Switch Aperture to Imperm + LUKS · bwc9876.dev/nixos-config@8cab442

bwc9876.dev / nixos-config

fork atom

Flake for my NixOS devices

fork atom

Switch Aperture to Imperm + LUKS

bwc9876.dev 1 year ago 8cab442a 021ec41a

verified

+32 -14

2 changed files

expand all

unified split

roles

imperm.nix

systems

aperture.nix

+6 -3

roles/imperm.nix

··· 109 109 "newsboat" 110 110 "zoxide" 111 111 "nvim" 112 + ]); 113 + files = 114 + (preConf [ 115 + "nushell/history.txt" 116 + ]) 117 + ++ (preShare [ 112 118 "user-places.xbel" 113 119 ]); 114 - files = [ 115 - ".config/nushell/history.txt" 116 - ]; 117 120 }; 118 121 }; 119 122 }

+26 -11

systems/aperture.nix

··· 9 9 10 10 includeBaseMods = true; 11 11 12 - roles = ["latest-linux" "dev" "graphics" "games" "fun" "social" "secureboot" "wireless" "hypervisor"]; 12 + roles = ["latest-linux" "dev" "graphics" "games" "fun" "social" "imperm" "secureboot" "wireless" "hypervisor" "black-mesa-cache"]; 13 13 extraModules = [ 14 14 inputs.nixos-hardware.nixosModules.framework-13th-gen-intel 15 15 ( ··· 28 28 boot.extraModulePackages = []; 29 29 boot.binfmt.emulatedSystems = ["aarch64-linux"]; 30 30 31 + hardware.framework.enableKmod = false; 32 + 31 33 fileSystems."/" = { 32 - device = "/dev/disk/by-uuid/2c002966-4572-4094-8d3f-18d455b611ca"; 33 - fsType = "ext4"; 34 + fsType = "tmpfs"; 35 + options = ["size=512M" "mode=755"]; 36 + neededForBoot = true; 37 + }; 38 + 39 + fileSystems."/home" = { 40 + fsType = "tmpfs"; 41 + options = ["size=2G"]; 42 + neededForBoot = true; 34 43 }; 35 44 36 45 fileSystems."/boot" = { 37 - device = "/dev/disk/by-uuid/A57C-E5FF"; 46 + device = "/dev/disk/by-uuid/88E4-A64F"; 38 47 fsType = "vfat"; 48 + options = ["fmask=0022" "dmask=0022" "nosuid" "nodev" "noexec" "noatime"]; 39 49 }; 40 50 41 - hardware.framework.enableKmod = false; 51 + fileSystems."/nix" = { 52 + device = "/dev/disk/by-uuid/fd9f484a-a5ef-4378-b054-d292b0204afb"; 53 + fsType = "ext4"; 54 + neededForBoot = true; 55 + }; 42 56 43 - swapDevices = [{device = "/dev/disk/by-uuid/fde5784f-93e8-4e3b-8ca2-74bf44b00479";}]; 57 + boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/330c8e83-23cd-46bf-99b3-75a7f5d7c5dc"; 58 + boot.initrd.luks.devices."cryptswap".device = "/dev/disk/by-uuid/c599ad48-750b-458d-8361-601bee3eb066"; 44 59 45 - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 46 - # (the default) this is the recommended approach. When using systemd-networkd it's 47 - # still possible to use this option, but it's recommended to use it in conjunction 48 - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 60 + swapDevices = [ 61 + {device = "/dev/disk/by-uuid/834d0d23-6a06-416f-853f-36c6ce81f355";} 62 + ]; 63 + 49 64 networking.useDHCP = lib.mkDefault true; 50 - # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; 51 65 52 66 nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 53 67 powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; ··· 58 72 ]; 59 73 }; 60 74 } 75 +