testing

2026-01-27 11:13:58 -06:00
parent 176d0b7311
commit 10fc7820e1
5 changed files with 46 additions and 38 deletions
--- a/modules/nixos/boot/common/default.nix
+++ b/modules/nixos/boot/common/default.nix
@@ -44,30 +44,31 @@ in
      bootspec.enable = (!isArm);

      initrd = {
-        secrets = {
-          "/etc/clevis/nuc-nixos.jwe" = (lib.snowfall.fs.get-file "secrets/nuc-nixos.jwe");
-        };
+      #   secrets = {
+      #     "/etc/clevis/nuc-nixos.jwe" = (lib.snowfall.fs.get-file "secrets/nuc-nixos.jwe");
+      #   };

-        systemd.services."unlock-disk" = {
-          enable = true;
-          path = [
-            pkgs.clevis
-            pkgs.bcachefs-tools
-          ];
-          script = ''
-            ${pkgs.clevis}/bin/clevis decrypt < "/etc/clevis/nuc-nixos.jwe" | ${pkgs.bcachefs-tools}/bin/bcachefs unlock -k session /dev/disk/by-label/disk-main-nuc-nixos-bcachefs-root
-          '';
-          wantedBy = [ "initrd-root-fs.target" ];
-          requiredBy = [ "initrd-root-fs.target" ];
-          serviceConfig = {
-            Type = "oneshot";
-            TimeoutSec = "10s";
-          };
-        };
+        # systemd.services."unlock-disk" = {
+        #   enable = false;
+        #   path = [
+        #     pkgs.clevis
+        #     pkgs.bcachefs-tools
+        #   ];
+        #   script = ''
+        #     ${pkgs.clevis}/bin/clevis decrypt < "/etc/clevis/nuc-nixos.jwe"
+        #     # | ${pkgs.bcachefs-tools}/bin/bcachefs unlock -k session /dev/disk/by-label/disk-main-nuc-nixos-bcachefs-root
+        #   '';
+        #   wantedBy = [ "initrd-root-fs.target" ];
+        #   requiredBy = [ "initrd-root-fs.target" ];
+        #   serviceConfig = {
+        #     Type = "oneshot";
+        #     TimeoutSec = "10s";
+        #   };
+        # };

-        clevis = mkIf (config.${namespace}.hardware.disko.filesystem == "bcachefs"){
-          enable = true;
-        };
+        # clevis = mkIf (config.${namespace}.hardware.disko.filesystem == "bcachefs"){
+        #   enable = true;
+        # };

        luks = mkIf cfg.yubikeyEncryption {
          devices = {
--- a/modules/nixos/disko/default.nix
+++ b/modules/nixos/disko/default.nix
@@ -64,7 +64,7 @@ let
    size = "100%";
    content = {
      type = "luks";
-      name = "cryptroot";
+      name = "${config.${namespace}.network.hostName}-cryptroot";
      extraOpenArgs = [
        "--allow-discards"
        "--perf-no_read_workqueue"
@@ -185,7 +185,7 @@ in
        bcachefs_filesystems = lib.mkIf (cfg.filesystem == "bcachefs") {
          mounted_subvolumes_in_multi = {
            type = "bcachefs_filesystem";
-            passwordFile = "/etc/nixos/test.key";
+            # passwordFile = "/etc/nixos/test.key";
            extraFormatArgs = [
              "--compression=${cfg.compression}"
            ];
--- a/modules/nixos/hardware/btrfs/default.nix
+++ b/modules/nixos/hardware/btrfs/default.nix
@@ -1,7 +1,7 @@
-{ lib, ... }:
+{ lib, config, namespace, ... }:
 {
  services.btrfs = {
-    autoScrub.enable = lib.mkDefault true;
+    autoScrub.enable = lib.mkDefault (config.${namespace}.hardware.disko.filesystem == "btrfs");
    autoScrub.fileSystems = lib.mkDefault [
      "/nix"
      "/root"