diff --git a/hosts/JWST/configuration.nix b/hosts/JWST/configuration.nix index eb76ec6..fa78cc1 100644 --- a/hosts/JWST/configuration.nix +++ b/hosts/JWST/configuration.nix @@ -10,12 +10,33 @@ # ------------ System ------------ - boot.loader.grub.extraEntries = '' - menuentry "Void" { - search --set=void --fs-uuid 987518fa-8ea0-49a6-b1e5-1fed4e4ae50f - configfile "($void)/boot/grub/grub.cfg" - } - ''; + boot.loader.efi.efiSysMountPoint = "/boot/efi"; + boot.loader.grub.enableCryptodisk = true; + + boot.initrd = { + luks.devices."root" = { + device = "/dev/disk/by-uuid/25e06c9e-3f53-4abc-a656-d8b388b27f58"; # UUID for /dev/nvme01np2 + preLVM = true; + keyFile = "/keyfile0.bin"; + allowDiscards = true; + }; + secrets = { + # Create /mnt/etc/secrets/initrd directory and copy keys to it + "keyfile0.bin" = "/etc/secrets/initrd/keyfile0.bin"; + "keyfile1.bin" = "/etc/secrets/initrd/keyfile1.bin"; + }; + }; + + # Data mount + fileSystems."/data" = { + device = "/dev/disk/by-uuid/12c28d9c-f781-499c-bd58-ad2608c9322a"; # UUID for /dev/mapper/crypted-data + encrypted = { + enable = true; + label = "crypted-data"; + blkDev = "/dev/disk/by-uuid/3f16043b-ab85-42af-a3aa-a687372dae67"; # UUID for /dev/nvme1n1p1 + keyFile = "/keyfile1.bin"; + }; + }; time.timeZone = "America/New_York"; @@ -27,7 +48,7 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.05"; # Did you read the comment? + system.stateVersion = "23.11"; # Did you read the comment? # ------------ Graphics ------------ diff --git a/hosts/JWST/hardware-configuration.nix b/hosts/JWST/hardware-configuration.nix index 214569c..55e5b68 100644 --- a/hosts/JWST/hardware-configuration.nix +++ b/hosts/JWST/hardware-configuration.nix @@ -1,45 +1,31 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + { - config, - lib, - pkgs, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; - fileSystems."/" = { - device = "/dev/disk/by-uuid/d05d358d-19d4-4629-b0bd-594a754ad76d"; - fsType = "ext4"; - }; + fileSystems."/" = + { device = "/dev/disk/by-uuid/09e1694e-5236-45d3-b454-1dbe9ac473da"; + fsType = "ext4"; + }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/6DD4-5A29"; - fsType = "vfat"; - }; + fileSystems."/boot/efi" = + { device = "/dev/disk/by-uuid/20C7-3E47"; + fsType = "vfat"; + }; - fileSystems."/mnt/void" = { - device = "/dev/disk/by-uuid/987518fa-8ea0-49a6-b1e5-1fed4e4ae50f"; - fsType = "ext4"; - }; - - fileSystems."/mnt/secondary" = { - device = "/dev/disk/by-uuid/3b424592-6b20-42e0-9d28-8bf562c15913"; - fsType = "ext4"; - }; - - swapDevices = [ - {device = "/dev/disk/by-uuid/802e89ce-52b8-41b9-85ea-b969ab08765f";} - ]; + swapDevices = + [ { device = "/dev/disk/by-uuid/9d8aab67-42c8-4139-a178-275523260792"; } + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's @@ -49,6 +35,5 @@ # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; }