FDE on Mistmane

2021-10-12 20:48:36 +00:00 · 2021-10-12 20:48:36 +00:00 · 0f1ea25d57
parent e5b80278c0
commit 0f1ea25d57
3 changed files with 16 additions and 20 deletions
--- a/system/mistmane/boot-config.nix
+++ b/system/mistmane/boot-config.nix
@ -4,9 +4,16 @@
  boot = {
    kernel.sysctl."vm.swappiness" = 5;
    kernelPackages = pkgs.linuxPackages_pinebookpro_lts;
+    kernelParams = [ "console=tty1" ];
    cleanTmpDir = true;
    loader.grub.enable = false;
    loader.generic-extlinux-compatible.enable = true;
+    initrd.luks.devices."${config.networking.hostName}" = {
+      name = config.networking.hostName;
+      device = "/dev/disk/by-uuid/74b7cded-e9f8-432f-b694-5bea09635168";
+      preLVM = true;
+      allowDiscards = true;
+    };
  };

  fileSystems = {
--- a/system/mistmane/default.nix
+++ b/system/mistmane/default.nix
@ -11,12 +11,6 @@

  networking.hostName = "mistmane";

-  security.pam.enableEcryptfs = true;
-  environment.systemPackages = with pkgs; [
-    ecryptfs
-    ecryptfs-helper
-  ];
-
  home-manager.users.artemis = {
    programs.foot = {
      enable = true;
@ -55,11 +49,6 @@
    extraConfig = lib.mkForce "HandlePowerKey=lock";
  };

-  swapDevices = [{
-    device = "/dev/disk/by-partuuid/3f4fb4d3-1e13-f64a-a435-8f866833c2b1";
-    randomEncryption = true;
-  }];
-
  # rockchip/dptx.bin isn't in the initrd. Instead of fix nixpkgs let's do something incredibly cursed
  boot.extraModulePackages = [ (pkgs.callPackage ../../externals/packages/dptx-dummy { kernel = config.boot.kernelPackages.kernel; }) ];
  boot.initrd.availableKernelModules = [ "dptx-dummy" ];
--- a/system/mistmane/hardware-configuration.nix
+++ b/system/mistmane/hardware-configuration.nix
@ -5,28 +5,28 @@

 {
  imports =
-    [
-      (modulesPath + "/installer/scan/not-detected.nix")
+    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];

-  boot.initrd.availableKernelModules = [ "nvme" "usbhid" "usb_storage" ];
-  boot.initrd.kernelModules = [ ];
+  boot.initrd.availableKernelModules = [ "usbhid" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];

  fileSystems."/" =
-    {
-      device = "/dev/disk/by-uuid/ee6d20e7-03ec-462b-a28a-3e970acc5f0a";
+    { device = "/dev/disk/by-uuid/8b204d52-62c1-48e9-b487-e7138f49903a";
      fsType = "ext4";
    };

  fileSystems."/boot" =
-    {
-      device = "/dev/disk/by-uuid/ef0ee32a-8ee0-4c4a-af21-d033ac2bb774";
+    { device = "/dev/disk/by-uuid/375e4660-be08-40ba-8961-0a9cc3a96187";
      fsType = "ext4";
    };

-  swapDevices = [ ];
+  swapDevices =
+    [
+      { device = "/dev/disk/by-uuid/1114039c-3329-4551-a56d-fccde77a31a7"; }
+    ];

  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
 }