From a84721bcf1b89728b40d0dfee52a4282679564b7 Mon Sep 17 00:00:00 2001
From: SebastianStork <sebastian.stork@pm.me>
Date: Sun, 11 Aug 2024 22:53:05 +0200
Subject: [PATCH] Reinstall north with luks encryption

---
 hosts/north/hardware/disko.nix | 61 ++++++++++++++++++++++++++--------
 modules/system/syncthing.nix   |  2 +-
 2 files changed, 49 insertions(+), 14 deletions(-)

diff --git a/hosts/north/hardware/disko.nix b/hosts/north/hardware/disko.nix
index 54181ab..4eafc11 100644
--- a/hosts/north/hardware/disko.nix
+++ b/hosts/north/hardware/disko.nix
@@ -1,25 +1,60 @@
 {
-  disko.devices.disk.main = {
-    device = "/dev/nvme0n1";
-    type = "disk";
-    content = {
-      type = "gpt";
-      partitions = {
-        ESP = {
-          type = "EF00";
-          size = "500M";
+  disko.devices = {
+    disk.main = {
+      type = "disk";
+      device = "/dev/nvme0n1";
+      content = {
+        type = "gpt";
+        partitions = {
+          ESP = {
+            type = "EF00";
+            size = "512M";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+              mountOptions = [ "defaults" ];
+            };
+          };
+          luks = {
+            size = "100%";
+            content = {
+              name = "cryptroot";
+              type = "luks";
+              settings = {
+                allowDiscards = true;
+                bypassWorkqueues = true;
+                keyFile = "/dev/disk/by-id/usb-SCSI_DISK-0:0";
+                keyFileSize = 512;
+                keyFileTimeout = 5;
+              };
+              additionalKeyFiles = [ "/tmp/secret.key" ];
+              content = {
+                type = "lvm_pv";
+                vg = "pool";
+              };
+            };
+          };
+        };
+      };
+    };
+    lvm_vg.pool = {
+      type = "lvm_vg";
+      lvs = {
+        swap = {
+          size = "20G";
           content = {
-            type = "filesystem";
-            format = "vfat";
-            mountpoint = "/boot";
+            type = "swap";
+            resumeDevice = true;
           };
         };
         root = {
-          size = "100%";
+          size = "100%FREE";
           content = {
             type = "filesystem";
             format = "ext4";
             mountpoint = "/";
+            mountOptions = [ "defaults" ];
           };
         };
       };
diff --git a/modules/system/syncthing.nix b/modules/system/syncthing.nix
index cddf286..fdbce1b 100644
--- a/modules/system/syncthing.nix
+++ b/modules/system/syncthing.nix
@@ -15,7 +15,7 @@
 
       settings = {
         devices = {
-          north.id = "ROS2S76-ULQWVFC-7KNQQ6Q-MNIWNKT-2QOPPHY-FFQZNVM-GUJRTHE-NZBM3QY";
+          north.id = "FAJS5WM-UAWGW2U-FXCGPSP-VAUOTGM-XUKSEES-D66PMCJ-WBODJLV-XTNCRA7";
           inspiron.id = "DLFGFCF-MTYXA23-F235RKL-QFZ4GB6-BUHTYMX-DJCTFRA-NVMAE5Y-R63NMQY";
         };