From cbe489263d750ce38e6e8ec73c312cdc940c0e05 Mon Sep 17 00:00:00 2001
From: Baitinq <manuelpalenzuelamerino@gmail.com>
Date: Sat, 23 Jul 2022 19:29:25 +0200
Subject: Luna: Added impermanence and disk encryption

---
 hosts/luna/default.nix  | 13 +++++++++++++
 hosts/luna/hardware.nix | 22 ++++++++++++++++------
 2 files changed, 29 insertions(+), 6 deletions(-)

(limited to 'hosts')

diff --git a/hosts/luna/default.nix b/hosts/luna/default.nix
index f70c975..b2cf07b 100644
--- a/hosts/luna/default.nix
+++ b/hosts/luna/default.nix
@@ -1,6 +1,8 @@
 { config, pkgs, lib, secrets, hostname, inputs, user, ... }: {
 
   imports = [
+    "${inputs.impermanence}/nixos.nix"
+
     ./hardware.nix
 
     ../../modules/power-save
@@ -33,6 +35,17 @@
     xf86_input_cmt #chromebook touchpad drivers
   ];
 
+  environment.persistence."/persist" = {
+    directories = [
+      "/var/log"
+      "/var/lib"
+    ];
+    files = [
+      "/etc/machine-id"
+      "/etc/nix/id_rsa"
+    ];
+  };
+
   environment.etc."nix-index/files".source = inputs.nix-index.legacyPackages.x86_64-linux.database;
 
 }
diff --git a/hosts/luna/hardware.nix b/hosts/luna/hardware.nix
index 8e7de13..c4aaf8d 100644
--- a/hosts/luna/hardware.nix
+++ b/hosts/luna/hardware.nix
@@ -16,24 +16,34 @@ in
   };
 
   fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/3187-3464";
+    device = "/dev/disk/by-uuid/4D55-C906";
     fsType = "vfat";
   };
 
   fileSystems."/" = {
-    device = "/dev/disk/by-uuid/8fba0f8d-f0a4-4c5f-88cf-3f23ff848a5e";
-    fsType = "btrfs";
-    options = [ "subvol=root" "compress-force=zstd" "noatime" ];
+    device = "none";
+    fsType = "tmpfs";
   };
 
+  boot.initrd.luks.devices."encrypted_nix".device = "/dev/disk/by-uuid/e1b9b878-e1de-4311-98b6-681874831a5e";
+
   fileSystems."/nix" = {
-    device = "/dev/disk/by-uuid/8fba0f8d-f0a4-4c5f-88cf-3f23ff848a5e";
+    device = "/dev/mapper/encrypted_nix";
     fsType = "btrfs";
     options = [ "subvol=nix" "compress-force=zstd" "noatime" ];
   };
 
+  boot.initrd.luks.devices."encrypted_home_and_persist".device = "/dev/disk/by-uuid/47a8ddde-1237-4a0f-84c4-f17fbd22ea3f";
+
+  fileSystems."/persist" = {
+    device = "/dev/mapper/encrypted_home_and_persist";
+    fsType = "btrfs";
+    neededForBoot = true;
+    options = [ "subvol=persist" "compress-force=zstd" "noatime" ];
+  };
+
   fileSystems."/home" = {
-    device = "/dev/disk/by-uuid/1de6d3b2-a51a-4217-9a71-c0dbd645e364";
+    device = "/dev/mapper/encrypted_home_and_persist";
     fsType = "btrfs";
     options = [ "subvol=home" "compress-force=zstd" ];
   };
-- 
cgit 1.4.1