Reinstall inspiron with luks encryption

2026-01-21 22:11:33 +01:00 · 2024-08-05 12:38:35 +02:00 · 2024-08-05 12:38:35 +02:00 · 4d97c46219
commit 4d97c46219
parent 741ae7ad3c
3 changed files with 74 additions and 14 deletions
--- a/hosts/inspiron/disko.nix
+++ b/hosts/inspiron/disko.nix
@ -0,0 +1,66 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/nvme0n1";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              type = "EF00";
+              size = "512M";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "defaults" ];
+              };
+            };
+            luks = {
+              size = "100%";
+              content = {
+                name = "cryptroot";
+                type = "luks";
+                settings = {
+                  allowDiscards = true;
+                  keyFile = "/dev/disk/by-id/usb-SMI_USB_DISK-0:0";
+                  keyFileSize = 4096;
+                  keyFileTimeout = 5;
+                };
+                additionalKeyFiles = [ "/tmp/secret.key" ];
+                content = {
+                  type = "lvm_pv";
+                  vg = "pool";
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+    lvm_vg = {
+      pool = {
+        type = "lvm_vg";
+        lvs = {
+          swap = {
+            size = "20G";
+            content = {
+              type = "swap";
+              resumeDevice = true;
+            };
+          };
+          root = {
+            size = "100%FREE";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+              mountOptions = [ "defaults" ];
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/hosts/inspiron/hardware.nix
+++ b/hosts/inspiron/hardware.nix
@ -1,26 +1,20 @@
+{ inputs, ... }:
 {
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/92437114-de06-4a78-9ee3-c7d0ffcabf95";
-    fsType = "ext4";
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/D8B4-1218";
-    fsType = "vfat";
-  };
-
-  swapDevices = [ { device = "/dev/disk/by-uuid/1eba93d1-4853-4534-8cfd-5c14e29c6ff6"; } ];
+  imports = [
+    inputs.disko.nixosModules.default
+    ./disko.nix
+  ];

  nixpkgs.hostPlatform = "x86_64-linux";
  hardware.enableRedistributableFirmware = true;
  hardware.cpu.amd.updateMicrocode = true;
  boot.kernelModules = [ "kvm-amd" ];
+boot.initrd.kernelModules = [ "usb_storage" ];
  boot.initrd.availableKernelModules = [
    "nvme"
    "xhci_pci"
    "ahci"
-    "usb_storage"
-    "sd_mod"
+        "sd_mod"
  ];

  zramSwap.enable = true;