{ config, lib, pkgs, ... }: let inherit (lib) types; cfg = config.common.configure.rootDisk; users = lib.pipe config.common.users [ (lib.mapAttrsToList (name: value: if value.enable then name else null)) (lib.filter (element: !builtins.isNull element)) ]; partOpts = [ "compress=zstd" "discard=async" ]; in { options.common.configure.rootDisk = { enable = lib.mkOption { type = types.bool; default = false; }; subVolumes = { nix = lib.mkOption { type = types.bool; default = true; }; home = lib.mkOption { type = types.bool; default = false; }; homePerUser = lib.mkOption { type = types.bool; default = cfg.subVolumes.home; }; tmp = lib.mkOption { type = types.bool; default = false; }; system = lib.mkOption { type = types.bool; default = false; }; }; swap = { enable = lib.mkOption { type = types.bool; default = false; }; size = lib.mkOption { type = types.strMatching "[0-9]+[KMGTP]"; }; }; }; config = lib.mkIf cfg.enable ( let askPass = pkgs.writeShellScriptBin "cryptsetup-askpass" "systemctl default"; in { boot = { supportedFilesystems = [ "btrfs" ]; initrd = { luks.devices."root".device = "/dev/disk/by-partlabel/${config.networking.hostName}-root"; availableKernelModules = [ "btrfs" "ipv6" ]; systemd = { enable = lib.mkDefault true; network = lib.mkIf config.systemd.network.enable config.systemd.network; storePaths = [ "${askPass}/bin/cryptsetup-askpass" ]; users.root.shell = "${askPass}/bin/cryptsetup-askpass"; }; network = { enable = lib.mkDefault true; ssh = { enable = lib.mkDefault true; port = 22; hostKeys = lib.mkDefault (lib.map (element: element.path) config.services.openssh.hostKeys); authorizedKeys = with lib; concatLists ( mapAttrsToList ( name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else [ ] ) config.users.users ); }; }; }; }; services.btrfs.autoScrub.enable = true; swapDevices = lib.singleton { device = lib.mkIf cfg.swap.enable "/swap/swapfile"; }; fileSystems = lib.mkMerge [ { "/" = { device = "/dev/mapper/root"; fsType = "btrfs"; options = partOpts; }; "/boot" = { device = "/dev/disk/by-partlabel/${config.networking.hostName}-boot"; fsType = "vfat"; options = [ "nofail" "umask=0077" "dmask=0077" ]; }; "/tmp" = lib.mkIf cfg.subVolumes.tmp { device = "/dev/mapper/root"; fsType = "btrfs"; options = [ "subvol=nix" "nosuid" "nodev" ]; }; "/nix" = lib.mkIf cfg.subVolumes.nix { device = "/dev/mapper/root"; fsType = "btrfs"; options = [ "subvol=nix" "noatime" ] ++ partOpts; }; "/persist/system" = lib.mkIf cfg.subVolumes.system { device = "/dev/mapper/root"; fsType = "btrfs"; options = [ "subvol=system" "noatime" ] ++ partOpts; }; "/persist/home" = lib.mkIf (cfg.subVolumes.home && !cfg.subVolumes.homePerUser) { device = "/dev/mapper/root"; fsType = "btrfs"; options = [ "subvol=home" ] ++ partOpts; }; "/swap" = lib.mkIf cfg.swap.enable { device = "/dev/mapper/root"; fsType = "btrfs"; options = [ "subvol=swap" "noatime" "discard=async" ]; }; } (lib.mkIf cfg.subVolumes.homePerUser ( lib.listToAttrs ( lib.map (user: { name = if config.common.configure.persist.home.enable then "/persist/home/${user}" else "/home/${user}"; value = { device = "/dev/mapper/root"; fsType = "btrfs"; options = [ "subvol=home-${user}" ] ++ partOpts; }; }) users ) )) ]; } ); }