geoffrey/dotfiles
geoffrey/dotfiles
1
0
Fork 0
Code Issues 8 Pull requests Releases Activity

Fourth attempt at booting NixOS on curacao directly

Browse source
This commit is contained in:
Geoffrey Frogeye 2023-12-16 14:37:23 +01:00
parent c25996ed8f
commit 42ab4908df
Signed by: geoffrey
GPG key ID: C72403E7F82E6AD8
3 changed files with 10 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
curacao/dk.nix
View file

@ -1,5 +1,7 @@
{ passwordFile ? "/should_not_be_needed_in_this_context", ... }:
# FIXME Subvolumes for backup. If they're not created with the script. Add the script btw.
# Doesn't seem like it's possible to decrypt luks partition at stage2, hence why everything is with a password now
# TODO Find a way to use keys in filesystem
# TODO Not relatime everywhere, thank you
# TODO Default options
let
@ -72,11 +74,10 @@ in
content = {
type = "luks";
name = "boot";
initrdUnlock = false;
extraFormatArgs = [ "--type luks1" ];
passwordFile = passwordFile;
settings = {
keyFile = "/etc/keys/boot";
# keyFile = "/etc/keys/boot";
};
content = {
type = "filesystem";
@ -95,9 +96,9 @@ in
content = {
type = "luks";
name = "razmo";
initrdUnlock = false;
passwordFile = passwordFile;
settings = {
keyFile = "/etc/keys/razmo";
# keyFile = "/etc/keys/razmo";
};
content = {
type = "btrfs";
@ -130,9 +131,9 @@ in
content = {
type = "luks";
name = "rapswap";
initrdUnlock = false;
passwordFile = passwordFile;
settings = {
keyFile = "/etc/keys/rapswap";
# keyFile = "/etc/keys/rapswap";
allowDiscards = true;
};
content = {

1
curacao/os.nix
View file

@ -9,6 +9,7 @@
networking.hostName = "curacao";
boot = {
initrd.luks.reusePassphrases = true;
loader = {
efi.efiSysMountPoint = "/efi";
};

2
os/geoffrey.nix
View file

@ -4,6 +4,8 @@
<home-manager/nixos>
];
users.users.root.initialHashedPassword = "$y$j9T$e64bjL7iyVlniEKwKbM9g0$cCn74za0r6L9QMO20Fdxz3/SX0yvhz3Xd6.2BhtbRL1"; # Not a real password
users.users.geoffrey = {
isNormalUser = true;
extraGroups = [ "adbusers" "wheel" ];