From b43e9054fb5914d1b9c87581f37b87f0a41c72dc Mon Sep 17 00:00:00 2001
From: ahuston-0 <aliceghuston@gmail.com>
Date: Thu, 22 Aug 2024 01:21:49 -0400
Subject: [PATCH] move to luks

---
 systems/palatine-hill/configuration.nix    |  1 +
 systems/palatine-hill/hardware-changes.nix | 32 ++++++++++++++++++++++
 systems/palatine-hill/zfs.nix              | 21 --------------
 3 files changed, 33 insertions(+), 21 deletions(-)
 create mode 100644 systems/palatine-hill/hardware-changes.nix

diff --git a/systems/palatine-hill/configuration.nix b/systems/palatine-hill/configuration.nix
index 23b2789..a9eeb7e 100644
--- a/systems/palatine-hill/configuration.nix
+++ b/systems/palatine-hill/configuration.nix
@@ -8,6 +8,7 @@
   imports = [
     ./attic.nix
     ./docker.nix
+    ./hardware-changes.nix
     ./hydra.nix
     ./minio.nix
     ./networking.nix
diff --git a/systems/palatine-hill/hardware-changes.nix b/systems/palatine-hill/hardware-changes.nix
new file mode 100644
index 0000000..00a2a81
--- /dev/null
+++ b/systems/palatine-hill/hardware-changes.nix
@@ -0,0 +1,32 @@
+{ ... }:
+{
+
+  boot.initrd.luks.devices = {
+    "nixos-pv" = {
+      device = "/dev/disk/by-uuid/l1H5s7-l3Tx-tDci-zgcx-iKPz-R7jg-Vnp8J2";
+      preLVM = true;
+      allowDiscards = true;
+    };
+  };
+
+  fileSystems = {
+    "/".options = [
+      "noatime"
+      "nodiratime"
+      "discard"
+    ];
+
+    "/home".options = [
+      "noatime"
+      "nodiratime"
+      "discard"
+    ];
+
+    "/boot".option = [
+      "noatime"
+      "nodiratime"
+      "discard"
+    ];
+
+  };
+}
diff --git a/systems/palatine-hill/zfs.nix b/systems/palatine-hill/zfs.nix
index 4363162..fc2fc58 100644
--- a/systems/palatine-hill/zfs.nix
+++ b/systems/palatine-hill/zfs.nix
@@ -4,31 +4,10 @@
   pkgs,
   ...
 }:
-let
-  bootkey = key: { "/crypto/keys/${key}" = /crypto/keys/${key}; };
-  zfskeys = [
-    "zfs-attic-key"
-    "zfs-backup-key"
-    "zfs-calibre-key"
-    "zfs-db-key"
-    "zfs-docker-key"
-    "zfs-games-key"
-    "zfs-hydra-key"
-    "zfs-libvirt-key"
-    "zfs-main-key"
-    "zfs-nxtcld-key"
-    "zfs-torr-key"
-    "zfs-var-docker-key"
-    "zfs-nix-store-key"
-    "zfs-archiveteam-key"
-    "zfs-minio-key"
-  ];
-in
 {
   boot = {
     zfs.extraPools = [ "ZFS-primary" ];
     filesystem = "zfs";
-    initrd.secrets = lib.mergeAttrsList (map bootkey zfskeys);
     extraModprobeConfig = ''
       options zfs zfs_arc_min=82463372083
       options zfs zfs_arc_max=192414534860