Set up bootloader stuff for encrypted impermanance.

2025-07-07 02:19:35 +00:00
parent 05cd5cce03
commit f5fe043de9
1 changed files with 10 additions and 1 deletions
--- a/nodes/hosts/lappy/system/bootloader.nix
+++ b/nodes/hosts/lappy/system/bootloader.nix
@@ -1,5 +1,9 @@
 { pkgs, config, ... }: {
  boot = {
+    tmp = {
+      useTmpfs = true;
+      tmpfsSize = "50%";
+    };
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
@@ -38,10 +42,15 @@
    #                                                                                                                            /mnt/persist
    #                                                                                                                            /mnt/nix
    #                                                                                                                            /mnt
-      #luks.devices."cryptroot".device = "/dev/disk/by-uuid/e68d4928-961d-4c80-9d3c-921514ebc63c";
+      luks.devices."cryptroot" = {
+        device = "/dev/disk/by-partlabel/luks";
+        allowDiscards = true;
+      };
+
      kernelModules = [ ];

      availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
+
    };
  };
 }