diff --git a/.gitignore b/.gitignore index e43b0f9..0731c5a 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .DS_Store +rke2-token diff --git a/flake.nix b/flake.nix index 9febd0d..8a308c5 100644 --- a/flake.nix +++ b/flake.nix @@ -6,100 +6,82 @@ disko.url = "github:nix-community/disko"; }; - outputs = { self, nixpkgs, disko }: { - nixosConfigurations.lin-va-llama1 = nixpkgs.lib.nixosSystem { - # LLaMA C++ Server - system = "x86_64-linux"; - modules = [ - disko.nixosModules.disko - ./hosts/llama-server.nix - { - networking.hostName = "lin-va-llama1"; - disko.devices.disk.main.device = "/dev/sda"; - k8s.diskPoolID = "/dev/disk/by-id/unknown"; - } - ]; - }; - - # K3s Server - nixosConfigurations.lin-va-k3s1 = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - disko.nixosModules.disko - ./hosts/k3s.nix - { - networking.hostName = "lin-va-k3s1"; - disko.devices.disk.main.device = "/dev/sda"; - } - ]; - }; - - # RKE2 Primary Server - nixosConfigurations.lin-va-rke1 = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - disko.nixosModules.disko - ./hosts/rke2.nix - { - networking.hostName = "lin-va-rke1"; - - # Partitions - disko.devices.disk.main.device = "/dev/disk/by-id/ata-VBOX_HARDDISK_VB0af7d668-04b70404"; - k8s.diskPoolID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBcd9425b8-d666f9b8"; - } - ]; - }; - - # RKE2 Second Server - nixosConfigurations.lin-va-rke2 = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - disko.nixosModules.disko - ./hosts/rke2.nix - { - networking.hostName = "lin-va-rke2"; - - # Partitions - disko.devices.disk.main.device = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBf55aaccc-688cfd0d"; - k8s.diskPoolID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBfd391256-6e368424"; - - # Set RKE2 Join - services.rke2.serverAddr = "https://10.0.20.147:9345"; - services.rke2.tokenFile = "/etc/rancher/rke2/node-token"; - environment.etc."rancher/rke2/node-token" = { - source = ./k8s/rke2-token; - mode = "0600"; - user = "root"; - group = "root"; + outputs = { self, nixpkgs, disko }: + let + mkSystem = { systemConfig, moduleConfig }: nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + disko.nixosModules.disko + ./lib/disk-config.nix + ./lib/common-system.nix + systemConfig + ({ ... }: moduleConfig) + ]; + }; + in + { + nixosConfigurations = { + # LLaMA C++ Server + lin-va-llama1 = mkSystem { + systemConfig = ./hosts/llama-server.nix; + moduleConfig = { + hostName = "lin-va-llama1"; + mainDiskID = "/dev/sda"; }; - } - ]; - }; + }; - # RKE2 Third Server - nixosConfigurations.lin-va-rke3 = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - disko.nixosModules.disko - ./hosts/rke2.nix - { - networking.hostName = "lin-va-rke3"; + # RKE2 Primary Server + lin-va-rke1 = mkSystem { + systemConfig = ./hosts/rke2.nix; + moduleConfig = { + hostName = "lin-va-rke1"; + mainDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VB0af7d668-04b70404"; + dataDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBcd9425b8-d666f9b8"; - # Partitions - disko.devices.disk.main.device = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBe9edacd5-ac4ed4fa"; - k8s.diskPoolID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBa1fc46d0-19380495"; - - # Set RKE2 Join - services.rke2.serverAddr = "https://10.0.20.147:9345"; - services.rke2.tokenFile = "/etc/rancher/rke2/node-token"; - environment.etc."rancher/rke2/node-token" = { - source = ./k8s/rke2-token; - mode = "0600"; - user = "root"; - group = "root"; + networkConfig = { + interface = "enp0s3"; + address = "10.0.20.201"; + defaultGateway = "10.0.20.254"; + nameservers = [ "10.0.20.254" ]; + }; }; - } - ]; + }; + + # RKE2 Second Server + lin-va-rke2 = mkSystem { + systemConfig = ./hosts/rke2.nix; + moduleConfig = { + hostName = "lin-va-rke2"; + mainDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBf55aaccc-688cfd0d"; + dataDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBfd391256-6e368424"; + serverAddr = "https://10.0.20.201:9345"; + + networkConfig = { + interface = "enp0s3"; + address = "10.0.20.202"; + defaultGateway = "10.0.20.254"; + nameservers = [ "10.0.20.254" ]; + }; + }; + }; + + # RKE2 Third Server + lin-va-rke3 = mkSystem { + systemConfig = ./hosts/rke2.nix; + moduleConfig = { + hostName = "lin-va-rke3"; + mainDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBe9edacd5-ac4ed4fa"; + dataDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBa1fc46d0-19380495"; + serverAddr = "https://10.0.20.201:9345"; + + networkConfig = { + interface = "enp0s3"; + address = "10.0.20.203"; + defaultGateway = "10.0.20.254"; + nameservers = [ "10.0.20.254" ]; + }; + }; + }; + }; }; - }; } diff --git a/hosts/k3s.nix b/hosts/k3s.nix deleted file mode 100644 index 8e00a5e..0000000 --- a/hosts/k3s.nix +++ /dev/null @@ -1,123 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - ../k8s - ]; - k8s.manifestsDir = "/var/lib/rancher/k3s/server/manifests"; - - # Enable Flakes - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - - # System Configuration - boot.kernelModules = [ "nvme_tcp" ]; # OpenEBS Mayastor Requirement - boot.kernel.sysctl = { - "vm.nr_hugepages" = 1024; - }; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.efi.efiSysMountPoint = "/boot"; - - # Disk Configuration - disko.devices = { - disk = { - main = { - type = "disk"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "512M"; - type = "EF00"; # EFI - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; - - - # Network Configuration - networking = { - networkmanager.enable = true; - firewall = { - enable = true; - - # Single Node Required Ports - allowedTCPPorts = [ 6443 ]; - - # Multi Node Required Ports - # allowedTCPPorts = [ 6443 2379 2380 10250 ]; - # allowedUDPPorts = [ 8472 ]; - }; - }; - - # Enable K3s - services.k3s = { - enable = true; - role = "server"; - extraFlags = toString [ - "--disable=traefik" # Should we enable? - "--disable=servicelb" - ]; - }; - - # Enable SSH Server - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; # Disable Password Login - PermitRootLogin = "prohibit-password"; # Disable Password Login - }; - }; - - # User Configuration - users.users.root = { - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA8P84lWL/p13ZBFNwITm/dLWWL8s9pVmdOImM5gaJAiTLY+DheUvG6YsveB2/5STseiJ34g7Na9TW1mtTLL8zDqPvj3NbprQiYlLJKMbCk6dtfdD4nLMHl8B48e1h699XiZDp2/c+jJb0MkLOFrps+FbPqt7pFt1Pj29tFy8BCg0LGndu6KO+HqYS+aM5tp5hZESo1RReiJ8aHsu5X7wW46brN4gfyyu+8X4etSZAB9raWqlln9NKK7G6as6X+uPypvSjYGSTC8TSePV1iTPwOxPk2+1xBsK7EBLg3jNrrYaiXLnZvBOOhm11JmHzqEJ6386FfQO+0r4iDVxmvi+ojw== rsa-key-20141114" - ]; - hashedPassword = null; # Disable Password Login - }; - - # System Packages - environment.systemPackages = with pkgs; [ - k9s - kubectl - kubernetes-helm - nfs-utils - vim - ]; - - # Enable Container Features - virtualisation = { - docker.enable = false; - containerd = { - enable = true; - settings = { - version = 2; - plugins."io.containerd.grpc.v1.cri" = { - containerd.runtimes.runc = { - runtime_type = "io.containerd.runc.v2"; - }; - }; - }; - }; - }; - - # System State Version - system.stateVersion = "24.11"; -} diff --git a/hosts/llama-server.nix b/hosts/llama-server.nix index 7342412..0a2210b 100644 --- a/hosts/llama-server.nix +++ b/hosts/llama-server.nix @@ -25,14 +25,6 @@ let in { - # Enable Flakes - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - - # System Configuration - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.efi.efiSysMountPoint = "/boot"; - # Allow Nvidia & CUDA nixpkgs.config.allowUnfree = true; @@ -55,39 +47,6 @@ in nvidiaSettings = true; }; - # Disk Configuration - disko.devices = { - disk = { - main = { - type = "disk"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "512M"; - type = "EF00"; # EFI - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; - - # Network Configuration networking.networkmanager.enable = true; @@ -155,23 +114,6 @@ in ]; }; - # Enable SSH Server - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; # Disable Password Login - PermitRootLogin = "prohibit-password"; # Disable Password Login - }; - }; - - # User Configuration - users.users.root = { - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA8P84lWL/p13ZBFNwITm/dLWWL8s9pVmdOImM5gaJAiTLY+DheUvG6YsveB2/5STseiJ34g7Na9TW1mtTLL8zDqPvj3NbprQiYlLJKMbCk6dtfdD4nLMHl8B48e1h699XiZDp2/c+jJb0MkLOFrps+FbPqt7pFt1Pj29tFy8BCg0LGndu6KO+HqYS+aM5tp5hZESo1RReiJ8aHsu5X7wW46brN4gfyyu+8X4etSZAB9raWqlln9NKK7G6as6X+uPypvSjYGSTC8TSePV1iTPwOxPk2+1xBsK7EBLg3jNrrYaiXLnZvBOOhm11JmHzqEJ6386FfQO+0r4iDVxmvi+ojw== rsa-key-20141114" - ]; - hashedPassword = null; # Disable Password Login - }; - # System Packages environment.systemPackages = with pkgs; [ htop @@ -180,7 +122,4 @@ in vim wget ]; - - # System State Version - system.stateVersion = "24.11"; } diff --git a/hosts/rke2.nix b/hosts/rke2.nix index 1022330..fdfb532 100644 --- a/hosts/rke2.nix +++ b/hosts/rke2.nix @@ -1,15 +1,55 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: { - imports = [ - ../k8s - ]; - k8s.manifestsDir = "/var/lib/rancher/rke2/server/manifests"; + # Node Nix Config + options = { + dataDiskID = lib.mkOption { + type = lib.types.str; + description = "The device ID for the data disk"; + }; + serverAddr = lib.mkOption { + type = lib.types.str; + description = "The server to join"; + }; + networkConfig = lib.mkOption { + type = lib.types.submodule { + options = { + interface = lib.mkOption { + type = lib.types.str; + description = "Network interface name"; + example = "enp0s3"; + }; + address = lib.mkOption { + type = lib.types.str; + description = "Static IP address"; + example = "10.0.20.200"; + }; + defaultGateway = lib.mkOption { + type = lib.types.str; + description = "Default gateway IP"; + example = "10.0.20.254"; + }; + nameservers = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "List of DNS servers"; + example = [ "10.0.20.254" "8.8.8.8" ]; + default = [ "8.8.8.8" "8.8.4.4" ]; + }; + }; + }; + description = "Network configuration"; + }; + }; - # Enable Flakes - nix.settings.experimental-features = [ "nix-command" "flakes" ]; + # ---------------------------------------- + # ---------- Base Configuration ---------- + # ---------------------------------------- # System Configuration + system.stateVersion = "24.11"; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + # Boot Configuration boot.kernelModules = [ "nvme_tcp" ]; # OpenEBS Mayastor Requirement boot.kernel.sysctl = { "vm.nr_hugepages" = 1024; @@ -18,64 +58,39 @@ boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.efiSysMountPoint = "/boot"; - # Disk Configuration - disko.devices = { - disk = { - main = { - type = "disk"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "512M"; - type = "EF00"; # EFI - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; - # Network Configuration networking = { - networkmanager.enable = true; + hostName = config.hostName; + networkmanager.enable = false; + + # Interface Configuration + inherit (config.networkConfig) defaultGateway nameservers; + interfaces.