move to luks

2024-08-22 01:21:49 -04:00 · 2024-08-22 01:21:49 -04:00 · b43e9054fb
commit b43e9054fb
parent b03e1ea9c2
3 changed files with 33 additions and 21 deletions
--- a/systems/palatine-hill/configuration.nix
+++ b/systems/palatine-hill/configuration.nix
@ -8,6 +8,7 @@
  imports = [
    ./attic.nix
    ./docker.nix
+    ./hardware-changes.nix
    ./hydra.nix
    ./minio.nix
    ./networking.nix
--- a/systems/palatine-hill/hardware-changes.nix
+++ b/systems/palatine-hill/hardware-changes.nix
@ -0,0 +1,32 @@
+{ ... }:
+{
+
+  boot.initrd.luks.devices = {
+    "nixos-pv" = {
+      device = "/dev/disk/by-uuid/l1H5s7-l3Tx-tDci-zgcx-iKPz-R7jg-Vnp8J2";
+      preLVM = true;
+      allowDiscards = true;
+    };
+  };
+
+  fileSystems = {
+    "/".options = [
+      "noatime"
+      "nodiratime"
+      "discard"
+    ];
+
+    "/home".options = [
+      "noatime"
+      "nodiratime"
+      "discard"
+    ];
+
+    "/boot".option = [
+      "noatime"
+      "nodiratime"
+      "discard"
+    ];
+
+  };
+}
--- a/systems/palatine-hill/zfs.nix
+++ b/systems/palatine-hill/zfs.nix
@ -4,31 +4,10 @@
  pkgs,
  ...
 }:
-let
-  bootkey = key: { "/crypto/keys/${key}" = /crypto/keys/${key}; };
-  zfskeys = [
-    "zfs-attic-key"
-    "zfs-backup-key"
-    "zfs-calibre-key"
-    "zfs-db-key"
-    "zfs-docker-key"
-    "zfs-games-key"
-    "zfs-hydra-key"
-    "zfs-libvirt-key"
-    "zfs-main-key"
-    "zfs-nxtcld-key"
-    "zfs-torr-key"
-    "zfs-var-docker-key"
-    "zfs-nix-store-key"
-    "zfs-archiveteam-key"
-    "zfs-minio-key"
-  ];
-in
 {
  boot = {
    zfs.extraPools = [ "ZFS-primary" ];
    filesystem = "zfs";
-    initrd.secrets = lib.mergeAttrsList (map bootkey zfskeys);
    extraModprobeConfig = ''
      options zfs zfs_arc_min=82463372083
      options zfs zfs_arc_max=192414534860