diff --git a/disko/EDI/default.nix b/disko/EDI/default.nix index 592e690..30d9181 100644 --- a/disko/EDI/default.nix +++ b/disko/EDI/default.nix @@ -1,9 +1,9 @@ { disko.devices = { disk = { - vdb = { - device = "/dev/disk/by-path/pci-0000:71:00.0-nvme-1"; + nvme0n1 = { type = "disk"; + device = "/dev/disk/by-path/pci-0000:71:00.0-nvme-1"; content = { type = "gpt"; partitions = { @@ -19,29 +19,28 @@ ]; }; }; - }; - luks = { - size = "100%"; - content = { - type = "luks"; - name = "crypted"; - # disable settings.keyFile if you want to use interactive password entry - #passwordFile = "/tmp/secret.key"; # Interactive - settings = { - allowDiscards = true; - #keyFile = "/tmp/secret.key"; - }; - #additionalKeyFiles = ["/tmp/additionalSecret.key"]; + encryptedSwap = { + size = "4G"; content = { - swap = { - type = "swap"; - size = "4G"; - resumeDevice = true; # resume from hiberation from this device + type = "swap"; + randomEncryption = true; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + # disable settings.keyFile if you want to use interactive password entry + #passwordFile = "/tmp/secret.key"; # Interactive + settings = { + allowDiscards = true; + #keyFile = "/tmp/secret.key"; }; - root = { + #additionalKeyFiles = ["/tmp/additionalSecret.key"]; + content = { type = "filesystem"; format = "bcachefs"; - size = "100%"; mountpoint = "/"; }; }; diff --git a/nixos/hosts/EDI/configuration.nix b/nixos/hosts/EDI/configuration.nix index 6a10035..7788910 100644 --- a/nixos/hosts/EDI/configuration.nix +++ b/nixos/hosts/EDI/configuration.nix @@ -24,7 +24,7 @@ ../../desktop - #../../../disko/EDI + ../../../disko/EDI # Import your generated (nixos-generate-config) hardware configuration ./hardware-configuration.nix diff --git a/nixos/hosts/EDI/hardware-configuration.nix b/nixos/hosts/EDI/hardware-configuration.nix index ad2bffb..6e02f8d 100644 --- a/nixos/hosts/EDI/hardware-configuration.nix +++ b/nixos/hosts/EDI/hardware-configuration.nix @@ -17,25 +17,25 @@ boot.kernelModules = ["kvm-intel"]; boot.extraModulePackages = []; - fileSystems."/" = { - device = "UUID=88cd54d3-b644-4bae-96e9-51d2db3c5628"; - fsType = "bcachefs"; - }; + # fileSystems."/" = { + # device = "UUID=88cd54d3-b644-4bae-96e9-51d2db3c5628"; + # fsType = "bcachefs"; + # }; - boot.initrd.luks.devices."crypted".device = "/dev/disk/by-uuid/91da75e7-52bc-4a50-9293-7e5e431040e0"; + #boot.initrd.luks.devices."crypted".device = "/dev/disk/by-uuid/91da75e7-52bc-4a50-9293-7e5e431040e0"; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/01B2-909E"; - fsType = "vfat"; - options = ["fmask=0077" "dmask=0077" "defaults"]; - }; + # fileSystems."/boot" = { + # device = "/dev/disk/by-uuid/01B2-909E"; + # fsType = "vfat"; + # options = ["fmask=0077" "dmask=0077" "defaults"]; + # }; - swapDevices = [ - { - device = "/dev/disk/by-path/pci-0000:71:00.0-nvme-1-part2"; - randomEncryption.enable = true; - } - ]; + # swapDevices = [ + # { + # device = "/dev/disk/by-path/pci-0000:71:00.0-nvme-1-part2"; + # randomEncryption.enable = true; + # } + # ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's