${config.networkConfig.interface}.ipv4.addresses = [{ + inherit (config.networkConfig) address; + prefixLength = 24; + }]; + firewall = { enable = true; - # https://docs.rke2.io/install/requirements#networking allowedTCPPorts = [ - # K8s Control Plane + # RKE2 Ports - https://docs.rke2.io/install/requirements#networking 6443 # Kubernetes API 9345 # RKE2 supervisor API 2379 # etcd Client Port 2380 # etcd Peer Port 2381 # etcd Metrics Port - - # K8s Node Communication 10250 # kubelet metrics 9099 # Canal CNI health checks - # OpenEBS Mayastor - 10124 # Mayastor REST API + # OpenEBS Mayastor - https://openebs.io/docs/user-guides/replicated-storage-user-guide/replicated-pv-mayastor/rs-installation#network-requirements + 10124 # REST API 8420 # NVMf 4421 # NVMf ]; allowedUDPPorts = [ + # RKE2 Ports - https://docs.rke2.io/install/requirements#networking 8472 # Canal CNI with VXLAN # 51820 # Canal CNI with WireGuard IPv4 (if using encryption) # 51821 # Canal CNI with WireGuard IPv6 (if using encryption) @@ -83,47 +98,6 @@ }; }; - # Enable RKE2 - services.rke2 = { - enable = true; - - disable = [ - # Utilize Traefik - "rke2-ingress-nginx" - - # Utilize OpenEBS's Snapshot Controller - "rke2-snapshot-controller" - "rke2-snapshot-controller-crd" - "rke2-snapshot-validation-webhook" - ]; - - nodeLabel = [ - "openebs.io/engine=mayastor" - ]; - - role = "server"; - # ------------------- - # --- Server Node --- - # ------------------- - - # ------------------- - # --- Worker Node --- - # ------------------- - # role = "agent"; - # serverAddr = "https://10.0.0.10:6443" - # tokenFile = ""; - # agentTokenFile = ""; - }; - - # Enable SSH Server - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; # Disable Password Login - PermitRootLogin = "prohibit-password"; # Disable Password Login - }; - }; - # User Configuration users.users.root = { openssh.authorizedKeys.keys = [ @@ -142,6 +116,67 @@ vim ]; - # System State Version - system.stateVersion = "24.11"; + # Enable SSH Server + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; # Disable Password Login + PermitRootLogin = "prohibit-password"; # Disable Password Login + }; + }; + + # ---------------------------------------- + # ---------- RKE2 Configuration ---------- + # ---------------------------------------- + + # RKE2 Join Token + environment.etc."rancher/rke2/node-token" = lib.mkIf (config.serverAddr != "") { + source = ../rke2-token; + mode = "0600"; + user = "root"; + group = "root"; + }; + + # Enable RKE2 + services.rke2 = { + enable = true; + + disable = [ + # Disable - Utilizing Traefik + "rke2-ingress-nginx" + + # Distable - Utilizing OpenEBS's Snapshot Controller + "rke2-snapshot-controller" + "rke2-snapshot-controller-crd" + "rke2-snapshot-validation-webhook" + ]; + + # OpenEBS Scheduleable + nodeLabel = [ + "openebs.io/engine=mayastor" + ]; + + role = "server"; + serverAddr = config.serverAddr; + tokenFile = lib.mkIf (config.serverAddr != "") "/etc/rancher/rke2/node-token"; + }; + + # Bootstrap Kubernetes Manifests + system.activationScripts.k8s-manifests = { + deps = [ ]; + text = '' + mkdir -p /var/lib/rancher/rke2/server/manifests + + # Base Configs + cp ${../k8s/openebs.yaml} /var/lib/rancher/rke2/server/manifests/openebs-base.yaml + cp ${../k8s/kasten.yaml} /var/lib/rancher/rke2/server/manifests/kasten-base.yaml + + # OpenEBS Disk Pool + cp ${pkgs.substituteAll { + src = ../k8s/openebs-disk-pool.yaml; + hostName = config.hostName; + dataDiskID = config.dataDiskID; + }} /var/lib/rancher/rke2/server/manifests/openebs-disk-pool-${config.hostName}.yaml + ''; + }; } diff --git a/k8s/.gitignore b/k8s/.gitignore deleted file mode 100644 index 5dbb189..0000000 --- a/k8s/.gitignore +++ /dev/null @@ -1 +0,0 @@ -rke2-token diff --git a/k8s/default.nix b/k8s/default.nix deleted file mode 100644 index 7beee50..0000000 --- a/k8s/default.