diff options
| author | Baitinq <manuelpalenzuelamerino@gmail.com> | 2022-07-23 19:29:25 +0200 |
|---|---|---|
| committer | Baitinq <manuelpalenzuelamerino@gmail.com> | 2022-07-23 19:29:25 +0200 |
| commit | cbe489263d750ce38e6e8ec73c312cdc940c0e05 (patch) | |
| tree | 6240f8aef64ca6c48e223c51af42cad917c60971 | |
| parent | Update (diff) | |
| download | nixos-config-cbe489263d750ce38e6e8ec73c312cdc940c0e05.tar.gz nixos-config-cbe489263d750ce38e6e8ec73c312cdc940c0e05.tar.bz2 nixos-config-cbe489263d750ce38e6e8ec73c312cdc940c0e05.zip | |
Luna: Added impermanence and disk encryption
| -rw-r--r-- | flake.lock | 16 | ||||
| -rw-r--r-- | flake.nix | 4 | ||||
| -rw-r--r-- | hosts/luna/default.nix | 13 | ||||
| -rw-r--r-- | hosts/luna/hardware.nix | 22 |
4 files changed, 49 insertions, 6 deletions
diff --git a/flake.lock b/flake.lock index 6df29b7..5ad5572 100644 --- a/flake.lock +++ b/flake.lock @@ -22,6 +22,21 @@ "type": "github" } }, + "impermanence": { + "locked": { + "lastModified": 1646131459, + "narHash": "sha256-GPmgxvUFvQ1GmsGfWHy9+rcxWrczeDhS9XnAIPHi9XQ=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "2f39baeb7d039fda5fc8225111bb79474138e6f4", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, "nix-index": { "locked": { "lastModified": 1658030503, @@ -71,6 +86,7 @@ "root": { "inputs": { "home-manager": "home-manager", + "impermanence": "impermanence", "nix-index": "nix-index", "nixpkgs": "nixpkgs", "nur": "nur" diff --git a/flake.nix b/flake.nix index 36af10c..94e38f2 100644 --- a/flake.nix +++ b/flake.nix @@ -3,10 +3,14 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + home-manager = { url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; }; + + impermanence.url = "github:nix-community/impermanence"; + nur.url = "github:nix-community/NUR"; nix-index.url = "github:Mic92/nix-index-database"; diff --git a/hosts/luna/default.nix b/hosts/luna/default.nix index f70c975..b2cf07b 100644 --- a/hosts/luna/default.nix +++ b/hosts/luna/default.nix @@ -1,6 +1,8 @@ { config, pkgs, lib, secrets, hostname, inputs, user, ... }: { imports = [ + "${inputs.impermanence}/nixos.nix" + ./hardware.nix ../../modules/power-save @@ -33,6 +35,17 @@ xf86_input_cmt #chromebook touchpad drivers ]; + environment.persistence."/persist" = { + directories = [ + "/var/log" + "/var/lib" + ]; + files = [ + "/etc/machine-id" + "/etc/nix/id_rsa" + ]; + }; + environment.etc."nix-index/files".source = inputs.nix-index.legacyPackages.x86_64-linux.database; } diff --git a/hosts/luna/hardware.nix b/hosts/luna/hardware.nix index 8e7de13..c4aaf8d 100644 --- a/hosts/luna/hardware.nix +++ b/hosts/luna/hardware.nix @@ -16,24 +16,34 @@ in }; fileSystems."/boot" = { - device = "/dev/disk/by-uuid/3187-3464"; + device = "/dev/disk/by-uuid/4D55-C906"; fsType = "vfat"; }; fileSystems."/" = { - device = "/dev/disk/by-uuid/8fba0f8d-f0a4-4c5f-88cf-3f23ff848a5e"; - fsType = "btrfs"; - options = [ "subvol=root" "compress-force=zstd" "noatime" ]; + device = "none"; + fsType = "tmpfs"; }; + boot.initrd.luks.devices."encrypted_nix".device = "/dev/disk/by-uuid/e1b9b878-e1de-4311-98b6-681874831a5e"; + fileSystems."/nix" = { - device = "/dev/disk/by-uuid/8fba0f8d-f0a4-4c5f-88cf-3f23ff848a5e"; + device = "/dev/mapper/encrypted_nix"; fsType = "btrfs"; options = [ "subvol=nix" "compress-force=zstd" "noatime" ]; }; + boot.initrd.luks.devices."encrypted_home_and_persist".device = "/dev/disk/by-uuid/47a8ddde-1237-4a0f-84c4-f17fbd22ea3f"; + + fileSystems."/persist" = { + device = "/dev/mapper/encrypted_home_and_persist"; + fsType = "btrfs"; + neededForBoot = true; + options = [ "subvol=persist" "compress-force=zstd" "noatime" ]; + }; + fileSystems."/home" = { - device = "/dev/disk/by-uuid/1de6d3b2-a51a-4217-9a71-c0dbd645e364"; + device = "/dev/mapper/encrypted_home_and_persist"; fsType = "btrfs"; options = [ "subvol=home" "compress-force=zstd" ]; }; |