fix nas encryption stuffs

2024-07-01 10:44:46 -05:00
parent e74020a8ce
commit cb26d2646d
2 changed files with 47 additions and 72 deletions
--- a/hosts/nas/configuration.nix
+++ b/hosts/nas/configuration.nix
@@ -159,10 +159,13 @@ in
    consoleLogLevel = 3;
    bootspec.enable = true;

-    supportedFilesystems = [ "zfs" ];
-
-    # zfs.extraPools = [ "junk" ];
-    # zfs.requestEncryptionCredentials = false;
+    initrd = {
+      kernelModules = [ "tpm" "tpm_tis" "tpm_crb" "tpm_infineon" ];
+      systemd = {
+        enable = true;
+        enableTpm2 = true;
+      };
+    };
  };

  security.tpm2 = {
@@ -286,33 +289,6 @@ in
  };

  systemd.services = {
-    # nas-mounts = {
-    #   path = [
-    #     pkgs.zfs
-    #     pkgs.bash
-    #     pkgs.tpm2-tools
-    #   ];
-
-    #   wantedBy = [ "multi-user.target" ];
-
-    #   script = ''
-    #     tpm2_nvread 0x1500016 -C o -s 65 > /tmp/mainpool
-    #     tpm2_nvread 0x1600016 -C o -s 65 > /tmp/ssd
-
-    #     zfs load-key -L file:///tmp/mainpool "MainPool"
-    #     zfs load-key -L file:///tmp/ssd "SSD"
-
-    #     rm /tmp/mainpool
-    #     rm /tmp/ssd
-    #   '';
-
-    #   description = "Unlock ZFS pool using fTPM";
-    #   requires = [ "zfs-import-MainPool.service" "zfs-import-SSD.service" ];
-    #   after = [ "zfs-import-MainPool.service" "zfs-import-SSD.service" ];
-    #   before = [ "zfs-mount.service" ];
-    #   serviceConfig.Type = "oneshot";
-    #   serviceConfig.RemainAfterExit = true;
-    # };

    glances-server = {
      path = [
@@ -376,7 +352,7 @@ in
      hdd2 UUID=11ee92b0-6334-4be7-bb2d-d85f5a3f51a6 none tpm2-device=auto
      hdd3 UUID=4463ea6f-3fcf-4e49-80c8-ba7f424471f0 none tpm2-device=auto
      hdd4 UUID=13fe7737-b72b-4d5f-a79d-1ca0d438f8f0 none tpm2-device=auto
-      hdd5 UUID=11ee92b0-6334-4be7-bb2d-d85f5a3f51a6 none tpm2-device=auto
+      hdd5 UUID=2b4be219-613d-4512-8277-0260989d5377 none tpm2-device=auto
    '';

    # List packages installed in system profile. To search, run:
@@ -502,7 +478,7 @@ in
        "docker"
        "podman"
        "libvirtd"
-        "nas-apps"
+        "nix-apps"
        "jallen-nas"
      ]; # Enable ‘sudo’ for the user.
      initialHashedPassword = password;
@@ -599,7 +575,6 @@ in
    ];
  };

-
  fileSystems."/media/nas/main/3d_printer" = {
    device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
    fsType = "btrfs";
@@ -708,14 +683,14 @@ in
    ];
  };

-  fileSystems."/media/nas/main/vms" = {
-    device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
-    fsType = "btrfs";
-    options = [
-      "subvol=vms"
-      "compress=zstd"
-    ];
-  };
+  # fileSystems."/media/nas/main/vms" = {
+  #   device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
+  #   fsType = "btrfs";
+  #   options = [
+  #     "subvol=vms"
+  #     "compress=zstd"
+  #   ];
+  # };

  # This option defines the first version of NixOS you have installed on this particular machine,
  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.