From f5fe043de996fa1c04d19eb1238328035113c4b1 Mon Sep 17 00:00:00 2001
From: jay <jay@zerojay.com>
Date: Mon, 7 Jul 2025 02:19:35 +0000
Subject: [PATCH] Set up bootloader stuff for encrypted impermanance.

---
 nodes/hosts/lappy/system/bootloader.nix | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/nodes/hosts/lappy/system/bootloader.nix b/nodes/hosts/lappy/system/bootloader.nix
index 19b2371..a4f574a 100644
--- a/nodes/hosts/lappy/system/bootloader.nix
+++ b/nodes/hosts/lappy/system/bootloader.nix
@@ -1,5 +1,9 @@
 { pkgs, config, ... }: {
   boot = {
+    tmp = {
+      useTmpfs = true;
+      tmpfsSize = "50%";
+    };
     loader = {
       systemd-boot.enable = true;
       efi.canTouchEfiVariables = true;
@@ -38,10 +42,15 @@
     #                                                                                                                            /mnt/persist
     #                                                                                                                            /mnt/nix
     #                                                                                                                            /mnt
-      #luks.devices."cryptroot".device = "/dev/disk/by-uuid/e68d4928-961d-4c80-9d3c-921514ebc63c";
+      luks.devices."cryptroot" = {
+        device = "/dev/disk/by-partlabel/luks";
+        allowDiscards = true;
+      };
+
       kernelModules = [ ];
 
       availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
+
     };
   };
 }