move to luks

systems/palatine-hill/configuration.nix

@@ -8,6 +8,7 @@
   imports = [
     ./attic.nix
     ./docker.nix
+    ./hardware-changes.nix
     ./hydra.nix
     ./minio.nix
     ./networking.nix

systems/palatine-hill/hardware-changes.nix

@@ -0,0 +1,32 @@
+{ ... }:
+{
+
+  boot.initrd.luks.devices = {
+    "nixos-pv" = {
+      device = "/dev/disk/by-uuid/l1H5s7-l3Tx-tDci-zgcx-iKPz-R7jg-Vnp8J2";
+      preLVM = true;
+      allowDiscards = true;
+    };
+  };
+
+  fileSystems = {
+    "/".options = [
+      "noatime"
+      "nodiratime"
+      "discard"
+    ];
+
+    "/home".options = [
+      "noatime"
+      "nodiratime"
+      "discard"
+    ];
+
+    "/boot".option = [
+      "noatime"
+      "nodiratime"
+      "discard"
+    ];
+
+  };
+}

systems/palatine-hill/zfs.nix

@@ -4,31 +4,10 @@
   pkgs,
   ...
 }:
-let
-  bootkey = key: { "/crypto/keys/${key}" = /crypto/keys/${key}; };
-  zfskeys = [
-    "zfs-attic-key"
-    "zfs-backup-key"
-    "zfs-calibre-key"
-    "zfs-db-key"
-    "zfs-docker-key"
-    "zfs-games-key"
-    "zfs-hydra-key"
-    "zfs-libvirt-key"
-    "zfs-main-key"
-    "zfs-nxtcld-key"
-    "zfs-torr-key"
-    "zfs-var-docker-key"
-    "zfs-nix-store-key"
-    "zfs-archiveteam-key"
-    "zfs-minio-key"
-  ];
-in
 {
   boot = {
     zfs.extraPools = [ "ZFS-primary" ];
     filesystem = "zfs";
-    initrd.secrets = lib.mergeAttrsList (map bootkey zfskeys);
     extraModprobeConfig = ''
       options zfs zfs_arc_min=82463372083
       options zfs zfs_arc_max=192414534860