Enable disk encryption of persistent partitions

commit: ff3c6a2a05ed95884fb32707c8ca2565961db51e [log] [tgz]
author: Skyler Grey <skyler3665@gmail.com> Sun Aug 21 07:25:02 2022 +0100
committer: Skyler Grey <skyler3665@gmail.com> Sun Aug 21 07:25:56 2022 +0100
tree: 32fee77b4064d8f0dad807247995d521641b5b7a
parent: bcb2cb71f1c4c59bf289f34338e40a0a953d0c71 [diff] [blame]
diff --git a/modules/security.nix b/modules/security.nix
index d7bdbda..75ab2be 100644
--- a/modules/security.nix
+++ b/modules/security.nix

@@ -1,6 +1,18 @@
 {
-  config.security.apparmor = {
-    enable = true;
-    killUnconfinedConfinables = true;
+  config = {
+    security.apparmor = {
+      enable = true;
+      killUnconfinedConfinables = true;
+    };
+
+    boot.initrd.availableKernelModules = [
+      "aesni_intel"
+      "cryptd"
+    ];
+
+    boot.initrd.luks.devices = {
+      nix.device = "/dev/disk/by-label/nix";
+      swap.device = "/dev/disk/by-label/swap";
+      hdd.device = "/dev/disk/by-label/hdd";
   };
 }
commit	ff3c6a2a05ed95884fb32707c8ca2565961db51e	[log] [tgz]
author	Skyler Grey <skyler3665@gmail.com>	Sun Aug 21 07:25:02 2022 +0100
committer	Skyler Grey <skyler3665@gmail.com>	Sun Aug 21 07:25:56 2022 +0100
tree	32fee77b4064d8f0dad807247995d521641b5b7a
parent	bcb2cb71f1c4c59bf289f34338e40a0a953d0c71 [diff] [blame]