test
This commit is contained in:
parent
04673ec1a8
commit
ba878932a3
2 changed files with 16 additions and 14 deletions
|
@ -37,12 +37,8 @@ if [ ! -e "nixos/hosts/$TARGET_HOST/disks.nix" ]; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
# Check if the machine we're provisioning expects a keyfile to unlock a disk.
|
||||
# If it does, generate a new key, and write to a known location.
|
||||
if grep -q "secret.key" "nixos/$TARGET_HOST/disks.nix"; then
|
||||
echo "Secret key not found. Create one at /tmp/secret.key"
|
||||
exit 1
|
||||
fi
|
||||
# Create a key for encrypted swap, if needed
|
||||
openssl rand -hex 512 > /etc/swap.key
|
||||
|
||||
echo "WARNING! The disks in $TARGET_HOST are about to get wiped"
|
||||
echo " NixOS will be re-installed"
|
||||
|
@ -70,8 +66,8 @@ if [[ $REPLY =~ ^[Yy]$ ]]; then
|
|||
|
||||
# If there is a keyfile for a data disk, put copy it to the root partition and
|
||||
# ensure the permissions are set appropriately.
|
||||
if [[ -f "/tmp/secret.key" ]]; then
|
||||
sudo cp /tmp/secret.key /mnt/etc/secret.key
|
||||
sudo chmod 0400 /mnt/etc/secret.key
|
||||
if [[ -f "/etc/swap.key" ]]; then
|
||||
sudo cp /etc/swap.key /mnt/etc/swap.key
|
||||
sudo chmod 0400 /mnt/etc/swap.key
|
||||
fi
|
||||
fi
|
|
@ -20,7 +20,7 @@
|
|||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
mountpoint = "/boot/efi";
|
||||
};
|
||||
} # partition 1 (ESP)
|
||||
{
|
||||
|
@ -65,13 +65,19 @@
|
|||
}; # content
|
||||
} # partition 2 (/ BTRFS)
|
||||
{
|
||||
name = "SWAP";
|
||||
name = "LUKS-SWAP";
|
||||
start = "-64GiB";
|
||||
end = "100%";
|
||||
content = {
|
||||
type = "luks";
|
||||
name "SWAP";
|
||||
settings = {
|
||||
keyFile = "/swap.key";
|
||||
allowDiscards = true;
|
||||
};
|
||||
type = "swap";
|
||||
randomEncryption = true;
|
||||
resumeDevice = true; # resume from hiberation from this device
|
||||
randomEncryption = false;
|
||||
resumeDevice = true; # Hibernation
|
||||
};
|
||||
} # partition 3 (SWAP)
|
||||
]; # partitions
|
||||
|
|
Loading…
Reference in a new issue