# Nomarchy Golden Path Disk Configuration # # BTRFS + LUKS2 encryption with subvolumes optimized for: # - Compression (zstd) # - SSD optimization (noatime) # - Impermanence support (root-blank snapshot) # - Separate subvolumes for home, nix store, logs # # Replace @TARGET_DRIVE@ with the target device (e.g., /dev/nvme0n1) { disko.devices = { disk = { main = { type = "disk"; device = "@TARGET_DRIVE@"; content = { type = "gpt"; partitions = { # EFI System Partition ESP = { priority = 1; name = "ESP"; start = "1M"; end = "512M"; type = "EF00"; content = { type = "filesystem"; format = "vfat"; mountpoint = "/boot"; mountOptions = [ "umask=0077" ]; }; }; # LUKS-encrypted root partition luks = { size = "100%"; content = { type = "luks"; name = "crypted"; # Password will be provided via /tmp/secret.key settings = { allowDiscards = true; # Enable TRIM for SSDs passwordFile = "/tmp/secret.key"; }; content = { type = "btrfs"; extraArgs = [ "-f" ]; # Force creation subvolumes = { # Root filesystem "@" = { mountpoint = "/"; mountOptions = [ "compress=zstd" "noatime" ]; }; # Persistent storage (for impermanence) "@persist" = { mountpoint = "/persist"; mountOptions = [ "compress=zstd" "noatime" ]; }; # User home directories "@home" = { mountpoint = "/home"; mountOptions = [ "compress=zstd" "noatime" ]; }; # Nix store (separate for better deduplication) "@nix" = { mountpoint = "/nix"; mountOptions = [ "compress=zstd" "noatime" ]; }; # System logs "@log" = { mountpoint = "/var/log"; mountOptions = [ "compress=zstd" "noatime" ]; }; }; # Create a read-only snapshot of root for impermanence rollback postCreateHook = '' MNTPOINT=$(mktemp -d) mount -t btrfs /dev/mapper/crypted $MNTPOINT btrfs subvolume snapshot -r $MNTPOINT/@ $MNTPOINT/root-blank umount $MNTPOINT ''; }; }; }; }; }; }; }; }; }