diff --git a/nixos/configurations/Tytonidae/disk-config.nix b/nixos/configurations/Tytonidae/disk-config.nix index 8f4e7da..31267e6 100644 --- a/nixos/configurations/Tytonidae/disk-config.nix +++ b/nixos/configurations/Tytonidae/disk-config.nix @@ -10,7 +10,7 @@ partitions = { ESP = { name = "ESP"; - size = "512M"; + size = "1G"; type = "EF00"; content = { type = "filesystem"; @@ -22,6 +22,35 @@ ]; }; }; + crypto-swap = { + size = "32G"; + content = { + type = "luks"; + name = "crypto-swap"; + passwordFile = "/tmp/secret.key"; + settings = { + allowDiscards = true; + fallbackToPassword = true; + }; + content = { + type = "swap"; + resumeDevice = true; + }; + initrdUnlock = true; + extraFormatArgs = [ + "--type luks2" + "--cipher aes-xts-plain64" + "--hash sha512" + "--iter-time 5000" + "--pbkdf argon2id" + "--key-size 256" + "--use-random" + ]; + extraOpenArgs = [ + "--timeout 10" + ]; + }; + }; crypto1 = { size = "100%"; content = { @@ -83,7 +112,7 @@ type = "btrfs"; extraArgs = [ "-f" - "-d raid0" + "-d single" "/dev/mapper/crypto1" ]; subvolumes = { diff --git a/nixos/configurations/Tytonidae/hardware-configuration.nix b/nixos/configurations/Tytonidae/hardware-configuration.nix index 4e6830d..ae9c32a 100644 --- a/nixos/configurations/Tytonidae/hardware-configuration.nix +++ b/nixos/configurations/Tytonidae/hardware-configuration.nix @@ -8,7 +8,7 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ];