diff options
| author | Baitinq <manuelpalenzuelamerino@gmail.com> | 2022-07-23 19:29:25 +0200 |
|---|---|---|
| committer | Baitinq <manuelpalenzuelamerino@gmail.com> | 2022-07-23 19:29:25 +0200 |
| commit | cbe489263d750ce38e6e8ec73c312cdc940c0e05 (patch) | |
| tree | 6240f8aef64ca6c48e223c51af42cad917c60971 /hosts/luna | |
| parent | Update (diff) | |
| download | nixos-config-cbe489263d750ce38e6e8ec73c312cdc940c0e05.tar.gz nixos-config-cbe489263d750ce38e6e8ec73c312cdc940c0e05.tar.bz2 nixos-config-cbe489263d750ce38e6e8ec73c312cdc940c0e05.zip | |
Luna: Added impermanence and disk encryption
Diffstat (limited to 'hosts/luna')
| -rw-r--r-- | hosts/luna/default.nix | 13 | ||||
| -rw-r--r-- | hosts/luna/hardware.nix | 22 |
2 files changed, 29 insertions, 6 deletions
diff --git a/hosts/luna/default.nix b/hosts/luna/default.nix index f70c975..b2cf07b 100644 --- a/hosts/luna/default.nix +++ b/hosts/luna/default.nix @@ -1,6 +1,8 @@ { config, pkgs, lib, secrets, hostname, inputs, user, ... }: { imports = [ + "${inputs.impermanence}/nixos.nix" + ./hardware.nix ../../modules/power-save @@ -33,6 +35,17 @@ xf86_input_cmt #chromebook touchpad drivers ]; + environment.persistence."/persist" = { + directories = [ + "/var/log" + "/var/lib" + ]; + files = [ + "/etc/machine-id" + "/etc/nix/id_rsa" + ]; + }; + environment.etc."nix-index/files".source = inputs.nix-index.legacyPackages.x86_64-linux.database; } diff --git a/hosts/luna/hardware.nix b/hosts/luna/hardware.nix index 8e7de13..c4aaf8d 100644 --- a/hosts/luna/hardware.nix +++ b/hosts/luna/hardware.nix @@ -16,24 +16,34 @@ in }; fileSystems."/boot" = { - device = "/dev/disk/by-uuid/3187-3464"; + device = "/dev/disk/by-uuid/4D55-C906"; fsType = "vfat"; }; fileSystems."/" = { - device = "/dev/disk/by-uuid/8fba0f8d-f0a4-4c5f-88cf-3f23ff848a5e"; - fsType = "btrfs"; - options = [ "subvol=root" "compress-force=zstd" "noatime" ]; + device = "none"; + fsType = "tmpfs"; }; + boot.initrd.luks.devices."encrypted_nix".device = "/dev/disk/by-uuid/e1b9b878-e1de-4311-98b6-681874831a5e"; + fileSystems."/nix" = { - device = "/dev/disk/by-uuid/8fba0f8d-f0a4-4c5f-88cf-3f23ff848a5e"; + device = "/dev/mapper/encrypted_nix"; fsType = "btrfs"; options = [ "subvol=nix" "compress-force=zstd" "noatime" ]; }; + boot.initrd.luks.devices."encrypted_home_and_persist".device = "/dev/disk/by-uuid/47a8ddde-1237-4a0f-84c4-f17fbd22ea3f"; + + fileSystems."/persist" = { + device = "/dev/mapper/encrypted_home_and_persist"; + fsType = "btrfs"; + neededForBoot = true; + options = [ "subvol=persist" "compress-force=zstd" "noatime" ]; + }; + fileSystems."/home" = { - device = "/dev/disk/by-uuid/1de6d3b2-a51a-4217-9a71-c0dbd645e364"; + device = "/dev/mapper/encrypted_home_and_persist"; fsType = "btrfs"; options = [ "subvol=home" "compress-force=zstd" ]; }; |