jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

moved key to initramfs

Browse Source
This commit is contained in:
Danilo Reyes 2024-09-18 00:31:50 -06:00
parent f09d882d7d
commit 77ec2f10ad
3 changed files with 48 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
hosts/miniserver/hardware-configuration.nix
View File

@ -29,13 +29,14 @@
enableCryptodisk = true; enableCryptodisk = true;
}; };
}; };
initrd.luks.devices.nvme = {
device = "/dev/disk/by-uuid/30fd7d86-9bed-42a6-8a4e-a2ddb0031233";
keyFile = "/boot/keyfile";
preLVM = true;
};
extraModulePackages = [ ]; extraModulePackages = [ ];
initrd = { initrd = {
secrets."/keyfile" = /etc/keyfile;
luks.devices.nvme = {
device = "/dev/disk/by-uuid/30fd7d86-9bed-42a6-8a4e-a2ddb0031233";
keyFile = "keyfile";
preLVM = true;
};
availableKernelModules = [ availableKernelModules = [
"xhci_pci" "xhci_pci"
"ahci" "ahci"

62
hosts/server/hardware-configuration.nix
View File

@ -25,35 +25,38 @@
enableCryptodisk = true; enableCryptodisk = true;
}; };
}; };
initrd.luks.devices = { initrd = {
nvme = { secrets."/keyfile" = /etc/keyfile;
device = "/dev/disk/by-uuid/af72f45c-cf7c-4e7d-8eab-2a95ab754921"; luks.devices = {
keyFile = "/boot/keyfile"; nvme = {
preLVM = true; device = "/dev/disk/by-uuid/af72f45c-cf7c-4e7d-8eab-2a95ab754921";
}; keyFile = "/keyfile";
# WHEN MIGRATING THE DISKS preLVM = true;
# remember to delete this keyfile };
# and replace it with the one on miniserver # WHEN MIGRATING THE DISKS
# or move the keyfile # remember to delete this keyfile
disk1 = { # and replace it with the one on miniserver
device = "/dev/disk/by-uuid/a9b0f346-7e38-40a6-baf6-3ad80cafc842"; # or move the keyfile
keyFile = "/boot/keyfile"; disk1 = {
preLVM = true; device = "/dev/disk/by-uuid/a9b0f346-7e38-40a6-baf6-3ad80cafc842";
}; keyFile = "/keyfile";
disk2 = { preLVM = true;
device = "/dev/disk/by-uuid/0ed12b83-4c56-4ba8-b4ea-75a9e927d771"; };
keyFile = "/boot/keyfile"; disk2 = {
preLVM = true; device = "/dev/disk/by-uuid/0ed12b83-4c56-4ba8-b4ea-75a9e927d771";
}; keyFile = "/keyfile";
disk3 = { preLVM = true;
device = "/dev/disk/by-uuid/8cd728f6-0d5b-4cea-8f7d-01aad11192c1"; };
keyFile = "/boot/keyfile"; disk3 = {
preLVM = true; device = "/dev/disk/by-uuid/8cd728f6-0d5b-4cea-8f7d-01aad11192c1";
}; keyFile = "/keyfile";
disk4 = { preLVM = true;
device = "/dev/disk/by-uuid/7fcac808-491f-4846-a4a9-a34cc77cb43d"; };
keyFile = "/boot/keyfile"; disk4 = {
preLVM = true; device = "/dev/disk/by-uuid/7fcac808-491f-4846-a4a9-a34cc77cb43d";
keyFile = "/keyfile";
preLVM = true;
};
}; };
}; };
kernelModules = [ "kvm-intel" ]; kernelModules = [ "kvm-intel" ];
@ -112,6 +115,7 @@
"/boot" = { "/boot" = {
device = "/dev/disk/by-uuid/c574cb53-dc40-46db-beff-0fe8a4787156"; device = "/dev/disk/by-uuid/c574cb53-dc40-46db-beff-0fe8a4787156";
fsType = "ext4"; fsType = "ext4";
options = [ "nofail" ];
}; };
"/boot/efi" = { "/boot/efi" = {
device = "/dev/disk/by-uuid/CBE7-5DEB"; device = "/dev/disk/by-uuid/CBE7-5DEB";

15
hosts/workstation/hardware-configuration.nix
View File

@ -43,13 +43,16 @@
''; '';
}; };
}; };
initrd.luks.devices.nvme = { initrd = {
device = "/dev/disk/by-uuid/e9618e85-a631-4374-b2a4-22c376d6e41b"; secrets."/keyfile" = /etc/keyfile;
keyFile = "/boot/keyfile"; availableKernelModules =
preLVM = true; [ "xhci_pci" "ahci" "usbhid" "nvme" "usb_storage" "sd_mod" ];
luks.devices.nvme = {
device = "/dev/disk/by-uuid/e9618e85-a631-4374-b2a4-22c376d6e41b";
keyFile = "/keyfile";
preLVM = true;
};
}; };
initrd.availableKernelModules =
[ "xhci_pci" "ahci" "usbhid" "nvme" "usb_storage" "sd_mod" ];
}; };
fileSystems = let fileSystems = let
nfsMount = server: nfsDisk: { nfsMount = server: nfsDisk: {