spike: mount swap and µsd with keyfiles in initrd

2023-11-27 06:19:04 +00:00 · 2023-11-27 06:19:04 +00:00 · 69998a47a0
parent b01205f649
commit 69998a47a0
1 changed files with 11 additions and 7 deletions
--- a/system/spike/boot-config.nix
+++ b/system/spike/boot-config.nix
@ -9,15 +9,19 @@
  };

  swapDevices = lib.mkForce [{
-    device = "/dev/disk/by-partuuid/ef7cb78c-a07d-45e2-a92a-0f041c42f07a";
-    randomEncryption = {
+    device = "/dev/disk/by-uuid/addae2e4-d7d7-4fcd-b2cb-7635c794d652";
+    encrypted = {
      enable = true;
-      allowDiscards = true;
+      label = "swap";
+      blkDev = "/dev/disk/by-uuid/e5381f7c-fb90-4762-8a27-aa05429893e7";
+      keyFile = "/sysroot/var/lib/private/swap_key";
    };
  }];

-  # This has to go in crypttab because we won't have the keyfile in the initrd
-  environment.etc.crypttab.text = ''
-    microsd /dev/disk/by-uuid/51ed9e97-06cf-4c54-a71a-c182bb0ced9e /var/lib/private/µsd_key
-  '';
+  fileSystems."/media/µsd".encrypted = {
+    enable = true;
+    label = "microsd";
+    blkDev = "/dev/disk/by-uuid/51ed9e97-06cf-4c54-a71a-c182bb0ced9e";
+    keyFile = "/sysroot/var/lib/private/µsd_key";
+  };
 }