From 796bdd1a421073356a32cace05cb12c1ed4fb53a Mon Sep 17 00:00:00 2001 From: Jimbo Date: Mon, 7 Oct 2024 15:11:45 -0400 Subject: [PATCH] Add Luks protection to Desktop, switch to BTRFS --- .../JimDesktop/hardware-configuration.nix | 48 ++++++++++++++----- 1 file changed, 36 insertions(+), 12 deletions(-) diff --git a/system/hosts/JimDesktop/hardware-configuration.nix b/system/hosts/JimDesktop/hardware-configuration.nix index 8dfaf0b..7e621d9 100644 --- a/system/hosts/JimDesktop/hardware-configuration.nix +++ b/system/hosts/JimDesktop/hardware-configuration.nix @@ -48,6 +48,13 @@ in { "vfio_iommu_type1" "kvm-amd" ]; + luks.devices = { + "crypt-ssd" = { + device = "/dev/disk/by-uuid/52110c74-19b6-40ef-9710-e6c9b157005f"; + preLVM = true; + allowDiscards = true; + }; + }; }; }; @@ -61,48 +68,65 @@ in { # Mount everything as necessary fileSystems = { "/" = { - device = "/dev/disk/by-uuid/f0786b07-8303-416f-87ff-276bfd696387"; - fsType = "bcachefs"; + device = "/dev/disk/by-uuid/bbfed7d1-62f2-4d8e-b63f-7f6ec932105b"; + fsType = "btrfs"; + options = [ "subvol=@" "noatime" "nodiratime" "discard" ]; + }; + "/home" = { + device = "/dev/disk/by-uuid/bbfed7d1-62f2-4d8e-b63f-7f6ec932105b"; + fsType = "btrfs"; + options = [ "subvol=@home" "noatime" "nodiratime" "discard" ]; + }; + "/nix" = { + device = "/dev/disk/by-uuid/bbfed7d1-62f2-4d8e-b63f-7f6ec932105b"; + fsType = "btrfs"; + options = [ "subvol=@nix" "noatime" "nodiratime" "discard" ]; + }; + "/var" = { + device = "/dev/disk/by-uuid/bbfed7d1-62f2-4d8e-b63f-7f6ec932105b"; + fsType = "btrfs"; + options = [ "subvol=@var" "noatime" "nodiratime" "discard" ]; }; "/boot" = { - device = "/dev/disk/by-uuid/EF6D-9009"; + device = "/dev/disk/by-uuid/3B4A-76C9"; fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; }; "/etc/libvirt" = { device = "/dev/disk/by-label/Qemu"; - options = ["nosuid" "nodev" "nofail"]; + options = [ "nosuid" "nodev" "nofail" ]; }; "/var/lib/libvirt" = { - depends = ["/etc/libvirt"]; + depends = [ "/etc/libvirt" ]; device = "/etc/libvirt/varlibvirt"; - options = ["bind" "rw"]; + options = [ "bind" "rw" ]; }; "/mnt/Linux1" = { device = "/dev/disk/by-label/Linux1"; - options = ["nosuid" "nodev" "nofail" "x-gvfs-show"]; + options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ]; }; "/mnt/Linux2" = { device = "/dev/disk/by-label/Linux2"; - options = ["nosuid" "nodev" "nofail" "x-gvfs-show"]; + options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ]; }; "/mnt/Windows1" = { device = "/dev/disk/by-label/Windows1"; - options = ["nosuid" "nodev" "noauto"]; + options = [ "nosuid" "nodev" "noauto" ]; }; "/mnt/Windows2" = { device = "/dev/disk/by-label/Windows2"; - options = ["nosuid" "nodev" "noauto"]; + options = [ "nosuid" "nodev" "noauto" ]; }; "/home/jimbo/JimboNFS" = { device = "${outputs.ips.server}:/export/JimboNFS"; fsType = "nfs4"; - options = ["x-systemd.automount" "_netdev" "nofail" "noauto"]; + options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ]; }; }; # Set the swap partition swapDevices = [ - {device = "/dev/disk/by-uuid/2e4c5120-716d-4cdc-84a0-c9e6391760db";} + { device = "/dev/disk/by-uuid/1a6a68d0-8ae7-4836-a585-b708597937a1"; } ]; # Enables DHCP on each ethernet and wireless interface.