62 lines
1.3 KiB
Nix
62 lines
1.3 KiB
Nix
{ lib, ... }:
|
|
{
|
|
|
|
boot.zfs.requestEncryptionCredentials = lib.mkForce false;
|
|
|
|
boot.initrd = {
|
|
services.lvm.enable = true;
|
|
luks.devices = {
|
|
"nixos-pv" = {
|
|
device = "/dev/disk/by-uuid/614787a6-784a-4932-b787-cb6424725444";
|
|
preLVM = true;
|
|
allowDiscards = true;
|
|
};
|
|
};
|
|
|
|
postResumeCommands = ''
|
|
# let root mount and everything, then manually unlock stuff
|
|
load_zfs_nix() {
|
|
local device="/dev/disk/by-uuid/8bfaa32b-09dd-45c8-831e-05e80be82f9e"
|
|
local mountPoint="/"
|
|
local options="x-initrd.mount,noatime,nodiratime"
|
|
local fsType="ext4"
|
|
|
|
echo "manually mounting key location, then unmounting"
|
|
udevadm settle
|
|
|
|
mountFS "$device" "$(escapeFstab "$mountPoint")" "$(escapeFstab "$options")" "$fsType"
|
|
|
|
zfs load-key -L "file://$targetRoot/crypto/keys/zfs-nix-store-key" "ZFS-primary/nix"
|
|
umount "$targetRoot/"
|
|
}
|
|
|
|
load_zfs_nix
|
|
'';
|
|
};
|
|
|
|
fileSystems = {
|
|
"/".options = [
|
|
"noatime"
|
|
"nodiratime"
|
|
];
|
|
|
|
"/home".options = [
|
|
"noatime"
|
|
"nodiratime"
|
|
];
|
|
|
|
"/boot".options = [
|
|
"noatime"
|
|
"nodiratime"
|
|
"fmask=0077"
|
|
"dmask=0077"
|
|
];
|
|
|
|
"/nix".depends = [
|
|
"/"
|
|
"/crypto"
|
|
];
|
|
|
|
};
|
|
}
|