1
0
mirror of https://github.com/tboerger/nixos-config synced 2024-11-26 07:43:45 +01:00

chore: enable luks encryption for anubis

This commit is contained in:
Thomas Boerger 2022-11-22 20:59:46 +01:00
parent c589247d7a
commit c854f7145c
No known key found for this signature in database
GPG Key ID: 09745AFF9D63C79B
3 changed files with 30 additions and 7 deletions

@ -16,19 +16,21 @@
canTouchEfiVariables = true;
};
systemd-boot = {
grub = {
enable = true;
consoleMode = "2";
configurationLimit = 5;
editor = false;
version = 2;
device = "nodev";
efiSupport = true;
};
};
# kernelParams = [ "intel_pstate=no_hwp" ];
kernelModules = [ ];
extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
initrd = {
availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "acpi_call" ];
availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "acpi_call" "cryptd" ];
kernelModules = [ "dm-snapshot" ];
};
};

@ -1,6 +1,21 @@
{ config, lib, pkgs, ... }:
{
boot = {
initrd = {
luks = {
devices = {
luks = {
name = "luks";
device = "/dev/disk/by-partlabel/system";
preLVM = true;
allowDiscards = true;
};
};
};
};
};
swapDevices = [{
device = "/dev/disk/by-label/swap";
}];

@ -61,11 +61,17 @@ echo "-----> Wait for partitions"
sleep 3
sync
echo "-----> Format encrypted container"
cryptsetup luksFormat /dev/disk/by-partlabel/system
echo "-----> Open encrypted container"
cryptsetup luksOpen /dev/disk/by-partlabel/system crypted
echo "-----> Create data pv"
pvcreate /dev/disk/by-partlabel/system
pvcreate /dev/mapper/crypted
echo "-----> Create data vg"
vgcreate system /dev/disk/by-partlabel/system
vgcreate system /dev/mapper/crypted
echo "-----> Create swap volume"
lvcreate -y --size $(cat /proc/meminfo | grep MemTotal | cut -d':' -f2 | sed 's/ //g') --name swap system