dots/hosts/nullstar/hardware/disko.nix

{
  disko.devices = {
    disk = {
      main = {
        type = "disk";
        device = "/dev/nvme0n1";
        content = {
          type = "gpt";
          partitions = {
            ESP = {
              size = "512M";
              type = "EF00";
              content = {
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
                mountOptions = [ "umask=0077" ];
              };
            };
            luks = {
              size = "100%";
              content = {
                type = "luks";
                name = "crypted";
                # Disable this if you do not want to allow TRIM requests to pass through LUKS
                # (Security vs SSD longevity trade-off)
                settings.allowDiscards = true;
                # Uncomment if you want to use a keyfile during install:
                # settings.keyFile = "/tmp/secret.key"; 
                content = {
                  type = "zfs";
                  pool = "zroot";
                };
              };
            };
          };
        };
      };
    };
    zpool = {
      zroot = {
        type = "zpool";
        options = {
          ashift = "12";
          autotrim = "on";
        };
        rootFsOptions = {
          acltype = "posixacl";
          xattr = "sa";
          dnodesize = "auto";
          compression = "zstd";
          normalization = "formD";
          relatime = "on";
          canmount = "off";
          # Prevent auto-snapshotting by default (enable explicitly on datasets that need it)
          "com.sun:auto-snapshot" = "false";
        };
        datasets = {
          # The ephemeral root dataset.
          # We create a blank snapshot immediately so you can rollback to it on boot.
          "root" = {
            type = "zfs_fs";
            mountpoint = "/";
            options.mountpoint = "legacy";
            postCreateHook = "zfs snapshot zroot/root@blank";
          };
          
          # The Nix Store (reproducible, doesn't need backing up usually)
          "nix" = {
            type = "zfs_fs";
            mountpoint = "/nix";
            options.mountpoint = "legacy";
            options."com.sun:auto-snapshot" = "false";
          };

          # Persisted state (for impermanence)
          "persist" = {
            type = "zfs_fs";
            mountpoint = "/persist";
            options.mountpoint = "legacy";
            # Enable snapshots for data safety if using sanoid/syncoid
            # options."com.sun:auto-snapshot" = "true";
          };

          # Home directories
          "home" = {
            type = "zfs_fs";
            mountpoint = "/home";
            options.mountpoint = "legacy";
            # options."com.sun:auto-snapshot" = "true";
          };
        };
      };
    };
  };
}