> ## Documentation Index > Fetch the complete documentation index at: https://docs.siderolabs.com/llms.txt > Use this file to discover all available pages before exploring further. > UserVolumeConfig is a user volume configuration document. User volume is automatically allocated as a partition on the specified disk and mounted under `/var/mnt/`. The partition label is automatically generated as `u-`. # UserVolumeConfig export const VersionWarningBanner = () => { const latestVersion = "v1.13"; const [latestUrl, setLatestUrl] = useState(null); const [currentVersion, setCurrentVersion] = useState(null); const [isBeta, setIsBeta] = useState(false); const parseVersion = v => v.replace("v", "").split(".").map(Number); const isGreaterVersion = (a, b) => { const [aMajor, aMinor] = parseVersion(a); const [bMajor, bMinor] = parseVersion(b); if (aMajor > bMajor) return true; if (aMajor === bMajor && aMinor > bMinor) return true; return false; }; useEffect(() => { if (typeof window === "undefined") return; const {pathname, hash, search} = window.location; const match = pathname.match(/\/talos\/(v\d+\.\d+)\//); if (!match) return; const detectedVersion = match[1]; if (detectedVersion === latestVersion) return; setCurrentVersion(detectedVersion); if (isGreaterVersion(detectedVersion, latestVersion)) { setIsBeta(true); } const newPath = pathname.replace(`/talos/${detectedVersion}/`, `/talos/${latestVersion}/`); setLatestUrl(`${newPath}${search}${hash}`); }, []); if (!latestUrl || !currentVersion) return null; return

{isBeta ? <> ⚠️ You are viewing a beta version of Talos ({currentVersion}). This version may be unstable. View latest stable version {latestVersion} → : <> ⚠️ You are viewing an older version of Talos ({currentVersion}). View the latest version {latestVersion} → }

; }; ```yaml theme={null} apiVersion: v1alpha1 kind: UserVolumeConfig name: ceph-data # Name of the volume. # The provisioning describes how the volume is provisioned. provisioning: # The disk selector expression. diskSelector: match: disk.transport == "nvme" # The Common Expression Language (CEL) expression to match the disk. maxSize: 50GiB # The maximum size of the volume, if not specified the volume can grow to the size of the # # The minimum size of the volume. # minSize: 2.5GiB # The filesystem describes how the volume is formatted. filesystem: type: xfs # Filesystem type. Default is `xfs`. # The encryption describes how the volume is encrypted. encryption: provider: luks2 # Encryption provider to use for the encryption. # Defines the encryption keys generation and storage method. keys: - slot: 0 # Key slot number for LUKS2 encryption. # Enable TPM based disk encryption. tpm: {} # # KMS managed encryption key. # kms: # endpoint: https://192.168.88.21:4443 # KMS endpoint to Seal/Unseal the key. - slot: 1 # Key slot number for LUKS2 encryption. # Key which value is stored in the configuration file. static: passphrase: topsecret # Defines the static passphrase value. # # KMS managed encryption key. # kms: # endpoint: https://192.168.88.21:4443 # KMS endpoint to Seal/Unseal the key. # # Cipher to use for the encryption. Depends on the encryption provider. # cipher: aes-xts-plain64 # # Defines the encryption sector size. # blockSize: 4096 # # Additional --perf parameters for the LUKS2 encryption. # options: # - no_read_workqueue # - no_write_workqueue ```

Field	Type	Description
`name`	string
`provisioning`	ProvisioningSpec	The provisioning describes how the volume is provisioned.
`filesystem`	FilesystemSpec	The filesystem describes how the volume is formatted.
`encryption`	EncryptionSpec	The encryption describes how the volume is encrypted.

## provisioning ProvisioningSpec describes how the volume is provisioned.

Field	Type	Description
`diskSelector`	DiskSelector	The disk selector expression.
`grow`	bool	Should the volume grow to the size of the disk (if possible).
`minSize`	ByteSize
`maxSize`	ByteSize

### diskSelector DiskSelector selects a disk for the volume.

Field	Type	Description	Value(s)
`match`	Expression	The Common Expression Language (CEL) expression to match the disk.

## filesystem FilesystemSpec configures the filesystem for the volume.

Field	Type	Description	Value(s)
`type`	FilesystemType	Filesystem type. Default is `xfs`.	`ext4` `xfs`

## encryption EncryptionSpec represents volume encryption settings. ```yaml theme={null} encryption: provider: luks2 # Encryption provider to use for the encryption. # Defines the encryption keys generation and storage method. keys: - slot: 0 # Key slot number for LUKS2 encryption. # Key which value is stored in the configuration file. static: passphrase: exampleKey # Defines the static passphrase value. # # KMS managed encryption key. # kms: # endpoint: https://192.168.88.21:4443 # KMS endpoint to Seal/Unseal the key. - slot: 1 # Key slot number for LUKS2 encryption. # KMS managed encryption key. kms: endpoint: https://example-kms-endpoint.com # KMS endpoint to Seal/Unseal the key. cipher: aes-xts-plain64 # Cipher to use for the encryption. Depends on the encryption provider. blockSize: 4096 # Defines the encryption sector size. # # Additional --perf parameters for the LUKS2 encryption. # options: # - no_read_workqueue # - no_write_workqueue ```

Field	Type	Description	Value(s)
`provider`	EncryptionProviderType	Encryption provider to use for the encryption.	`luks2`
`keys`	EncryptionKey	Defines the encryption keys generation and storage method.
`cipher`	string	Cipher to use for the encryption. Depends on the encryption provider.	`aes-xts-plain64` `xchacha12,aes-adiantum-plain64` `xchacha20,aes-adiantum-plain64`
`keySize`	uint	Defines the encryption key length.
`blockSize`	uint64	Defines the encryption sector size.
`options`	\[]string	Additional --perf parameters for the LUKS2 encryption.	`no_read_workqueue` `no_write_workqueue` `same_cpu_crypt`

### keys\[] EncryptionKey represents configuration for disk encryption key.

Field	Type	Description
`slot`	int	Key slot number for LUKS2 encryption.
`static`	EncryptionKeyStatic	Key which value is stored in the configuration file.
`nodeID`	EncryptionKeyNodeID	Deterministically generated key from the node UUID and PartitionLabel.
`kms`	EncryptionKeyKMS	KMS managed encryption key.
`tpm`	EncryptionKeyTPM	Enable TPM based disk encryption.

#### static EncryptionKeyStatic represents throw away key type.

Field	Type	Description	Value(s)
`passphrase`	string	Defines the static passphrase value.

#### nodeID EncryptionKeyNodeID represents deterministically generated key from the node UUID and PartitionLabel. #### kms EncryptionKeyKMS represents a key that is generated and then sealed/unsealed by the KMS server. ```yaml theme={null} encryption: keys: - kms: endpoint: https://192.168.88.21:4443 # KMS endpoint to Seal/Unseal the key. ```

Field	Type	Description	Value(s)
`endpoint`	string	KMS endpoint to Seal/Unseal the key.

#### tpm EncryptionKeyTPM represents a key that is generated and then sealed/unsealed by the TPM.

Field	Type	Description	Value(s)
`checkSecurebootStatusOnEnroll`	bool