commit ff3c6a2a05ed95884fb32707c8ca2565961db51e
author Skyler Grey <skyler3665@gmail.com> Sun Aug 21 07:25:02 2022 +0100
committer Skyler Grey <skyler3665@gmail.com> Sun Aug 21 07:25:56 2022 +0100
tree 32fee77b4064d8f0dad807247995d521641b5b7a
parent bcb2cb71f1c4c59bf289f34338e40a0a953d0c71

Enable disk encryption of persistent partitions

flake.lock

diff --git a/flake.lock b/flake.lock
index 8f4acf6..8fb46fe 100644
--- a/flake.lock
+++ b/flake.lock
@@ -53,11 +53,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1660817299,
-        "narHash": "sha256-0QZE5FYLOyTEpKobPk32gxAQBtYs/nAfGx3PK+x6bXI=",
+        "lastModified": 1660936389,
+        "narHash": "sha256-GZcCsjq8EUA65MXdPQDvZdXkKcuhCnlvaSBpS/aqFwY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "b42e50fe36242b1b205a7d501b7911d698218086",
+        "rev": "921b28fa6ed61f6275fdebfec25b630dd1e4f378",
         "type": "github"
       },
       "original": {

modules/filesystems.nix

diff --git a/modules/filesystems.nix b/modules/filesystems.nix
index eaadfde..73ef7e1 100644
--- a/modules/filesystems.nix
+++ b/modules/filesystems.nix
@@ -20,12 +20,17 @@
     };
 
     fileSystems."/nix" = {
-      device = "/dev/disk/by-label/nixos";
+      device = "/dev/mapper/nix";
+      fsType = "ext4";
+    };
+
+    fileSystems."/large" = {
+      device = "/dev/mapper/hdd";
       fsType = "ext4";
     };
 
     swapDevices = [
-      {device = "/dev/disk/by-label/swap";}
+      {device = "/dev/mapper/swap";}
     ];
   };
 }

modules/nix.nix

diff --git a/modules/nix.nix b/modules/nix.nix
index 83954ce..4c432b0 100644
--- a/modules/nix.nix
+++ b/modules/nix.nix
@@ -1,10 +1,12 @@
 {
   pkgs,
   registry,
+  nixpkgs,
   ...
 }: {
   config = {
     nix = {
+      registry.nixpkgs.flake = nixpkgs;
       settings = {
         experimental-features = ["nix-command" "flakes"];
         auto-optimise-store = true;

modules/security.nix

diff --git a/modules/security.nix b/modules/security.nix
index d7bdbda..75ab2be 100644
--- a/modules/security.nix
+++ b/modules/security.nix
@@ -1,6 +1,18 @@
 {
-  config.security.apparmor = {
-    enable = true;
-    killUnconfinedConfinables = true;
+  config = {
+    security.apparmor = {
+      enable = true;
+      killUnconfinedConfinables = true;
+    };
+
+    boot.initrd.availableKernelModules = [
+      "aesni_intel"
+      "cryptd"
+    ];
+
+    boot.initrd.luks.devices = {
+      nix.device = "/dev/disk/by-label/nix";
+      swap.device = "/dev/disk/by-label/swap";
+      hdd.device = "/dev/disk/by-label/hdd";
   };
 }