chore(host/hydra): update

isabelroses · Nov 6, 2023 · 1ab442c · 1ab442c
1 parent 99feb2e
commit 1ab442c
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 5 deletions.
diff --git a/hosts/hydra/default.nix b/hosts/hydra/default.nix
@@ -1,5 +1,8 @@
 _: {
-  imports = [./hardware-configuration.nix];
+  imports = [
+    ./hardware-configuration.nix
+    ./encryption.nix
+  ];
   config = {
     modules = {
       device = {
@@ -11,16 +14,19 @@ _: {
         hasBluetooth = true;
         hasSound = true;
       };
+
       system = {
         mainUser = "isabel";
         hostname = "hydra";
 
         boot = {
+          plymouth.enable = true;
           loader = "systemd-boot";
           secureBoot = false;
           enableKernelTweaks = true;
           enableInitrdTweaks = true;
           loadRecommendedModules = true;
+          tmpOnTmpfs = true;
         };
 
         fs = ["ext4" "vfat"];
@@ -30,6 +36,13 @@ _: {
         printing.enable = false;
         yubikeySupport.enable = true;
 
+        # autoLogin = true;
+
+        encryption = {
+          enable = true;
+          device = "crypt";
+        };
+
         security = {
           fixWebcam = false;
           auditd.enable = true;
@@ -54,7 +67,7 @@ _: {
       };
 
       programs = {
-        git.signingKey = "CFF897835DD77813";
+        git.signingKey = "0xAE22E70709810C07";
 
         cli = {
           enable = true;

diff --git a/hosts/hydra/encryption.nix b/hosts/hydra/encryption.nix
@@ -0,0 +1,18 @@
+{lib, ...}: {
+  boot.initrd = {
+    availableKernelModules = [
+      "aesni_intel"
+      "cryptd"
+      "usb_storage"
+    ];
+
+    luks.devices."crypt" = {
+      bypassWorkqueues = true;
+      # keyFileSize = 4096;
+      # keyFile = "/dev/disk/by-id/"
+      preLVM = true;
+    };
+  };
+
+  services.lvm.enable = lib.mkForce true;
+}
diff --git a/hosts/hydra/hardware-configuration.nix b/hosts/hydra/hardware-configuration.nix
@@ -14,17 +14,19 @@
   boot.extraModulePackages = [];
 
   fileSystems."/" = {
-    device = "/dev/disk/by-uuid/cdb33063-6579-4ef5-aac2-4f34f4385fa6";
+    device = "/dev/disk/by-uuid/ec63ffc1-ebb8-404d-bc2f-1ce798991fce";
     fsType = "ext4";
   };
 
+  boot.initrd.luks.devices."crypt".device = "/dev/disk/by-uuid/382e3e9c-fd48-4ca4-adb6-ab558bfd5c35";
+
   fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/AC3A-6009";
+    device = "/dev/disk/by-uuid/6BE3-A9DB";
     fsType = "vfat";
   };
 
   swapDevices = [
-    {device = "/dev/disk/by-uuid/7a6163d8-18b1-429b-a7c8-0434cc99f819";}
+    {device = "/dev/disk/by-uuid/963c1c32-b43f-4dfb-a378-b82dc447ae4a";}
   ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking