commit ff3c6a2a05ed95884fb32707c8ca2565961db51e
author Skyler Grey <skyler3665@gmail.com> Sun Aug 21 07:25:02 2022 +0100
committer Skyler Grey <skyler3665@gmail.com> Sun Aug 21 07:25:56 2022 +0100
tree 32fee77b4064d8f0dad807247995d521641b5b7a
parent bcb2cb71f1c4c59bf289f34338e40a0a953d0c71

Enable disk encryption of persistent partitions

modules/filesystems.nix

diff --git a/modules/filesystems.nix b/modules/filesystems.nix
index eaadfde..73ef7e1 100644
--- a/modules/filesystems.nix
+++ b/modules/filesystems.nix
@@ -20,12 +20,17 @@
     };
 
     fileSystems."/nix" = {
-      device = "/dev/disk/by-label/nixos";
+      device = "/dev/mapper/nix";
+      fsType = "ext4";
+    };
+
+    fileSystems."/large" = {
+      device = "/dev/mapper/hdd";
       fsType = "ext4";
     };
 
     swapDevices = [
-      {device = "/dev/disk/by-label/swap";}
+      {device = "/dev/mapper/swap";}
     ];
   };
 }

modules/nix.nix

diff --git a/modules/nix.nix b/modules/nix.nix
index 83954ce..4c432b0 100644
--- a/modules/nix.nix
+++ b/modules/nix.nix
@@ -1,10 +1,12 @@
 {
   pkgs,
   registry,
+  nixpkgs,
   ...
 }: {
   config = {
     nix = {
+      registry.nixpkgs.flake = nixpkgs;
       settings = {
         experimental-features = ["nix-command" "flakes"];
         auto-optimise-store = true;

modules/security.nix

diff --git a/modules/security.nix b/modules/security.nix
index d7bdbda..75ab2be 100644
--- a/modules/security.nix
+++ b/modules/security.nix
@@ -1,6 +1,18 @@
 {
-  config.security.apparmor = {
-    enable = true;
-    killUnconfinedConfinables = true;
+  config = {
+    security.apparmor = {
+      enable = true;
+      killUnconfinedConfinables = true;
+    };
+
+    boot.initrd.availableKernelModules = [
+      "aesni_intel"
+      "cryptd"
+    ];
+
+    boot.initrd.luks.devices = {
+      nix.device = "/dev/disk/by-label/nix";
+      swap.device = "/dev/disk/by-label/swap";
+      hdd.device = "/dev/disk/by-label/hdd";
   };
 }