Gitiles
Code Review Sign In
git.clicks.codes / Chimera / NixFiles / 13df4cf43fbead8d92ff95f0c0fec12652c0eb8a^! / .
commit13df4cf43fbead8d92ff95f0c0fec12652c0eb8a[log] [tgz]
authorSamuel Shuert <coded@clicks.codes>Wed Mar 06 17:54:25 2024 -0500
committerSamuel Shuert <coded@clicks.codes>Wed Mar 06 22:56:22 2024 +0000
tree1a9e7154dd6052a0ccd8717b0f753e837b05f9fb
parent30e6c8f728135ed6307f28c0430298676241383f [diff]
shorthair: LUKS, now with yubikey unlocking

... and another drive

Change-Id: I4e868c73d8ed5fe3b9b70ccd38e5a99b347e9a23
Reviewed-on: https://git.clicks.codes/c/Chimera/NixFiles/+/527
Tested-by: Samuel Shuert <coded@clicks.codes>
Reviewed-by: Samuel Shuert <coded@clicks.codes>

diff --git a/systems/x86_64-linux/shorthair/hardware/boot/default.nix b/systems/x86_64-linux/shorthair/hardware/boot/default.nix
index b432b13..3b1c25a 100644
--- a/systems/x86_64-linux/shorthair/hardware/boot/default.nix
+++ b/systems/x86_64-linux/shorthair/hardware/boot/default.nix

@@ -4,10 +4,9 @@
     "nvme"
     "xhci_pci"
     "ahci"
-    "usb_storage"
     "usbhid"
     "sd_mod"
-    "sr_mod"
+    "ext4"
   ];
   boot.initrd.kernelModules = [
     "kvm-amd"
@@ -20,6 +19,15 @@
   boot.loader.efi.canTouchEfiVariables = true;
 
   boot.initrd = {
-    luks.devices."NIXROOT".device = "/dev/disk/by-uuid/744c83f8-f8d9-4604-8e44-ceb7bf7fdf87";
+    systemd.enable = true; # needed for the way we do our YubiKey
+    luks.devices."key".device = "/dev/disk/by-uuid/3ddef258-93b2-459c-9420-121b0631d69a";
+    luks.devices."NIXROOT" = {
+      device = "/dev/disk/by-uuid/744c83f8-f8d9-4604-8e44-ceb7bf7fdf87";
+      keyFile = "/key:/dev/mapper/key";
+    };
+    luks.devices."BIGDATA" = {
+      device = "/dev/disk/by-uuid/640b7c00-5cfa-472f-9338-c7adafa9ea6a";
+      keyFile = "/key:/dev/mapper/key";
+    };
   };
 }

diff --git a/systems/x86_64-linux/shorthair/hardware/filesystems/default.nix b/systems/x86_64-linux/shorthair/hardware/filesystems/default.nix
index dd73eda..bc4678e 100644
--- a/systems/x86_64-linux/shorthair/hardware/filesystems/default.nix
+++ b/systems/x86_64-linux/shorthair/hardware/filesystems/default.nix

@@ -1,7 +1,12 @@
 { ... }:
 {
   fileSystems."/" = {
-    device = "/dev/disk/by-uuid/49f641f9-27c1-451e-9dff-d270879ede42";
+    device = "/dev/mapper/NIXROOT";
+    fsType = "btrfs";
+  };
+
+  fileSystems."/bigdata" = {
+    device = "/dev/mapper/BIGDATA";
     fsType = "btrfs";
   };
 
@@ -9,10 +14,4 @@
     device = "/dev/disk/by-uuid/F1F9-C8D5";
     fsType = "vfat";
   };
-
-  #swapDevices = [
-  #  {
-  #    device = "/dev/disk/by-uuid/b0ffc786-a525-413d-97e8-24e57a39dd0b";
-  #  }
-  #];
 }