Skip to content

Commit

Permalink
feat(desktop): adding support for luks (#114) (#114)
Browse files Browse the repository at this point in the history
  • Loading branch information
@god464
god464 authored Oct 21, 2024
1 parent 43e8f1c commit fb7ed06
Show file tree
Hide file tree
Showing 6 changed files with 64 additions and 49 deletions.
2 changes: 1 addition & 1 deletion .sops.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
keys:
- &recover age1fqsveefjf02dy9uzg2xa0pqjsaypa9d9xvpe9c293cg0cv3m7e7ss2uct5
- &desktop age1csgj89yftc8587lp00m7g75khsfpzwyjytqln47x473zug4lhsfqqpsclh
- &desktop age1gklefcuzv2ard7fzqkycmx8lrrscjp942xpfx2u9m0fwapt383ysnxh2qy
- &server age1972wm0vc96w489jfw7sd335ayz4t2j4839s8sgjpdcf89fur7qfqea8lm7
creation_rules:
- path_regex: ^hosts/desktop/secrets\.yaml$
Expand Down
1 change: 0 additions & 1 deletion hosts/common/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
{
users.mutableUsers = false;
hardware.cpu.amd.updateMicrocode = true;
zramSwap.enable = true;
services.btrfs.autoScrub.enable = true;
documentation = {
Expand Down
7 changes: 7 additions & 0 deletions hosts/desktop/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
cache = [ "https://cosmic.cachix.org" ];
trustKeys = [ "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE=" ];
};
hardware.enableAllFirmware = true;
users.users.cl = {
isNormalUser = true;
extraGroups = [ "wheel" ];
Expand All @@ -39,6 +40,12 @@
withRuby = true;
defaultEditor = true;
};
clash-verge = {
enable = true;
tunMode = true;
autoStart = true;
package = pkgs.clash-verge-rev;
};
};
home-manager = {
useGlobalPkgs = true;
Expand Down
70 changes: 41 additions & 29 deletions hosts/desktop/disk.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
partitions = {
ESP = {
size = "1G";
label = "ESP";
type = "EF00";
content = {
type = "filesystem";
Expand All @@ -18,36 +19,47 @@
};
};
root = {
size = "100%";
end = "-128G";
label = "ROOT";
content = {
type = "btrfs";
extraArgs = [
"-f"
"--csum XXHASH"
"-L NixOS"
];
subvolumes = {
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"@persist" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/persist";
};
"@swap" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/.swap";
swap.swapfile.size = "4G";
type = "luks";
name = "nixos";
settings = {
allowDiscards = true;
bypassWorkqueues = true;
fallbackToPassword = true;
crypttabExtraOpts = [ "tpm2-device=auto" ];
};
content = {
type = "btrfs";
extraArgs = [
"-f"
"--csum XXHASH"
"-L NixOS"
];
subvolumes = {
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"@persist" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/persist";
};
"@swap" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/.swap";
swap.swapfile.size = "4G";
};
};
};
};
Expand Down
22 changes: 11 additions & 11 deletions hosts/desktop/secrets.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,23 +5,23 @@ sops:
azure_kv: []
hc_vault: []
age:
- recipient: age1csgj89yftc8587lp00m7g75khsfpzwyjytqln47x473zug4lhsfqqpsclh
- recipient: age1gklefcuzv2ard7fzqkycmx8lrrscjp942xpfx2u9m0fwapt383ysnxh2qy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXRTFwdlNXdDBxNnNuVEQ3
bjNpTWdNUGZ4djZkK0NsdEZTWW5PSUxhNGljClBqeUFzYTdsaUlKRzFhM0QzWUtY
UUFuclJydmQrYnRLTEFycFdsNmlDcGsKLS0tIHBnS2l5VHNCbXF2YWdqd1dxU3Bz
TndGTllyV1RlYktsbTZHams3Mjd2T1UKfJg125AMyAvuTF0fBgcxM6capRWdXK7o
uFNm1ePPV7fzfWt+DBNgBxo64dXjmMogYQR59PqvY+HpYEjmzhNZSg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBva01ENmhMdDl4ZUlzK2xH
VVJhUit6WXdzMFFSWkFRWEJZaTArckRKZGlBCk96NiszdHJoNXRZUEFpbWdLZWtn
NVBva0xlNWNpb2FlcFAwd3RHOXVXcG8KLS0tIC9aUTYvcWx4cUp2R3lYOTh4VW9W
eTVnK0lSaUV5ME1mYmNBYWxKWXV3NDgKuqtGJrHcvuqq3r+dtMYE4n4rCF0gPUku
yhNrcmdhQmly2H0JiS5+WusH2lznTEnheeZPoK8+GrLpH42BcQshKA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1fqsveefjf02dy9uzg2xa0pqjsaypa9d9xvpe9c293cg0cv3m7e7ss2uct5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzMEt0M2FuTWU0T09RTmNG
VElFSlRGRDg4ampsR2JQbFN3QXBybU0xUURvCjVRdXVBdkE4S2d2UVhxbWc1cTlj
R29Gb09tcG9PelBVUVNpY0VzNjBqSmcKLS0tIHJVYUhxYTBSMlFxVEgzSVRoVmVY
YmZ0MVhDQUlWQ01DL3dTYjZsZzhtSDAKxK0IxAv9E/y0h0FGUMX1KfyP6hhjKcqp
0KQ5Vg7Ve8vUV0dqqjEIbAfBVSgzklaYjlBTpjNIK1ORAQnOm0b+Jg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJK0pGeDZrcHdoeUs4TzZR
VDM4TlF5bnZUL1NLbE51YUhmRWs3VmppYUNnClJ0b3FtMHZEQUxhRU4wWjFDUTlp
K2xUdWQ3QllMOHZUdkhsWDluUzJ4Mm8KLS0tIEtBV3V2K3RYNDZKbUdNZWJRcCtR
b3FoOTl3N0J4cWFQZWVQeDdoblNMSkUKlAWfZa45pGjI3s3D1KdRquY0RO5hlzLh
OKGe9ijTe2I+vuUlziFdlib4sRZVGfEzaOhKo6NBWlExyrmTNcm2ag==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-04T01:16:59Z"
mac: ENC[AES256_GCM,data:dIV+IhxVwjM8IsuShn++xKQ0WZpib/Wf/xUbn158UAOpizHs569tPv3DcfGxF3FCRKT/Re3ivt1FuDUYsaIBzjqoSEd3wfwglLVJdssDw2qhIWvGOTnFC6hBr+tqvBke6zCHVgSg+2DazKZ/+mOMO4FEjs1zt1ZbtDHk01YET+w=,iv:ErZqVPPUKKZFor4oo0V65oNOkvOffZWI9nEyC9Kzs94=,tag:pl9vBTvip8pUzhn0AD365A==,type:str]
Expand Down
11 changes: 4 additions & 7 deletions modules/booter/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,19 +24,15 @@ in
{
initrd = {
availableKernelModules = [
"ata_piix"
"mptspi"
"uhci_hcd"
"ehci_pci"
"ahci"
"nvme"
"xhci_pci"
"uas"
"sd_mod"
"sr_mod"
];
supportedFilesystems = [
"btrfs"
"tmpfs"
];
systemd.enable = true;
};
kernelModules = [ "kvm-amd" ];
kernelPackages = cfg.kernel;
Expand All @@ -55,6 +51,7 @@ in
"quiet"
"splash"
];

})
(mkIf (!display.enable) {
loader.systemd-boot = {
Expand Down

0 comments on commit fb7ed06

Please sign in to comment.