From 14ce01d5be479495636976d92b29d29090633873 Mon Sep 17 00:00:00 2001
From: Xory <xory@tutamail.com>
Date: Fri, 6 Mar 2026 16:53:16 +0200
Subject: [PATCH] testbed-vm: init, will add hardware-configuration later

---
 hosts/testbed-vm/config.nix         | 11 ++++
 hosts/testbed-vm/hardware/disko.nix | 96 +++++++++++++++++++++++++++++
 2 files changed, 107 insertions(+)
 create mode 100644 hosts/testbed-vm/config.nix
 create mode 100644 hosts/testbed-vm/hardware/disko.nix

diff --git a/hosts/testbed-vm/config.nix b/hosts/testbed-vm/config.nix
new file mode 100644
index 0000000..40bf772
--- /dev/null
+++ b/hosts/testbed-vm/config.nix
@@ -0,0 +1,11 @@
+{ config, pkgs, pkgs-stable, lib, inputs, ... }:
+
+{
+  imports =
+    [
+      ./hardware/disko.nix
+    ];
+
+  networking.hostName = "nixos-testbed";
+  networking.hostId = "6c3b53a1";
+}
diff --git a/hosts/testbed-vm/hardware/disko.nix b/hosts/testbed-vm/hardware/disko.nix
new file mode 100644
index 0000000..2273261
--- /dev/null
+++ b/hosts/testbed-vm/hardware/disko.nix
@@ -0,0 +1,96 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/vda";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+            luks = {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "crypted";
+                # Disable this if you do not want to allow TRIM requests to pass through LUKS
+                # (Security vs SSD longevity trade-off)
+                settings.allowDiscards = true;
+                # Uncomment if you want to use a keyfile during install:
+                # settings.keyFile = "/tmp/secret.key"; 
+                content = {
+                  type = "zfs";
+                  pool = "zroot";
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+    zpool = {
+      zroot = {
+        type = "zpool";
+        options = {
+          ashift = "12";
+          autotrim = "on";
+        };
+        rootFsOptions = {
+          acltype = "posixacl";
+          xattr = "sa";
+          dnodesize = "auto";
+          compression = "zstd";
+          normalization = "formD";
+          relatime = "on";
+          canmount = "off";
+          # Prevent auto-snapshotting by default (enable explicitly on datasets that need it)
+          "com.sun:auto-snapshot" = "false";
+        };
+        datasets = {
+          # The ephemeral root dataset.
+          # We create a blank snapshot immediately so you can rollback to it on boot.
+          "root" = {
+            type = "zfs_fs";
+            mountpoint = "/";
+            options.mountpoint = "legacy";
+            postCreateHook = "zfs snapshot zroot/root@blank";
+          };
+          
+          # The Nix Store (reproducible, doesn't need backing up usually)
+          "nix" = {
+            type = "zfs_fs";
+            mountpoint = "/nix";
+            options.mountpoint = "legacy";
+            options."com.sun:auto-snapshot" = "false";
+          };
+
+          # Persisted state (for impermanence)
+          "persist" = {
+            type = "zfs_fs";
+            mountpoint = "/persist";
+            options.mountpoint = "legacy";
+            # Enable snapshots for data safety if using sanoid/syncoid
+            # options."com.sun:auto-snapshot" = "true";
+          };
+
+          # Home directories
+          "home" = {
+            type = "zfs_fs";
+            mountpoint = "/home";
+            options.mountpoint = "legacy";
+            # options."com.sun:auto-snapshot" = "true";
+          };
+        };
+      };
+    };
+  };
+}