geoffrey/dotfiles
geoffrey/dotfiles
1
0
Fork 0
Code Issues 7 Pull requests Releases Activity

Fourth attempt at booting NixOS on curacao directly

Browse source
This commit is contained in:
Geoffrey Frogeye 2023-12-16 14:37:23 +01:00
parent c25996ed8f
commit 42ab4908df
Signed by: geoffrey
GPG key ID: C72403E7F82E6AD8
3 changed files with 10 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
curacao/dk.nix
View file

@ -1,5 +1,7 @@
{ passwordFile ? "/should_not_be_needed_in_this_context", ... }: { passwordFile ? "/should_not_be_needed_in_this_context", ... }:
# FIXME Subvolumes for backup. If they're not created with the script. Add the script btw. # FIXME Subvolumes for backup. If they're not created with the script. Add the script btw.
# Doesn't seem like it's possible to decrypt luks partition at stage2, hence why everything is with a password now
# TODO Find a way to use keys in filesystem
# TODO Not relatime everywhere, thank you # TODO Not relatime everywhere, thank you
# TODO Default options # TODO Default options
let let
@ -72,11 +74,10 @@ in
content = { content = {
type = "luks"; type = "luks";
name = "boot"; name = "boot";
initrdUnlock = false;
extraFormatArgs = [ "--type luks1" ]; extraFormatArgs = [ "--type luks1" ];
passwordFile = passwordFile; passwordFile = passwordFile;
settings = { settings = {
keyFile = "/etc/keys/boot"; # keyFile = "/etc/keys/boot";
}; };
content = { content = {
type = "filesystem"; type = "filesystem";
@ -95,9 +96,9 @@ in
content = { content = {
type = "luks"; type = "luks";
name = "razmo"; name = "razmo";
initrdUnlock = false; passwordFile = passwordFile;
settings = { settings = {
keyFile = "/etc/keys/razmo"; # keyFile = "/etc/keys/razmo";
}; };
content = { content = {
type = "btrfs"; type = "btrfs";
@ -130,9 +131,9 @@ in
content = { content = {
type = "luks"; type = "luks";
name = "rapswap"; name = "rapswap";
initrdUnlock = false; passwordFile = passwordFile;
settings = { settings = {
keyFile = "/etc/keys/rapswap"; # keyFile = "/etc/keys/rapswap";
allowDiscards = true; allowDiscards = true;
}; };
content = { content = {

1
curacao/os.nix
View file

@ -9,6 +9,7 @@
networking.hostName = "curacao"; networking.hostName = "curacao";
boot = { boot = {
initrd.luks.reusePassphrases = true;
loader = { loader = {
efi.efiSysMountPoint = "/efi"; efi.efiSysMountPoint = "/efi";
}; };

2
os/geoffrey.nix
View file

@ -4,6 +4,8 @@
<home-manager/nixos> <home-manager/nixos>
]; ];
users.users.root.initialHashedPassword = "$y$j9T$e64bjL7iyVlniEKwKbM9g0$cCn74za0r6L9QMO20Fdxz3/SX0yvhz3Xd6.2BhtbRL1"; # Not a real password
users.users.geoffrey = { users.users.geoffrey = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "adbusers" "wheel" ]; extraGroups = [ "adbusers" "wheel" ];