entropic/webring
1
0
Fork 0
forked from epesooj/webring
Code Pull requests Activity

Configure host to use SSH certs on the host and client side.

Browse source
This commit is contained in:
DS 2025-03-31 21:30:46 -07:00
parent a872e6f395
commit 55eb37bb47
10 changed files with 129 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

89
host_config/code_server_disk.nix Normal file
View file

@ -0,0 +1,89 @@
{ lib, ... }:
{
disko.devices = {
disk.disk1 = {
device = lib.mkDefault "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02";
priority = 1;
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
zfs = {
name = "zfs";
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
mode = "";
# May cause issues if we end up adding any pools that will be imported before boot, but at the time this was added, we only had a "zroot" pool that was always imported at boot via `boot.zfs.extraPools`, so this was fine.
options.cachefile = "none";
rootFsOptions = {
compression = "zstd";
"com.sun:auto-snapshot" = "false";
canmount = "off";
};
mountpoint = null;
postCreateHook = ''
zfs list -t snapshot -H -o name | grep -E '^zroot/root@blank$' || zfs snapshot zroot/root@blank
'';
postMountHook = ''
mkdir -p /mnt/persisted/var/lib/systemd
mkdir -p /mnt/persisted/etc/ssh
mkdir -p /mnt/persisted/secrets
mkdir -p /mnt/persisted/root
'';
datasets = {
root = {
type = "zfs_fs";
mountpoint = "/";
options.canmount = "on";
};
nix = {
type = "zfs_fs";
mountpoint = "/nix";
options.canmount = "on";
};
replicated = {
type = "zfs_fs";
mountpoint = null;
options.canmount = "off";
};
"replicated/home" = {
type = "zfs_fs";
mountpoint = "/home";
options.canmount = "on";
};
"replicated/persisted" = {
type = "zfs_fs";
mountpoint = "/persisted";
options.canmount = "on";
};
};
};
};
};
}