# Nomarchy Golden-Path Disk Configuration # # Single source of truth for the installer's disko layout. The single-disk # and multi-disk paths differ only in (a) whether `extraDrives` is empty and # (b) the BTRFS profile (multi adds `-d single -m raid1` plus the additional # /dev/mapper/* devices). Pass arguments via: # # disko --argstr mainDrive /dev/nvme0n1 \ # --arg extraDrives '[]' \ # disko-config.nix # # disko --argstr mainDrive /dev/nvme0n1 \ # --arg extraDrives '[ "/dev/sdb" "/dev/sdc" ]' \ # disko-config.nix # # Replaces the previous sed-templated disko-golden.nix + disko-btrfs-multi.nix # pair. Templating Nix via shell-escaped string substitution proved fragile # (commit 3aadc36 fixed one escaping bug; another was waiting to happen) — # function arguments are the right shape. { mainDrive , extraDrives ? [] , ... }: let hasExtras = extraDrives != []; # Sanitize a device path into something usable as both a disko attr name # and a /dev/mapper/ name. /dev/sdb -> dev_sdb, /dev/nvme0n2 -> dev_nvme0n2. sanitize = path: builtins.replaceStrings [ "/" "-" ] [ "_" "_" ] path; extraName = drive: "extra_" + sanitize drive; extraLuks = drive: "crypted_" + sanitize drive; mkExtraDisk = drive: { name = extraName drive; value = { type = "disk"; device = drive; content = { type = "gpt"; partitions.luks = { size = "100%"; content = { type = "luks"; name = extraLuks drive; passwordFile = "/tmp/nomarchy-luks.key"; settings.allowDiscards = true; content.type = "btrfs"; }; }; }; }; }; # BTRFS extraArgs: # - single: just `-f` (force) — no need to enumerate devices, the FS is # created on the one /dev/mapper/crypted device disko emits. # - multi: `-f -d single -m raid1 ` — data striped # across devices for capacity, metadata mirrored for safety. btrfsExtraArgs = if hasExtras then [ "-f" "-d" "single" "-m" "raid1" ] ++ map (d: "/dev/mapper/" + extraLuks d) extraDrives else [ "-f" ]; # The main LUKS mapping name varies between layouts so the postCreateHook # (which mounts the freshly created BTRFS to take the impermanence-rollback # snapshot) targets the right /dev/mapper entry. mainLuksName = if hasExtras then "crypted_main" else "crypted"; # Multi-device BTRFS on LUKS requires that we explicitly tell systemd-initrd # to wait for ALL LUKS devices to be decrypted before attempting to mount # the filesystem, otherwise it might try to mount as soon as the first one # appears and then hang or fail. allLuksNames = [ mainLuksName ] ++ map extraLuks extraDrives; btrfsMountOptions = [ "compress=zstd" "noatime" "x-systemd.device-timeout=0" ] ++ map (n: "x-systemd.requires=/dev/mapper/" + n) allLuksNames; rootBtrfs = { type = "btrfs"; extraArgs = btrfsExtraArgs; subvolumes = { "@" = { mountpoint = "/"; mountOptions = btrfsMountOptions; }; "@persist" = { mountpoint = "/persist"; mountOptions = btrfsMountOptions; }; "@home" = { mountpoint = "/home"; mountOptions = btrfsMountOptions; }; "@nix" = { mountpoint = "/nix"; mountOptions = btrfsMountOptions; }; "@log" = { mountpoint = "/var/log"; mountOptions = btrfsMountOptions; }; "@snapshots" = { mountpoint = "/.snapshots"; mountOptions = btrfsMountOptions; }; }; postCreateHook = '' MNTPOINT=$(mktemp -d) mount -t btrfs /dev/mapper/${mainLuksName} $MNTPOINT btrfs subvolume snapshot -r $MNTPOINT/@ $MNTPOINT/root-blank umount $MNTPOINT ''; }; in { disko.devices.disk = { main = { type = "disk"; device = mainDrive; content = { type = "gpt"; partitions = { # 1 GiB ESP — fits several kernel generations + initrd + Plymouth. ESP = { priority = 1; name = "ESP"; start = "1M"; end = "1G"; type = "EF00"; content = { type = "filesystem"; format = "vfat"; mountpoint = "/boot"; mountOptions = [ "umask=0077" ]; }; }; luks = { size = "100%"; content = { type = "luks"; name = mainLuksName; passwordFile = "/tmp/nomarchy-luks.key"; settings.allowDiscards = true; content = rootBtrfs; }; }; }; }; }; } // builtins.listToAttrs (map mkExtraDisk extraDrives); }