NixOS + Framework

Sender	Message	Time
10 May 2026
Albert Larsan	I have something even more complex (ignore p3 and p4, an old dual boot) `❯ lsblk /dev/nvme0n1 NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS nvme0n1 259:0 0 931.5G 0 disk ├─nvme0n1p1 259:1 0 2G 0 part /boot ├─nvme0n1p2 259:2 0 729.5G 0 part │ └─enc 254:0 0 729.5G 0 crypt │ ├─pool-swap 254:1 0 64G 0 lvm [SWAP] │ └─pool-root 254:2 0 665.5G 0 lvm /mnt │ /home │ ... │ / ├─nvme0n1p3 259:3 0 4G 0 part └─nvme0n1p4 259:4 0 196G 0 part`	16:24:37
sudoforge	well ignoring partitions 3 and 4, we have basically the same core setup: a single luks container that contains our filesystems	16:25:31
sudoforge	this is really more telling, i guess: `➜ sudo parted /dev/nvme0n1 print Model: DOES-NOT-MATTER (nvme) Disk /dev/nvme0n1: 2000GB Sector size (logical/physical): 512B/512B Partition Table: gpt Disk Flags: Number Start End Size File system Name Flags 1 1049kB 2000GB 2000GB primary 2 2000GB 2000GB 512MB fat32 ESP boot, esp`	16:26:23
sudoforge	(yes they're out of order, out of habit - i guess this dates me)	16:26:42
sudoforge	Albert Larsan and i will have similar output here (except for partitions 3 and 4, which we were told to ignore): two partitions for our system	16:27:21
sudoforge	one for our ESP, the other that is a single luks container	16:27:48
Albert Larsan	Yep, except that I have LVM between luks and btrfs	16:28:13
sudoforge	presumably for `$REASONS` :)	16:28:24
Albert Larsan	(and a huge ESP)	16:28:28
trumee	advantage of lvm is to modify the partition size in the future?	16:29:00
Albert Larsan	* (and a huge ESP for Lanzaboote and dual-boot)	16:29:04
trumee	Albert Larsan: p4 is windows?	16:30:22
Albert Larsan	I don’t really remember, might be qubes or kicksecure.	16:31:23
sudoforge	IMO, on a single disk system, there's no reason to put lvm between the luks container and your fs of choice	16:31:36
Albert Larsan	Windows lives on an 250G extension card	16:31:55
sudoforge	well, assuming that you're using a single filesystem like btrfs	16:32:03
trumee	so there is no benefit of using LVM here?	16:32:38
sudoforge	not where albert has used it, IMO	16:32:55
trumee	does the NixOS install CD sets this up?	16:33:48
sudoforge	uh, no clue	16:33:59
sudoforge	what you're looking at was actually manually partitioned back in the day	16:35:11
Albert Larsan	Having swap also crypted in the same luks container is the main benefit for me (ignoring swap files).	16:37:10
sudoforge	well, yeah. `/swap` for me is just a btrfs subvolume and my swap space is a swap file conveniently at `/swap/file`	16:37:33
sudoforge	disko configuration that i wrote recently but haven't used to reformat my in-use disk (because i haven't bothered migrating) is: let # mkSubvolumes is a helper function to define BTRFS subvolumes from a list # of strings (representing the path the subvolume will be mounted at, and # using that as the name) mkSubvolumes = paths: builtins.listToAttrs (map (p: { name = p; value = { mountpoint = if p == "/root" then "/" else p; mountOptions = [ "defaults" "ssd" "compress=zstd:3" "noatime" ]; }; }) paths); in { disko.devices = { system = { device = "/dev/disk/by-id/..."; type = "disk"; content = { type = "gpt"; partitions = { ESP = { size = "1024M"; type = "EF00"; content = { type = "filesystem"; format = "vfat"; mountpoint = "/boot"; mountOptions = [ "umask=0077" ]; }; }; luks = { size = "100%"; content.type = "luks"; content.name = "system"; content.settings.allowDiscards = true; # use a fido2 key for unlocking content.enrollFido2 = true; # do not generate a recovery passphrase (i manually add additional fido keys) content.enrollRecovery = false; content.content = { type = "btrfs"; subvolumes = mkSubvolumes [ "/nix" "/persist" "/root" "/var/log" "/home" ] // { "/swap" = { mountpoint = "/swap"; swap.swapfile.size = "72G"; swap.swapfile.path = "file"; # relative path, results in /swap/file }; }; # This hook creates a snapshot of the root subvolume after it is # created (and critically, empty), which is used for automatic # rollback on startup. see //system/modules:impermanence.nix for # more information about that process. postCreateHook = '' set -eufo pipefail MOUNTPOINT=$(mktemp -d) mount --type btrfs \ --options defaults,ssd,noatime,subvol=/ \ /dev/mapper/system \ "$MOUNTPOINT" trap 'umount "$MOUNTPOINT"; rm -rf "$MOUNTPOINT"' EXIT btrfs subvolume snapshot -r \ "$MOUNTPOINT/root" "$MOUNTPOINT/root-blank" ''; }; }; }; }; }; }; }	16:38:46
Albert Larsan	Also, moving stuff by adding a pv to lvm and removing the old pv is also nice (although I never used it). (you can also do this using btrfs native multi-disk support)	16:39:12
sudoforge	you can also do this using btrfs native multi-disk support this is how i'll be migrating this machine's disk to a new disk, with the above disko configuration. `btrfs send` :)	16:41:08
Albert Larsan	I have another impermanance setup, where I move the root submodule to a subfolder (for crash recovery), and delete the ones that are too old.	16:42:41
sudoforge	my impermanence module (referenced in the above config) just sets up the `boot.initrd.systemd.services.rollback` unit that handles deleting the root subvol and rolling back from the snapshot, and contains my `environment.persistence."/persist"` configuration (and other stuff necessary to handle w/ impermanence. i'd be interested in seeing your crash recovery setup.	16:47:42
sudoforge	* my impermanence module (referenced in the above config) just sets up the `boot.initrd.systemd.services.rollback` unit that handles deleting the root subvol and rolling back from the snapshot, and contains my `environment.persistence."/persist"` configuration, and other stuff necessary to handle w/ impermanence. i'd be interested in seeing your crash recovery setup.	16:48:11
sudoforge	* my impermanence module (referenced in the above config) just sets up the `boot.initrd.systemd.services.rollback` unit that handles deleting the root subvol and rolling back from the snapshot, contains my `environment.persistence."/persist"` configuration, and other stuff necessary to handle w/ impermanence. i'd be interested in seeing your crash recovery setup.	16:48:22

