diff options
author | aszlig <aszlig@nix.build> | 2018-04-21 00:15:22 +0200 |
---|---|---|
committer | aszlig <aszlig@nix.build> | 2018-04-21 00:15:22 +0200 |
commit | ef28f71b49a45425ac0bf24db5ecfb0897b1f98b (patch) | |
tree | f29fb5f836e3aff16f22444d4f36aa019a007053 | |
parent | b7e2b621d8a9e2efa2c51ecce0585bee34c8a134 (diff) |
tishtushi: Change to new partitioning scheme
I had to recover tishtushi while on the road because I have used zstd compression, which GRUB doesn't support. So instead of just adding a boot partition I decided to actually do what I long wanted to do, which is to actually encrypt the disks, so the new partitioning reflects that. Signed-off-by: aszlig <aszlig@nix.build>
-rw-r--r-- | machines/aszlig/tishtushi.nix | 59 |
1 files changed, 43 insertions, 16 deletions
diff --git a/machines/aszlig/tishtushi.nix b/machines/aszlig/tishtushi.nix index 2481bbb8..7c944df6 100644 --- a/machines/aszlig/tishtushi.nix +++ b/machines/aszlig/tishtushi.nix @@ -1,39 +1,66 @@ -{ config, pkgs, lib, ... }: - -let - rootUUID = "e33a3dda-a87d-473b-b113-37783aa35667"; - swapUUID = "e9f59283-143c-4c36-978c-c730c6ca27c7"; - storeUUID = "ce1db87b-d717-450d-a212-3685a224f626"; - diskID = "ata-Hitachi_HTS543232A7A384_E2P31243FGB6PJ"; -in { +{ lib, ... }: + +{ vuizvui.user.aszlig.profiles.workstation.enable = true; vuizvui.system.kernel.bfq.enable = true; vuizvui.system.kernel.useBleedingEdge = true; - boot = { - initrd.kernelModules = [ "fbcon" "usb_storage" ]; - loader.grub.device = "/dev/disk/by-id/${diskID}"; - loader.timeout = 1; + boot.loader = { + grub.device = "/dev/disk/by-id/ata-Hitachi_HTS543232A7A384_E2P31243FGB6PJ"; + timeout = 1; + }; + + boot.initrd = { + kernelModules = [ "fbcon" "usb_storage" ]; + availableKernelModules = [ + "aes_x86_64" "af_alg" "algif_skcipher" "cbc" "cryptd" "crypto_simd" + "dm_crypt" "ecb" "gf128mul" "glue_helper" "xts" + ]; + luks.devices = [ + { name = "00vault"; + device = "/dev/disk/by-uuid/812f19f1-9096-4367-b2e4-0c9537c52a67"; + } + { name = "tishtushi-swap"; + device = "/dev/disk/by-uuid/2934df87-5fda-4b2e-9f3b-c4c96f571407"; + keyFile = "/dev/mapper/00vault"; + } + { name = "tishtushi-root"; + device = "/dev/disk/by-uuid/cf65f144-9205-40a5-a239-b660695a6740"; + keyFile = "/dev/mapper/00vault"; + } + { name = "tishtushi-nix"; + device = "/dev/disk/by-uuid/af7fc49a-cc38-49f2-8a89-1cd8248554a7"; + keyFile = "/dev/mapper/00vault"; + } + ]; + postDeviceCommands = lib.mkAfter '' + cryptsetup luksClose /dev/mapper/00vault + ''; }; networking.hostName = "tishtushi"; networking.wireless.enable = lib.mkForce true; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/763a7117-3dbf-4e80-9e63-c7039477ef3d"; + fsType = "ext4"; + }; + fileSystems."/" = { - device = "/dev/disk/by-uuid/${rootUUID}"; + device = "/dev/mapper/tishtushi-root"; fsType = "btrfs"; options = [ "space_cache" "compress=zstd" "noatime" ]; }; - fileSystems."/nix/store" = { - device = "/dev/disk/by-uuid/${storeUUID}"; + fileSystems."/nix" = { + device = "/dev/mapper/tishtushi-nix"; fsType = "btrfs"; options = [ "ssd" "discard" "compress=zstd" "noatime" ]; }; swapDevices = lib.singleton { - device = "/dev/disk/by-uuid/${swapUUID}"; + device = "/dev/mapper/tishtushi-swap"; }; services.tlp.enable = true; |