tristan/nix
1
0
Fork 0
Code Projects Releases Packages Activity

decryption loop

Browse source
This commit is contained in:
tristan 2023-04-20 09:31:53 +01:00
parent 23c20ce17f
commit d7fa0319d0
2 changed files with 34 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

27
system/work/hardware.nix
View file

@ -5,16 +5,18 @@
{ {
imports = imports =
[ (modulesPath + "/installer/scan/not-detected.nix") [
(modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = ["uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1"]; boot.initrd.kernelModules = [ "uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1" ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/48a07e82-1090-448c-a751-3a410afba0f7"; {
device = "/dev/disk/by-uuid/48a07e82-1090-448c-a751-3a410afba0f7";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@" "compress=zstd" "autodefrag" ]; options = [ "subvol=@" "compress=zstd" "autodefrag" ];
}; };
@ -22,11 +24,14 @@
boot.initrd.postDeviceCommands = pkgs.lib.mkBefore '' boot.initrd.postDeviceCommands = pkgs.lib.mkBefore ''
mkdir -m 0755 -p /key mkdir -m 0755 -p /key
sleep 2 until cryptsetup luksOpen /dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0 usbkey
echo "found block devices" do
ls /dev/disk/by-id/ echo "Failed to unlock usbkey!"
echo "Found block devices:"
ls /dev/disk/by-id/
sleep 2
done
cryptsetup luksOpen /dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0 usbkey
mount -n -t vfat -o ro /dev/mapper/usbkey /key mount -n -t vfat -o ro /dev/mapper/usbkey /key
''; '';
@ -38,13 +43,15 @@
}; };
fileSystems."/home" = fileSystems."/home" =
{ device = "/dev/disk/by-uuid/48a07e82-1090-448c-a751-3a410afba0f7"; {
device = "/dev/disk/by-uuid/48a07e82-1090-448c-a751-3a410afba0f7";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@home" "compress=zstd" "autodefrag" ]; options = [ "subvol=@home" "compress=zstd" "autodefrag" ];
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/EED9-A165"; {
device = "/dev/disk/by-uuid/EED9-A165";
fsType = "vfat"; fsType = "vfat";
}; };
@ -66,7 +73,7 @@
enable = true; enable = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
intel-media-driver # LIBVA_DRIVER_NAME=iHD intel-media-driver # LIBVA_DRIVER_NAME=iHD
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
vaapiVdpau vaapiVdpau
libvdpau-va-gl libvdpau-va-gl
]; ];

29
system/zenix/hardware.nix
View file

@ -5,16 +5,18 @@
{ {
imports = imports =
[ (modulesPath + "/installer/scan/not-detected.nix") [
(modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = ["uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1"]; boot.initrd.kernelModules = [ "uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1" ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/2dad5ed6-44cc-4d9d-9392-32afaa7b3909"; {
device = "/dev/disk/by-uuid/2dad5ed6-44cc-4d9d-9392-32afaa7b3909";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@" "compress=zstd" "autodefrag" ]; options = [ "subvol=@" "compress=zstd" "autodefrag" ];
}; };
@ -22,11 +24,13 @@
boot.initrd.postDeviceCommands = pkgs.lib.mkBefore '' boot.initrd.postDeviceCommands = pkgs.lib.mkBefore ''
mkdir -m 0755 -p /key mkdir -m 0755 -p /key
sleep 2 until cryptsetup luksOpen /dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0 usbkey
echo "found block devices" do
ls /dev/disk/by-id/ echo "Failed to unlock usbkey!"
echo "Found block devices:"
cryptsetup luksOpen /dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0 usbkey ls /dev/disk/by-id/
sleep 2
done
mount -n -t vfat -o ro /dev/mapper/usbkey /key mount -n -t vfat -o ro /dev/mapper/usbkey /key
''; '';
@ -38,19 +42,20 @@
}; };
fileSystems."/home" = fileSystems."/home" =
{ device = "/dev/disk/by-uuid/2dad5ed6-44cc-4d9d-9392-32afaa7b3909"; {
device = "/dev/disk/by-uuid/2dad5ed6-44cc-4d9d-9392-32afaa7b3909";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@home" "compress=zstd" "autodefrag" ]; options = [ "subvol=@home" "compress=zstd" "autodefrag" ];
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/FE7E-0DE3"; {
device = "/dev/disk/by-uuid/FE7E-0DE3";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/da57b489-ab77-4830-b710-9f96cf43d053"; } [{ device = "/dev/disk/by-uuid/da57b489-ab77-4830-b710-9f96cf43d053"; }];
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's