{ disko, modulesPath, ... }: { imports = [ disko.nixosModules.disko "${modulesPath}/profiles/qemu-guest.nix" ]; disko.devices = { disk = { main = { type = "disk"; device = "/dev/disk/by-id/ata-QEMU_DVD-ROM_QM00003"; content = { type = "gpt"; partitions = { esp = { size = "512M"; type = "ef00"; content = { type = "filesystem"; format = "vfat"; mountpoint = "/boot"; mountOptions = [ # Do not set the executable bit on files and prevent access from # non-root users. "dmask=0077" "fmask=0177" "noatime" ]; }; }; persistence-encrypted = { start = "513M"; size = "100%"; # type = "8309"; content = { type = "luks"; name = "persistence"; settings = { allowDiscards = true; }; passwordFile = "/tmp/secret.key"; content = { type = "btrfs"; subvolumes = { "/root" = { mountpoint = "/persistence"; mountOptions = [ # Do not write access times on files. This is a common # practice to reduce the number of unnecessary writes # since we don't need access times or use any program that # needs them. "noatime" ]; }; "/swap" = { mountpoint = "/.swap"; swap.swapfile.size = "8G"; }; }; }; }; }; }; }; }; }; nodev."/" = { fsType = "tmpfs"; mountOptions = [ "defaults" "size=25%" "mode=755" "noatime" ]; }; }; # Regularly correct bit rot. # Well it should correct if i had some kind of raid system # services.btrfs.autoScrub.enable = true; }