I have something even more complex (ignore p3 and p4, an old dual boot)

❯ lsblk /dev/nvme0n1
NAME            MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
nvme0n1         259:0    0 931.5G  0 disk  
├─nvme0n1p1     259:1    0     2G  0 part  /boot
├─nvme0n1p2     259:2    0 729.5G  0 part  
│ └─enc         254:0    0 729.5G  0 crypt 
│   ├─pool-swap 254:1    0    64G  0 lvm   [SWAP]
│   └─pool-root 254:2    0 665.5G  0 lvm   /mnt
│                                          /home
│                                          ...
│                                          /
├─nvme0n1p3     259:3    0     4G  0 part  
└─nvme0n1p4     259:4    0   196G  0 part

16:24:37

sudoforge

well ignoring partitions 3 and 4, we have basically the same core setup: a single luks container that contains our filesystems

16:25:31

sudoforge

this is really more telling, i guess:

➜ sudo parted /dev/nvme0n1 print
Model: DOES-NOT-MATTER (nvme)
Disk /dev/nvme0n1: 2000GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags: 

Number  Start   End     Size    File system  Name     Flags
 1      1049kB  2000GB  2000GB               primary
 2      2000GB  2000GB  512MB   fat32        ESP      boot, esp

16:26:23

sudoforge

(yes they're out of order, out of habit - i guess this dates me)

16:26:42

sudoforge

Albert Larsan and i will have similar output here (except for partitions 3 and 4, which we were told to ignore): two partitions for our system

16:27:21

sudoforge

one for our ESP, the other that is a single luks container

16:27:48

Albert Larsan

Yep, except that I have LVM between luks and btrfs

16:28:13

sudoforge

presumably for $REASONS :)

(and a huge ESP)

advantage of lvm is to modify the partition size in the future?

16:29:00

Albert Larsan

* (and a huge ESP for Lanzaboote and dual-boot)

16:29:04

trumee

Albert Larsan: p4 is windows?

16:30:22

Albert Larsan

I don’t really remember, might be qubes or kicksecure.

16:31:23

sudoforge

IMO, on a single disk system, there's no reason to put lvm between the luks container and your fs of choice

16:31:36

Albert Larsan

Windows lives on an 250G extension card

16:31:55

sudoforge

well, assuming that you're using a single filesystem like btrfs

16:32:03

trumee

so there is no benefit of using LVM here?

