2026-05-03 14:09:35 -04:00
|
|
|
{
|
|
|
|
|
disko.devices = {
|
|
|
|
|
disk = {
|
|
|
|
|
# SD card — change device to /dev/sda if booting from USB instead
|
|
|
|
|
main = {
|
|
|
|
|
type = "disk";
|
|
|
|
|
device = "/dev/mmcblk0";
|
|
|
|
|
content = {
|
2026-05-03 17:33:56 -04:00
|
|
|
type = "gpt";
|
|
|
|
|
partitions = {
|
|
|
|
|
# Raspberry Pi firmware partition — must be vfat and first
|
|
|
|
|
firmware = {
|
|
|
|
|
size = "256MiB";
|
|
|
|
|
type = "EF00";
|
|
|
|
|
priority = 1;
|
2026-05-03 14:09:35 -04:00
|
|
|
content = {
|
|
|
|
|
type = "filesystem";
|
|
|
|
|
format = "vfat";
|
|
|
|
|
mountpoint = "/boot/firmware";
|
|
|
|
|
mountOptions = [
|
|
|
|
|
"fmask=0077"
|
|
|
|
|
"dmask=0077"
|
|
|
|
|
];
|
|
|
|
|
};
|
2026-05-03 17:33:56 -04:00
|
|
|
};
|
|
|
|
|
# NixOS boot partition — holds kernels/initrds for each generation
|
|
|
|
|
boot = {
|
|
|
|
|
size = "1GiB";
|
|
|
|
|
priority = 2;
|
2026-05-03 14:09:35 -04:00
|
|
|
content = {
|
|
|
|
|
type = "filesystem";
|
|
|
|
|
format = "ext4";
|
2026-05-03 17:33:56 -04:00
|
|
|
mountpoint = "/boot";
|
2026-05-03 14:09:35 -04:00
|
|
|
};
|
2026-05-03 17:33:56 -04:00
|
|
|
};
|
|
|
|
|
# Root filesystem — LUKS-encrypted, unlocked via TPM 2.0 HAT
|
|
|
|
|
root = {
|
|
|
|
|
size = "100%";
|
|
|
|
|
priority = 3;
|
|
|
|
|
content = {
|
|
|
|
|
type = "luks";
|
|
|
|
|
name = "cryptroot";
|
|
|
|
|
settings.allowDiscards = true;
|
|
|
|
|
content = {
|
|
|
|
|
type = "filesystem";
|
|
|
|
|
format = "ext4";
|
|
|
|
|
mountpoint = "/";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2026-05-03 14:09:35 -04:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
