machines/tyree: Add options for encryption

The new installation of this Laptop uses encryption and so far these options have been residing in the local configuration.nix, so let's get it over to Vuizvui. Signed-off-by: aszlig <aszlig@nix.build> Cc: @brokkoliberta
author: aszlig <aszlig@nix.build> 2018-04-25 13:34:52 +0200
committer: aszlig <aszlig@nix.build> 2018-04-25 13:34:52 +0200
commit: 2fcc918f6e8b3b7010c16c96d90a96213bfa0d4c (patch)
tree: e7a40ed0444fd362083e8980129a54b985792d79 /machines/aszlig/managed
parent: 2a12b296d563df7e210dd178803bd96dafdfe755 (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/machines/aszlig/managed/tyree.nix b/machines/aszlig/managed/tyree.nix
index bd0b8a56..63363818 100644
--- a/machines/aszlig/managed/tyree.nix
+++ b/machines/aszlig/managed/tyree.nix
@@ -4,6 +4,24 @@
   boot.initrd.availableKernelModules = [ "usbhid" ];
   boot.kernelModules = [ "kvm-intel" ];
 
+  boot.initrd.luks.devices = [
+    { name = "00-vault";
+      device = "/dev/disk/by-uuid/e4eb3d30-7fa5-4af4-86fb-80b47518cc25";
+    }
+    { name = "tyree-swap";
+      device = "/dev/disk/by-uuid/d96e29b4-0b9a-442d-af27-805f69ffffb3";
+      keyFile = "/dev/mapper/00-vault";
+    }
+    { name = "tyree-root";
+      device = "/dev/disk/by-uuid/21e9a86e-c8dc-4d8f-ba75-d03552dc32f7";
+      keyFile = "/dev/mapper/00-vault";
+    }
+  ];
+
+  boot.initrd.postDeviceCommands = lib.mkAfter ''
+    cryptsetup luksClose /dev/mapper/00-vault
+  '';
+
   environment.systemPackages = with pkgs; [
     darktable digikam firefox gphoto2 krita mosh rawtherapee wget
   ];
author	aszlig <aszlig@nix.build>	2018-04-25 13:34:52 +0200
committer	aszlig <aszlig@nix.build>	2018-04-25 13:34:52 +0200
commit	2fcc918f6e8b3b7010c16c96d90a96213bfa0d4c (patch)
tree	e7a40ed0444fd362083e8980129a54b985792d79 /machines/aszlig/managed
parent	2a12b296d563df7e210dd178803bd96dafdfe755 (diff)