about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--PARTITIONING.md13
-rw-r--r--hosts/configuration.nix14
-rw-r--r--hosts/luna/hardware.nix20
3 files changed, 34 insertions, 13 deletions
diff --git a/PARTITIONING.md b/PARTITIONING.md
index 2ecbb19..674781e 100644
--- a/PARTITIONING.md
+++ b/PARTITIONING.md
@@ -9,8 +9,14 @@
 
 ## TUTORIAL ## 
 
-# Create and Format EFI Boot Partition
-mkfs.fat -F 32 /dev/$BOOTPARTITION
+# Create and Format 64M EFI Partition
+mkfs.fat -F 32 /dev/$EFIPARTITION
+
+# Create and Encrypt 200M /boot Partition
+cryptsetup --verify-passphrase -v luksFormat --type luks1 /dev/$BOOTPARTITION
+cryptsetup open /dev/$BOOTPARTITION encrypted_boot
+mkfs.ext4 /dev/mapper/encrypted_boot
+
 
 # Create and Encrypt /nix Partition
 cryptsetup --verify-passphrase -v luksFormat /dev/$NIXPARTITION
@@ -39,7 +45,8 @@ mount -t tmpfs none /mnt
 mkdir -p /mnt/{boot,nix,persist,home}
 
 # Mount all partitions in /
-mount /dev/$BOOTPARTITION /mnt/boot
+mount /dev/mapper/encrypted_boot /mnt/boot
+mount /dev/$EFIPARTITION /mnt/boot/efi
 mount -o subvol=nix,compress-force=zstd,noatime /dev/mapper/encrypted_nix /mnt/nix
 mount -o subvol=home,compress-force=zstd /dev/mapper/encrypted_home_and_persist /mnt/home
 mount -o subvol=persist,compress-force=zstd,noatime /dev/mapper/encrypted_home_and_persist /mnt/persist
diff --git a/hosts/configuration.nix b/hosts/configuration.nix
index 2254651..ebcafeb 100644
--- a/hosts/configuration.nix
+++ b/hosts/configuration.nix
@@ -10,13 +10,17 @@
 
   boot = {
     loader = {
-      systemd-boot = {
-        enable = true;
-        editor = false;
-      };
       efi = {
-        efiSysMountPoint = "/boot";
         canTouchEfiVariables = true;
+        efiSysMountPoint = "/boot/efi";
+      };
+      grub = {
+        enable = true;
+        version = 2;
+        efiSupport = true;
+        device = "nodev";
+        enableCryptodisk = true;
+        splashImage = null;
       };
       timeout = 0;
     };
diff --git a/hosts/luna/hardware.nix b/hosts/luna/hardware.nix
index f93812a..1d87654 100644
--- a/hosts/luna/hardware.nix
+++ b/hosts/luna/hardware.nix
@@ -15,17 +15,27 @@ in
     kernelParams = [ "net.ifnames=0" "biosdevname=0" "iomem=relaxed" "mitigations=off" ];
   };
 
+  fileSystems."/" = {
+    device = "none";
+    fsType = "tmpfs";
+  };
+
+  boot.initrd.luks.devices."encrypted_boot" = {
+    device = "/dev/disk/by-uuid/4f5ba100-5c69-49ce-b0cf-2f219a5e9e51";
+    preLVM = true;
+  };
+
   fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/4D55-C906";
+    device = "/dev/mapper/encrypted_boot";
     fsType = "vfat";
   };
 
-  fileSystems."/" = {
-    device = "none";
-    fsType = "tmpfs";
+  fileSystems."/boot/efi" = {
+    device = "/dev/disk/by-uuid/BD51-1431";
+    fsType = "vfat";
   };
 
-  boot.initrd.luks.devices."encrypted_nix".device = "/dev/disk/by-uuid/e1b9b878-e1de-4311-98b6-681874831a5e";
+  boot.initrd.luks.devices."encrypted_nix".device = "/dev/disk/by-uuid/596e43d3-ccda-4f06-bce9-58d6a8c0dd79";
 
   fileSystems."/nix" = {
     device = "/dev/mapper/encrypted_nix";
generated by cgit-pink (baitinq) at 2025-01-30 21:42:45 +0000