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - options.k8s = { - diskPoolID = lib.mkOption { - type = lib.types.str; - description = "Disk Pool ID for OpenEBS"; - }; - - manifestsDir = lib.mkOption { - type = lib.types.path; - description = "Directory for Kubernetes manifests"; - }; - }; - - config = { - system.activationScripts.k8s-manifests = { - deps = [ ]; - text = '' - mkdir -p ${config.k8s.manifestsDir} - - # Storage - OpenEBS - cp ${pkgs.substituteAll { - src = ./config/openebs.yaml; - nodeName = config.networking.hostName; - diskPoolID = config.k8s.diskPoolID; - }} ${config.k8s.manifestsDir}/openebs.yaml - - # Backup - Kasten - cp ${./config/kasten.yaml} ${config.k8s.manifestsDir}/kasten.yaml - ''; - }; - }; -} diff --git a/k8s/config/kasten.yaml b/k8s/kasten.yaml similarity index 96% rename from k8s/config/kasten.yaml rename to k8s/kasten.yaml index 644dcb8..6e635a3 100644 --- a/k8s/config/kasten.yaml +++ b/k8s/kasten.yaml @@ -48,4 +48,4 @@ spec: valuesContent: |- global: persistence: - storageClass: mayastor-r1 + storageClass: mayastor-r3 diff --git a/k8s/openebs-disk-pool.yaml b/k8s/openebs-disk-pool.yaml new file mode 100644 index 0000000..3dcf2d1 --- /dev/null +++ b/k8s/openebs-disk-pool.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: "openebs.io/v1beta2" +kind: DiskPool +metadata: + name: pool-on-@hostName@ + namespace: openebs +spec: + node: @hostName@ + disks: ["aio://@dataDiskID@"] diff --git a/k8s/config/openebs.yaml b/k8s/openebs.yaml similarity index 82% rename from k8s/config/openebs.yaml rename to k8s/openebs.yaml index 10e9913..0fce804 100644 --- a/k8s/config/openebs.yaml +++ b/k8s/openebs.yaml @@ -29,15 +29,6 @@ spec: mayastor: enabled: true --- -apiVersion: "openebs.io/v1beta2" -kind: DiskPool -metadata: - name: pool-on-@nodeName@ - namespace: openebs -spec: - node: @nodeName@ - disks: ["aio://@diskPoolID@"] ---- apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: @@ -51,11 +42,11 @@ provisioner: io.openebs.csi-mayastor apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: - name: mayastor-r1 + name: mayastor-r3 annotations: storageclass.kubernetes.io/is-default-class: "true" allowVolumeExpansion: true parameters: protocol: nvmf - repl: "1" + repl: "3" provisioner: io.openebs.csi-mayastor diff --git a/lib/common-system.nix b/lib/common-system.nix new file mode 100644 index 0000000..ace5e65 --- /dev/null +++ b/lib/common-system.nix @@ -0,0 +1,43 @@ +{ config, lib, ... }: +{ + # Node Nix Config + options = { + hostName = lib.mkOption { + type = lib.types.str; + description = "The node hostname"; + }; + }; + + config = { + # Basic System + system.stateVersion = "24.11"; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + networking.hostName = config.hostName; + + # Boot Loader Options + boot.loader = { + systemd-boot.enable = true; + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot"; + }; + }; + + # Enable SSH + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + PermitRootLogin = "prohibit-password"; + }; + }; + + # User Authorized Keys + users.users.root = { + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA8P84lWL/p13ZBFNwITm/dLWWL8s9pVmdOImM5gaJAiTLY+DheUvG6YsveB2/5STseiJ34g7Na9TW1mtTLL8zDqPvj3NbprQiYlLJKMbCk6dtfdD4nLMHl8B48e1h699XiZDp2/c+jJb0MkLOFrps+FbPqt7pFt1Pj29tFy8BCg0LGndu6KO+HqYS+aM5tp5hZESo1RReiJ8aHsu5X7wW46brN4gfyyu+8X4etSZAB9raWqlln9NKK7G6as6X+uPypvSjYGSTC8TSePV1iTPwOxPk2+1xBsK7EBLg3jNrrYaiXLnZvBOOhm11JmHzqEJ6386FfQO+0r4iDVxmvi+ojw== rsa-key-20141114" + ]; + hashedPassword = null; + }; + }; +} diff --git a/lib/disk-config.nix b/lib/disk-config.nix new file mode 100644 index 0000000..d54867e --- /dev/null +++ b/lib/disk-config.nix @@ -0,0 +1,43 @@ +{ config, lib, ... }: { + options = { + mainDiskID = lib.mkOption { + type = lib.types.str; + description = "Device path for the main disk"; + example = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBcd9425b8-d666f9b8"; + }; + }; + + config = { + disko.devices = { + disk = { + main = { + type = "disk"; + device = config.mainDiskID; + content = { + type = "gpt"; + partitions = { + boot = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; + }; +}