nixfiles/hosts/lappy/hardware.nix

{ pkgs, ... }:
let
  usb_data = import ./hardware/usb_data.nix { };
  ssd_data = import ./hardware/ssd_data.nix { };
in {
  boot = {
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };
    initrd.availableKernelModules = [
      "xhci_pci"
      "ahci"
      "nvme"
      "usb_storage"
      "sd_mod"
      "rtsx_pci_sdmmc"
      "uas"
      "usbcore"
      "usb_storage"
      "vfat"
      "nls_cp437"
      "nls_iso8859_1"
      "aesni_intel"
      "cryptd"
    ];
    kernelModules = [ "kvm-intel" ];

    initrd.postDeviceCommands = pkgs.lib.mkBefore ''
      mkdir -m 0755 -p ${usb_data.mountpoint}

      while !(test -b ${usb_data.encrypted_path})
      do
        echo "Please Plug In USB"
        sleep 1
      done

      echo "Please Decrypt USB"

      cryptsetup luksOpen ${usb_data.encrypted_path} ${usb_data.mapper_name}

      mount -n -t ${usb_data.unencrypted_fs_type} -o ro ${usb_data.mapper_path} ${usb_data.mountpoint}
    '';

    initrd.luks.devices = {
      "${ssd_data.root_mapper_name}" = {
        device = "${ssd_data.encrypted_root_path}";
        keyFile = "${usb_data.lappy_encryption_key_path}";
        preLVM = false;
        allowDiscards = true;
      };
    };
  };

  fileSystems = {
    "/" = {
      device = "${ssd_data.decrypted_root_path}";
      fsType = "${ssd_data.unencrypted_root_fs_type}";
    };
    "/boot" = {
      device = "${ssd_data.boot_path}";
      fsType = "${ssd_data.boot_fs_type}";
    };
  };

}
encrypted laptop root and better setup guide 2022-01-29 21:44:38 +00:00			`{ pkgs, ... }:`
start work on encryption 2022-01-29 19:55:58 +00:00			`let`
format nix files 2022-02-15 11:04:08 +00:00			`usb_data = import ./hardware/usb_data.nix { };`
			`ssd_data = import ./hardware/ssd_data.nix { };`
start work on encryption 2022-01-29 19:55:58 +00:00			`in {`
			`boot = {`
			`loader = {`
			`systemd-boot.enable = true;`
			`efi.canTouchEfiVariables = true;`
			`};`
			`initrd.availableKernelModules = [`
			`"xhci_pci"`
			`"ahci"`
			`"nvme"`
			`"usb_storage"`
			`"sd_mod"`
			`"rtsx_pci_sdmmc"`
			`"uas"`
			`"usbcore"`
			`"usb_storage"`
			`"vfat"`
			`"nls_cp437"`
			`"nls_iso8859_1"`
			`"aesni_intel"`
			`"cryptd"`
			`];`
			`kernelModules = [ "kvm-intel" ];`

format nix files 2022-02-15 11:04:08 +00:00			`initrd.postDeviceCommands = pkgs.lib.mkBefore ''`
			`mkdir -m 0755 -p ${usb_data.mountpoint}`
add encrypted usb and move paths to data files 2022-02-15 11:02:07 +00:00
format nix files 2022-02-15 11:04:08 +00:00			`while !(test -b ${usb_data.encrypted_path})`
			`do`
			`echo "Please Plug In USB"`
			`sleep 1`
			`done`
start work on encryption 2022-01-29 19:55:58 +00:00
format nix files 2022-02-15 11:04:08 +00:00			`echo "Please Decrypt USB"`
add encrypted usb and move paths to data files 2022-02-15 11:02:07 +00:00
format nix files 2022-02-15 11:04:08 +00:00			`cryptsetup luksOpen ${usb_data.encrypted_path} ${usb_data.mapper_name}`
start work on encryption 2022-01-29 19:55:58 +00:00
format nix files 2022-02-15 11:04:08 +00:00			`mount -n -t ${usb_data.unencrypted_fs_type} -o ro ${usb_data.mapper_path} ${usb_data.mountpoint}`
			`'';`
add encrypted usb and move paths to data files 2022-02-15 11:02:07 +00:00
format nix files 2022-02-15 11:04:08 +00:00			`initrd.luks.devices = {`
			`"${ssd_data.root_mapper_name}" = {`
			`device = "${ssd_data.encrypted_root_path}";`
			`keyFile = "${usb_data.lappy_encryption_key_path}";`
			`preLVM = false;`
			`allowDiscards = true;`
			`};`
add encrypted usb and move paths to data files 2022-02-15 11:02:07 +00:00			`};`
encrypted laptop root and better setup guide 2022-01-29 21:44:38 +00:00			`};`
start work on encryption 2022-01-29 19:55:58 +00:00
			`fileSystems = {`
			`"/" = {`
add encrypted usb and move paths to data files 2022-02-15 11:02:07 +00:00			`device = "${ssd_data.decrypted_root_path}";`
			`fsType = "${ssd_data.unencrypted_root_fs_type}";`
start work on encryption 2022-01-29 19:55:58 +00:00			`};`
			`"/boot" = {`
add encrypted usb and move paths to data files 2022-02-15 11:02:07 +00:00			`device = "${ssd_data.boot_path}";`
			`fsType = "${ssd_data.boot_fs_type}";`
start work on encryption 2022-01-29 19:55:58 +00:00			`};`
			`};`

			`}`