
+
+    boot.initrd.luks.devices = lib.optionalAttrs cfg.encrypted (builtins.listToAttrs [
+      {
+        name =
+          let
+            splitstring = builtins.split "/" (ownLib.disk.bootLuksDevice cfg.diskId);
+            lastelem = (builtins.length splitstring)-1;
+          in
+            builtins.elemAt splitstring lastelem;
+        value = {
+          device = (ownLib.disk.bootLuksDevice cfg.diskId);
+          preLVM = true;
+          allowDiscards = true;
+        };
+      }
+    ]);
+  };
+}