58 lines
1.4 KiB
Nix
58 lines
1.4 KiB
Nix
{ lib
|
|
, config
|
|
, ... }:
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.hardware.encryptedDisk;
|
|
ownLib = import ../lib/default.nix { };
|
|
in {
|
|
options.hardware.encryptedDisk = {
|
|
enable = mkEnableOption "Enable encrypted filesystem layout";
|
|
diskId = mkOption {
|
|
type = types.string;
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
fileSystems."/boot" = {
|
|
device = (ownLib.disk.bootFsDevice cfg.diskId);
|
|
fsType = "vfat";
|
|
};
|
|
|
|
fileSystems."/" = {
|
|
device = (ownLib.disk.rootFsDevice cfg.diskId);
|
|
fsType = "btrfs";
|
|
options = [ "subvol=nixos" ];
|
|
};
|
|
|
|
fileSystems."/home" = {
|
|
device = (ownLib.disk.rootFsDevice cfg.diskId);
|
|
fsType = "btrfs";
|
|
options = [ "subvol=home" ];
|
|
};
|
|
|
|
swapDevices = [ { device = (ownLib.disk.swapFsDevice cfg.diskId); } ];
|
|
|
|
boot.loader.grub = {
|
|
device = (ownLib.disk.bootGrubDevice cfg.diskId);
|
|
enableCryptodisk = true;
|
|
};
|
|
|
|
boot.initrd.luks.devices = builtins.listToAttrs [
|
|
{
|
|
name =
|
|
let
|
|
splitstring = builtins.split "/" (ownLib.disk.bootLuksDevice cfg.diskId);
|
|
lastelem = (builtins.length splitstring)-1;
|
|
in
|
|
builtins.elemAt splitstring lastelem;
|
|
value = {
|
|
device = (ownLib.disk.bootLuksDevice cfg.diskId);
|
|
preLVM = true;
|
|
allowDiscards = true;
|
|
};
|
|
}
|
|
];
|
|
};
|
|
}
|