diff --git a/configuration.nix b/configuration.nix index 381d69b..6f7ba74 100644 --- a/configuration.nix +++ b/configuration.nix @@ -36,7 +36,7 @@ # ─── Bootloader: Limine with Secure Boot ─── boot.loader.systemd-boot.enable = false; # Disabled - using Limine boot.loader.limine.enable = true; - boot.loader.limine.secureBoot.enable = true; + boot.loader.limine.secureBoot.enable = false; boot.loader.efi.canTouchEfiVariables = true; # ─── Kernel ─── @@ -48,14 +48,10 @@ "amdgpu.ppfeaturemask=0xffffffff" # Full AMD GPU power features (from gpu-amd.nix) ]; - # ─── Full Disk Encryption (LUKS) ─── + # ─── Full Disk Encryption (LUKS) ─── boot.initrd.luks.devices = { - "cryptroot" = { - device = "/dev/disk/by-label/cryptroot"; - allowDiscards = true; # Enable TRIM for SSD performance - }; "cryptswap" = { - device = "/dev/disk/by-label/cryptswap"; + device = "/dev/mapper/cryptswap"; allowDiscards = true; keyFile = "/swap.key"; # Auto-unlock with keyfile after root is decrypted }; diff --git a/hardware-configuration.nix b/hardware-configuration.nix index b70a621..721b5e9 100644 --- a/hardware-configuration.nix +++ b/hardware-configuration.nix @@ -14,17 +14,21 @@ boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/2db125bf-6f56-4299-9dec-f1dca95213c7"; - fsType = "ext4"; + { device = "/dev/mapper/cryptroot"; + fsType = "xfs"; }; + boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/ecb02db3-6fe8-499e-9a31-38a8143aa092"; + fileSystems."/boot" = - { device = "/dev/disk/by-uuid/F3DA-C028"; + { device = "/dev/disk/by-uuid/614D-6CCA"; fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; + options = [ "fmask=0022" "dmask=0022" ]; }; - swapDevices = [ ]; + swapDevices = + [ { device = "/dev/mapper/cryptswap"; } + ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;