test
This commit is contained in:
parent
04673ec1a8
commit
ba878932a3
2 changed files with 16 additions and 14 deletions
|
@ -37,12 +37,8 @@ if [ ! -e "nixos/hosts/$TARGET_HOST/disks.nix" ]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check if the machine we're provisioning expects a keyfile to unlock a disk.
|
# Create a key for encrypted swap, if needed
|
||||||
# If it does, generate a new key, and write to a known location.
|
openssl rand -hex 512 > /etc/swap.key
|
||||||
if grep -q "secret.key" "nixos/$TARGET_HOST/disks.nix"; then
|
|
||||||
echo "Secret key not found. Create one at /tmp/secret.key"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "WARNING! The disks in $TARGET_HOST are about to get wiped"
|
echo "WARNING! The disks in $TARGET_HOST are about to get wiped"
|
||||||
echo " NixOS will be re-installed"
|
echo " NixOS will be re-installed"
|
||||||
|
@ -70,8 +66,8 @@ if [[ $REPLY =~ ^[Yy]$ ]]; then
|
||||||
|
|
||||||
# If there is a keyfile for a data disk, put copy it to the root partition and
|
# If there is a keyfile for a data disk, put copy it to the root partition and
|
||||||
# ensure the permissions are set appropriately.
|
# ensure the permissions are set appropriately.
|
||||||
if [[ -f "/tmp/secret.key" ]]; then
|
if [[ -f "/etc/swap.key" ]]; then
|
||||||
sudo cp /tmp/secret.key /mnt/etc/secret.key
|
sudo cp /etc/swap.key /mnt/etc/swap.key
|
||||||
sudo chmod 0400 /mnt/etc/secret.key
|
sudo chmod 0400 /mnt/etc/swap.key
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
|
@ -20,7 +20,7 @@
|
||||||
content = {
|
content = {
|
||||||
type = "filesystem";
|
type = "filesystem";
|
||||||
format = "vfat";
|
format = "vfat";
|
||||||
mountpoint = "/boot";
|
mountpoint = "/boot/efi";
|
||||||
};
|
};
|
||||||
} # partition 1 (ESP)
|
} # partition 1 (ESP)
|
||||||
{
|
{
|
||||||
|
@ -65,13 +65,19 @@
|
||||||
}; # content
|
}; # content
|
||||||
} # partition 2 (/ BTRFS)
|
} # partition 2 (/ BTRFS)
|
||||||
{
|
{
|
||||||
name = "SWAP";
|
name = "LUKS-SWAP";
|
||||||
start = "-64GiB";
|
start = "-64GiB";
|
||||||
end = "100%";
|
end = "100%";
|
||||||
content = {
|
content = {
|
||||||
|
type = "luks";
|
||||||
|
name "SWAP";
|
||||||
|
settings = {
|
||||||
|
keyFile = "/swap.key";
|
||||||
|
allowDiscards = true;
|
||||||
|
};
|
||||||
type = "swap";
|
type = "swap";
|
||||||
randomEncryption = true;
|
randomEncryption = false;
|
||||||
resumeDevice = true; # resume from hiberation from this device
|
resumeDevice = true; # Hibernation
|
||||||
};
|
};
|
||||||
} # partition 3 (SWAP)
|
} # partition 3 (SWAP)
|
||||||
]; # partitions
|
]; # partitions
|
||||||
|
|
Loading…
Reference in a new issue