refactor: replace all unserscore(_) with hyphen(-)

2026-04-29 04:07:02 +02:00 · 2024-03-10 20:17:56 +08:00
parent ebf9a48677
commit f43f5b14d5
5 changed files with 3 additions and 3 deletions
--- a/hosts/k8s/disko-config/kubevirt-disko-fs.nix
+++ b/hosts/k8s/disko-config/kubevirt-disko-fs.nix
@@ -0,0 +1,105 @@
+{
+  # contains the k3s's token
+  fileSystems."/run/media/nixos_k3s" = {
+    device = "/dev/disk/by-label/NIXOS_K3S";
+    fsType = "vfat";
+    mountOptions = [
+      "ro"
+    ];
+  };
+
+  disko.devices = {
+    disk = {
+      sda = {
+        type = "disk";
+        device = "/dev/nvme0n1";
+        content = {
+          type = "gpt";
+          partitions = {
+            # The EFI & Boot partition
+            ESP = {
+              size = "630M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot/efi";
+                mountOptions = [
+                  "defaults"
+                ];
+              };
+            };
+            # The root partition
+            luks = {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "crypted";
+                settings = {
+                  keyFile = "/dev/disk/by-label/NIXOS_DSC"; # The keyfile is stored on a USB stick
+                  keyFileSize = 8192 * 4; # The maxium size of the keyfile is 8192 bytes
+                  keyFileOffset = 0;
+                  fallbackToPassword = true;
+                  allowDiscards = true;
+                };
+                # Whether to add a boot.initrd.luks.devices entry for the specified disk.
+                initrdUnlock = true;
+
+                # encrypt the root partition with luks2 and argon2id, will prompt for a passphrase, which will be used to unlock the partition.
+                # cryptsetup luksFormat
+                extraFormatArgs = [
+                  "--type luks2"
+                  "--cipher aes-xts-plain64"
+                  "--hash sha512"
+                  "--iter-time 5000"
+                  "--key-size 256"
+                  "--pbkdf argon2id"
+                  # use true random data from /dev/random, will block until enough entropy is available
+                  "--use-random"
+                ];
+                extraOpenArgs = [
+                  "--timeout 10"
+                ];
+                content = {
+                  type = "btrfs";
+                  extraArgs = ["-f"];
+                  subvolumes = {
+                    "@root" = {
+                      mountpoint = "/";
+                      mountOptions = ["compress-force=zstd:1" "noatime"];
+                    };
+                    "@home" = {
+                      mountpoint = "/home";
+                      mountOptions = ["compress-force=zstd:1"];
+                    };
+                    "@lib" = {
+                      mountpoint = "/var/lib";
+                      mountOptions = ["compress-force=zstd:1"];
+                    };
+
+                    "@nix" = {
+                      mountpoint = "/nix";
+                      mountOptions = ["compress-force=zstd:1" "noatime"];
+                    };
+                    "@tmp" = {
+                      mountpoint = "/tmp";
+                      mountOptions = ["compress-force=zstd:1" "noatime"];
+                    };
+                    "@snapshots" = {
+                      mountpoint = "/snapshots";
+                      mountOptions = ["compress-force=zstd:1" "noatime"];
+                    };
+                    "@swap" = {
+                      mountpoint = "/swap";
+                      swap.swapfile.size = "8192M";
+                    };
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}