nixos-dots

nixos dots
git clone git://popovic.xyz/nixos-dots.git
Log | Files | Refs
commit b3a48d8260bb426f8b0afd43f5e93452615050fb
parent e9bf9109ff2d0d90551245303b22da9cafad0ff1
Author: Milutin Popovic <milutin@popovic.xyz>
Date:   Sun,  8 Mar 2026 22:20:59 +0000

add encrypted system

Diffstat:

Mflake.nix | 31++++++++++++++++++++++++++++++-


Mmodules/packages.nix | 1+


Csystem/hardware/frame.nix -> system/hardware/frame-unencrypted.nix | 0


Msystem/hardware/frame.nix | 16++++++++++++----


4 files changed, 43 insertions(+), 5 deletions(-)

diff --git a/flake.nix b/flake.nix
@@ -51,6 +51,35 @@
       isDarwin = false;
     in
     {
+      frame =
+        let
+          hostName = "frame";
+          system   = linuxSystem;
+        in
+        nixpkgs.lib.nixosSystem {
+          inherit system;
+          specialArgs = {
+            inherit inputs hostName system isDarwin;
+          };
+          modules = [
+            nixos-hardware.nixosModules.framework-13-7040-amd
+            home-manager.nixosModules.home-manager
+            sops-nix.nixosModules.sops
+            ./system/host/frame.nix
+            ./system/hardware/frame.nix
+            {
+              home-manager = {
+                useGlobalPkgs = true;
+                useUserPackages = true;
+                extraSpecialArgs = {
+                  inherit system inputs isDarwin;
+                  standalone = false;
+                };
+                users.mika = import ./users/mika.nix;
+              };
+            }
+          ];
+        };
       nixos-frame =
         let
           hostName = "nixos-frame";
@@ -66,7 +95,7 @@
             home-manager.nixosModules.home-manager
             sops-nix.nixosModules.sops
             ./system/host/frame.nix
-            ./system/hardware/frame.nix
+            ./system/hardware/frame-unencrypted.nix
             {
               home-manager = {
                 useGlobalPkgs = true;
diff --git a/modules/packages.nix b/modules/packages.nix
@@ -37,6 +37,7 @@ with pkgs; {
     htop
     sops
     direnv
+    cryptsetup
   ];
 
   shell = [
diff --git a/system/hardware/frame.nix b/system/hardware/frame-unencrypted.nix
diff --git a/system/hardware/frame.nix b/system/hardware/frame.nix
@@ -7,28 +7,36 @@
     ];
 
   boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usbhid" "usb_storage" ];
-  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" "cryptd" ];
+  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/68d936fb-68be-4351-a557-874ef2d96efc"; # <--
+
   boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =
     {
-      device = "/dev/disk/by-uuid/69e780cc-9ee1-4987-99eb-6c452ae66855";
+      device = "/dev/disk/by-uuid/adc85ee5-286c-44aa-9dfa-4580e59687dc";
+      fsType = "ext4";
+    };
+  fileSystems."/home" =
+    {
+      device = "/dev/disk/by-uuid/2e36575d-3dc4-4760-9bc1-9bf055371805";
       fsType = "ext4";
     };
 
   fileSystems."/boot" =
     {
-      device = "/dev/disk/by-uuid/7000-6EA2";
+      device = "/dev/disk/by-uuid/F656-048E";
       fsType = "vfat";
       options = [ "fmask=0022" "dmask=0022" ];
     };
 
   swapDevices =
     [
-      { device = "/dev/disk/by-uuid/fb532c05-67d1-4983-a518-e2616369b6ae"; }
+      { device = "/dev/disk/by-uuid/f1c0a91f-0460-4ba8-a414-f49c90dfa399"; }
     ];
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.enableAllFirmware = true;
   hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }