From 2fcc918f6e8b3b7010c16c96d90a96213bfa0d4c Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@nix.build>
Date: Wed, 25 Apr 2018 13:34:52 +0200
Subject: machines/tyree: Add options for encryption

The new installation of this Laptop uses encryption and so far these
options have been residing in the local configuration.nix, so let's get
it over to Vuizvui.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @brokkoliberta
---
 machines/aszlig/managed/tyree.nix | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'machines/aszlig')

diff --git a/machines/aszlig/managed/tyree.nix b/machines/aszlig/managed/tyree.nix
index bd0b8a56..63363818 100644
--- a/machines/aszlig/managed/tyree.nix
+++ b/machines/aszlig/managed/tyree.nix
@@ -4,6 +4,24 @@
   boot.initrd.availableKernelModules = [ "usbhid" ];
   boot.kernelModules = [ "kvm-intel" ];
 
+  boot.initrd.luks.devices = [
+    { name = "00-vault";
+      device = "/dev/disk/by-uuid/e4eb3d30-7fa5-4af4-86fb-80b47518cc25";
+    }
+    { name = "tyree-swap";
+      device = "/dev/disk/by-uuid/d96e29b4-0b9a-442d-af27-805f69ffffb3";
+      keyFile = "/dev/mapper/00-vault";
+    }
+    { name = "tyree-root";
+      device = "/dev/disk/by-uuid/21e9a86e-c8dc-4d8f-ba75-d03552dc32f7";
+      keyFile = "/dev/mapper/00-vault";
+    }
+  ];
+
+  boot.initrd.postDeviceCommands = lib.mkAfter ''
+    cryptsetup luksClose /dev/mapper/00-vault
+  '';
+
   environment.systemPackages = with pkgs; [
     darktable digikam firefox gphoto2 krita mosh rawtherapee wget
   ];
-- 
cgit 1.4.1