From 77ec2f10ade7b2d13b2bc400debd4dbc90f3e8f1 Mon Sep 17 00:00:00 2001 From: Danilo Reyes Date: Wed, 18 Sep 2024 00:31:50 -0600 Subject: [PATCH] moved key to initramfs --- hosts/miniserver/hardware-configuration.nix | 11 ++-- hosts/server/hardware-configuration.nix | 62 +++++++++++--------- hosts/workstation/hardware-configuration.nix | 15 +++-- 3 files changed, 48 insertions(+), 40 deletions(-) diff --git a/hosts/miniserver/hardware-configuration.nix b/hosts/miniserver/hardware-configuration.nix index 45acfb6..6f4a637 100644 --- a/hosts/miniserver/hardware-configuration.nix +++ b/hosts/miniserver/hardware-configuration.nix @@ -29,13 +29,14 @@ enableCryptodisk = true; }; }; - initrd.luks.devices.nvme = { - device = "/dev/disk/by-uuid/30fd7d86-9bed-42a6-8a4e-a2ddb0031233"; - keyFile = "/boot/keyfile"; - preLVM = true; - }; extraModulePackages = [ ]; initrd = { + secrets."/keyfile" = /etc/keyfile; + luks.devices.nvme = { + device = "/dev/disk/by-uuid/30fd7d86-9bed-42a6-8a4e-a2ddb0031233"; + keyFile = "keyfile"; + preLVM = true; + }; availableKernelModules = [ "xhci_pci" "ahci" diff --git a/hosts/server/hardware-configuration.nix b/hosts/server/hardware-configuration.nix index 26a8e9b..1a1f6f0 100644 --- a/hosts/server/hardware-configuration.nix +++ b/hosts/server/hardware-configuration.nix @@ -25,35 +25,38 @@ enableCryptodisk = true; }; }; - initrd.luks.devices = { - nvme = { - device = "/dev/disk/by-uuid/af72f45c-cf7c-4e7d-8eab-2a95ab754921"; - keyFile = "/boot/keyfile"; - preLVM = true; - }; - # WHEN MIGRATING THE DISKS - # remember to delete this keyfile - # and replace it with the one on miniserver - # or move the keyfile - disk1 = { - device = "/dev/disk/by-uuid/a9b0f346-7e38-40a6-baf6-3ad80cafc842"; - keyFile = "/boot/keyfile"; - preLVM = true; - }; - disk2 = { - device = "/dev/disk/by-uuid/0ed12b83-4c56-4ba8-b4ea-75a9e927d771"; - keyFile = "/boot/keyfile"; - preLVM = true; - }; - disk3 = { - device = "/dev/disk/by-uuid/8cd728f6-0d5b-4cea-8f7d-01aad11192c1"; - keyFile = "/boot/keyfile"; - preLVM = true; - }; - disk4 = { - device = "/dev/disk/by-uuid/7fcac808-491f-4846-a4a9-a34cc77cb43d"; - keyFile = "/boot/keyfile"; - preLVM = true; + initrd = { + secrets."/keyfile" = /etc/keyfile; + luks.devices = { + nvme = { + device = "/dev/disk/by-uuid/af72f45c-cf7c-4e7d-8eab-2a95ab754921"; + keyFile = "/keyfile"; + preLVM = true; + }; + # WHEN MIGRATING THE DISKS + # remember to delete this keyfile + # and replace it with the one on miniserver + # or move the keyfile + disk1 = { + device = "/dev/disk/by-uuid/a9b0f346-7e38-40a6-baf6-3ad80cafc842"; + keyFile = "/keyfile"; + preLVM = true; + }; + disk2 = { + device = "/dev/disk/by-uuid/0ed12b83-4c56-4ba8-b4ea-75a9e927d771"; + keyFile = "/keyfile"; + preLVM = true; + }; + disk3 = { + device = "/dev/disk/by-uuid/8cd728f6-0d5b-4cea-8f7d-01aad11192c1"; + keyFile = "/keyfile"; + preLVM = true; + }; + disk4 = { + device = "/dev/disk/by-uuid/7fcac808-491f-4846-a4a9-a34cc77cb43d"; + keyFile = "/keyfile"; + preLVM = true; + }; }; }; kernelModules = [ "kvm-intel" ]; @@ -112,6 +115,7 @@ "/boot" = { device = "/dev/disk/by-uuid/c574cb53-dc40-46db-beff-0fe8a4787156"; fsType = "ext4"; + options = [ "nofail" ]; }; "/boot/efi" = { device = "/dev/disk/by-uuid/CBE7-5DEB"; diff --git a/hosts/workstation/hardware-configuration.nix b/hosts/workstation/hardware-configuration.nix index fae5670..95e3ef7 100644 --- a/hosts/workstation/hardware-configuration.nix +++ b/hosts/workstation/hardware-configuration.nix @@ -43,13 +43,16 @@ ''; }; }; - initrd.luks.devices.nvme = { - device = "/dev/disk/by-uuid/e9618e85-a631-4374-b2a4-22c376d6e41b"; - keyFile = "/boot/keyfile"; - preLVM = true; + initrd = { + secrets."/keyfile" = /etc/keyfile; + availableKernelModules = + [ "xhci_pci" "ahci" "usbhid" "nvme" "usb_storage" "sd_mod" ]; + luks.devices.nvme = { + device = "/dev/disk/by-uuid/e9618e85-a631-4374-b2a4-22c376d6e41b"; + keyFile = "/keyfile"; + preLVM = true; + }; }; - initrd.availableKernelModules = - [ "xhci_pci" "ahci" "usbhid" "nvme" "usb_storage" "sd_mod" ]; }; fileSystems = let nfsMount = server: nfsDisk: {