16:32:38

sudoforge

not where albert has used it, IMO

16:32:55

trumee

does the NixOS install CD sets this up?

uh, no clue

what you're looking at was actually manually partitioned back in the day

16:35:11

Albert Larsan

Having swap also crypted in the same luks container is the main benefit for me (ignoring swap files).

16:37:10

sudoforge

well, yeah. /swap for me is just a btrfs subvolume and my swap space is a swap file conveniently at /swap/file

16:37:33

sudoforge

disko configuration that i wrote recently but haven't used to reformat my in-use disk (because i haven't bothered migrating) is:

let
  # mkSubvolumes is a helper function to define BTRFS subvolumes from a list
  # of strings (representing the path the subvolume will be mounted at, and
  # using that as the name)
  mkSubvolumes = paths: builtins.listToAttrs (map (p: {
    name = p;
    value = {
      mountpoint = if p == "/root" then "/" else p;
      mountOptions = [ "defaults" "ssd" "compress=zstd:3" "noatime" ];
    };
  }) paths);
in
{
  disko.devices = {
    system = {
      device = "/dev/disk/by-id/...";
      type = "disk";

      content = {
        type = "gpt";

        partitions = {
          ESP = {
            size = "1024M";
            type = "EF00";
            content = {
              type = "filesystem";
              format = "vfat";
              mountpoint = "/boot";
              mountOptions = [ "umask=0077" ];
            };
          };

          luks = {
            size = "100%";
            content.type = "luks";
            content.name = "system";
            content.settings.allowDiscards = true;

            # use a fido2 key for unlocking
            content.enrollFido2 = true;

            # do not generate a recovery passphrase (i manually add additional fido keys)
            content.enrollRecovery = false;

            content.content = {
              type = "btrfs";

              subvolumes = mkSubvolumes [
                "/nix"
                "/persist"
                "/root"
                "/var/log"
                "/home"
              ] // {
                "/swap" = {
                  mountpoint = "/swap";
                  swap.swapfile.size = "72G";
                  swap.swapfile.path = "file"; # relative path, results in /swap/file
                };
              };

              # This hook creates a snapshot of the root subvolume after it is
              # created (and critically, empty), which is used for automatic
              # rollback on startup. see //system/modules:impermanence.nix for
              # more information about that process.
              postCreateHook = ''
                set -eufo pipefail
                MOUNTPOINT=$(mktemp -d)
                mount --type btrfs \
                  --options defaults,ssd,noatime,subvol=/ \
                  /dev/mapper/system \
                  "$MOUNTPOINT"
                trap 'umount "$MOUNTPOINT"; rm -rf "$MOUNTPOINT"' EXIT
                btrfs subvolume snapshot -r \
                  "$MOUNTPOINT/root" "$MOUNTPOINT/root-blank"
              '';
            };
          };
        };
      };
    };
  };
}

16:38:46

Albert Larsan

Also, moving stuff by adding a pv to lvm and removing the old pv is also nice (although I never used it). (you can also do this using btrfs native multi-disk support)

16:39:12

sudoforge

you can also do this using btrfs native multi-disk support

this is how i'll be migrating this machine's disk to a new disk, with the above disko configuration. btrfs send :)

16:41:08

Albert Larsan

I have another impermanance setup, where I move the root submodule to a subfolder (for crash recovery), and delete the ones that are too old.

16:42:41

sudoforge

my impermanence module (referenced in the above config) just sets up the boot.initrd.systemd.services.rollback unit that handles deleting the root subvol and rolling back from the snapshot, and contains my environment.persistence."/persist" configuration (and other stuff necessary to handle w/ impermanence.

i'd be interested in seeing your crash recovery setup.

16:47:42

sudoforge

*

my impermanence module (referenced in the above config) just sets up the boot.initrd.systemd.services.rollback unit that handles deleting the root subvol and rolling back from the snapshot, and contains my environment.persistence."/persist" configuration, and other stuff necessary to handle w/ impermanence.

i'd be interested in seeing your crash recovery setup.

16:48:11

sudoforge

*

my impermanence module (referenced in the above config) just sets up the boot.initrd.systemd.services.rollback unit that handles deleting the root subvol and rolling back from the snapshot, contains my environment.persistence."/persist" configuration, and other stuff necessary to handle w/ impermanence.

i'd be interested in seeing your crash recovery setup.

16:48:22

Load older messages

Show newer messages

	NixOS + Framework	225 Members
	Discussing NixOS in the context of the Framework laptop	50 Servers