ragusa-it/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cryptswap fix hopefully

Browse Source
This commit is contained in:
Melvin Ragusa
2026-02-03 09:39:45 +01:00
parent d7c6380ed6
commit 1d9f6c5401
2 changed files with 48 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
flake.lock generated
View File

@@ -143,11 +143,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1770082062, "lastModified": 1770085102,
"narHash": "sha256-9hyE4UN84VjBKsTxw0nO23crBGtEtnT72g33+YETfvE=", "narHash": "sha256-QsjniU+xcK04BQvPxdu0UTkXq2+Fh7FwFgvdG6b32hE=",
"owner": "noctalia-dev", "owner": "noctalia-dev",
"repo": "noctalia-shell", "repo": "noctalia-shell",
"rev": "feb65ad8b247c16311181cc420f54bcae4f629fe", "rev": "cdf0a5dd44af63b5530fad595ac650d5d899a848",
"type": "github" "type": "github"
}, },
"original": { "original": {

62
hardware-configuration.nix
View File

@@ -1,34 +1,62 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "uas" "sd_mod" ]; boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"usbhid"
"uas"
"sd_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/mapper/cryptroot"; device = "/dev/mapper/cryptroot";
fsType = "xfs"; fsType = "xfs";
}; };
boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/ecb02db3-6fe8-499e-9a31-38a8143aa092"; boot.initrd.luks.devices."cryptroot".device =
"/dev/disk/by-uuid/ecb02db3-6fe8-499e-9a31-38a8143aa092";
fileSystems."/boot" = # ─── Encrypted Swap ───
{ device = "/dev/disk/by-uuid/614D-6CCA"; # Include swap keyfile in initramfs (so it's available before root is mounted)
fsType = "vfat"; boot.initrd.secrets."/var/lib/secrets/swap.key" = /var/lib/secrets/swap.key;
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices = boot.initrd.luks.devices."cryptswap" = {
[ { device = "/dev/mapper/cryptswap"; } device = "/dev/disk/by-uuid/0e51324d-5929-4b4c-bd6e-a3130cf8adc2";
keyFile = "/var/lib/secrets/swap.key";
allowDiscards = true; # Enable TRIM for NVMe SSD
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/614D-6CCA";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
]; ];
};
swapDevices = [
{ device = "/dev/mapper/cryptswap"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;