nixfiles/hosts/lappy/hardware.nix
2022-01-29 21:44:38 +00:00

59 lines
1.1 KiB
Nix

{ pkgs, ... }:
let
usb_label = "my_usb";
encrypted_root_partlabel = "nixos_encrypted";
unencrypted_root_uuid = "";
in {
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
"uas"
"usbcore"
"usb_storage"
"vfat"
"nls_cp437"
"nls_iso8859_1"
"aesni_intel"
"cryptd"
];
kernelModules = [ "kvm-intel" ];
initrd.postDeviceCommands = pkgs.lib.mkBefore ''
mkdir -m 0755 -p /key
sleep 3
mount -n -t vfat -o ro `findfs LABEL=${usb_label}` /key
'';
initrd.luks.devices."cryptroot".device =
"/dev/disk/by-partlabel/${encrypted_root_partlabel}";
initrd.luks.devices."cryptroot" = {
keyFile = "/key/encryption-keys/lappy.key";
preLVM = false;
allowDiscards = true;
};
};
fileSystems = {
"/" = {
device = "/dev/mapper/cryptroot";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-label/nixboot";
fsType = "vfat";
};
};
}