nixfiles/hosts/lappy/hardware.nix

67 lines
1.5 KiB
Nix
Raw Normal View History

{ pkgs, ... }:
2022-01-29 19:55:58 +00:00
let
2022-02-15 11:04:08 +00:00
usb_data = import ./hardware/usb_data.nix { };
ssd_data = import ./hardware/ssd_data.nix { };
2022-01-29 19:55:58 +00:00
in {
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
"uas"
"usbcore"
"usb_storage"
"vfat"
"nls_cp437"
"nls_iso8859_1"
"aesni_intel"
"cryptd"
];
kernelModules = [ "kvm-intel" ];
2022-02-15 11:04:08 +00:00
initrd.postDeviceCommands = pkgs.lib.mkBefore ''
mkdir -m 0755 -p ${usb_data.mountpoint}
2022-02-15 11:04:08 +00:00
while !(test -b ${usb_data.encrypted_path})
do
echo "Please Plug In USB"
sleep 1
done
2022-01-29 19:55:58 +00:00
2022-02-15 11:04:08 +00:00
echo "Please Decrypt USB"
2022-02-15 11:04:08 +00:00
cryptsetup luksOpen ${usb_data.encrypted_path} ${usb_data.mapper_name}
2022-01-29 19:55:58 +00:00
2022-02-15 11:04:08 +00:00
mount -n -t ${usb_data.unencrypted_fs_type} -o ro ${usb_data.mapper_path} ${usb_data.mountpoint}
'';
2022-02-15 11:04:08 +00:00
initrd.luks.devices = {
"${ssd_data.root_mapper_name}" = {
device = "${ssd_data.encrypted_root_path}";
keyFile = "${usb_data.lappy_encryption_key_path}";
preLVM = false;
allowDiscards = true;
};
};
};
2022-01-29 19:55:58 +00:00
fileSystems = {
"/" = {
device = "${ssd_data.decrypted_root_path}";
fsType = "${ssd_data.unencrypted_root_fs_type}";
2022-01-29 19:55:58 +00:00
};
"/boot" = {
device = "${ssd_data.boot_path}";
fsType = "${ssd_data.boot_fs_type}";
2022-01-29 19:55:58 +00:00
};
};
}