tristan/nix
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

WIP: Add more options to crypt mounts

Browse source
This commit is contained in:
Tristan D. 2024-02-04 23:00:58 +01:00
parent e9a7d836ce
commit 35f22d8f6a
Signed by: tristan
SSH key fingerprint: SHA256:3RU4RLOoM8oAjFU19f1W6t8uouZbA7GWkaSW6rjp1k8
2 changed files with 35 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
systems/nixos-desk/disko.nix
View file

@ -1,3 +1,12 @@
let
cryptOpenArgs = [
"--allow-discards"
"--perf-same_cpu_crypt"
"--perf-submit_from_crypt_cpus"
"--perf-no_read_workqueue"
"--perf-no_write_workqueue"
];
in
{ {
disko.devices = { disko.devices = {
disk = { disk = {
@ -15,7 +24,7 @@
content = { content = {
type = "luks"; type = "luks";
name = "cryptboot_1"; name = "cryptboot_1";
extraOpenArgs = [ "--allow-discards" ]; extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key"; passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ]; additionalKeyFiles = [ ];
# content is empty here as the btrfs partition will be created via extraArgs of the cryptroot_1 partition def # content is empty here as the btrfs partition will be created via extraArgs of the cryptroot_1 partition def
@ -26,7 +35,7 @@
content = { content = {
type = "luks"; type = "luks";
name = "cryptswap_1"; name = "cryptswap_1";
extraOpenArgs = [ "--allow-discards" ]; extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key"; passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ]; additionalKeyFiles = [ ];
content = { content = {
@ -51,7 +60,7 @@
content = { content = {
type = "luks"; type = "luks";
name = "cryptboot_0"; name = "cryptboot_0";
extraOpenArgs = [ "--allow-discards" ]; extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key"; passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ]; additionalKeyFiles = [ ];
content = { content = {

37
systems/nixos-he4/disko.nix
View file

@ -64,6 +64,15 @@
# /mnt # /mnt
# #
############################## ##############################
let
cryptOpenArgs = [
"--allow-discards"
"--perf-same_cpu_crypt"
"--perf-submit_from_crypt_cpus"
"--perf-no_read_workqueue"
"--perf-no_write_workqueue"
];
in
{ {
# The manual definitions are generated by nixos-generate-config # The manual definitions are generated by nixos-generate-config
# the commented out stuff are partitions created by disko # the commented out stuff are partitions created by disko
@ -103,7 +112,7 @@
content = { content = {
type = "luks"; type = "luks";
name = "crypted_ssd0"; name = "crypted_ssd0";
extraOpenArgs = [ "--allow-discards" ]; extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key"; passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ]; additionalKeyFiles = [ ];
}; };
@ -113,7 +122,7 @@
content = { content = {
type = "luks"; type = "luks";
name = "crypted_swap0"; name = "crypted_swap0";
extraOpenArgs = [ "--allow-discards" ]; extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key"; passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ]; additionalKeyFiles = [ ];
content = { content = {
@ -149,7 +158,7 @@
content = { content = {
type = "luks"; type = "luks";
name = "crypted_ssd1"; name = "crypted_ssd1";
extraOpenArgs = [ "--allow-discards" ]; extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key"; passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ]; additionalKeyFiles = [ ];
}; };
@ -159,7 +168,7 @@
content = { content = {
type = "luks"; type = "luks";
name = "crypted_swap1"; name = "crypted_swap1";
extraOpenArgs = [ "--allow-discards " ]; extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key "; passwordFile = "/tmp/secret.key ";
additionalKeyFiles = [ ]; additionalKeyFiles = [ ];
content = { content = {
@ -182,7 +191,7 @@
content = { content = {
type = "luks"; type = "luks";
name = "crypted_hdd0"; name = "crypted_hdd0";
extraOpenArgs = [ "--allow-discards" ]; extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key"; passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ]; additionalKeyFiles = [ ];
}; };
@ -201,7 +210,7 @@
content = { content = {
type = "luks"; type = "luks";
name = "crypted_hdd1"; name = "crypted_hdd1";
extraOpenArgs = [ "--allow-discards" ]; extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key"; passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ]; additionalKeyFiles = [ ];
}; };
@ -220,7 +229,7 @@
content = { content = {
type = "luks"; type = "luks";
name = "crypted_hdd2"; name = "crypted_hdd2";
extraOpenArgs = [ "--allow-discards" ]; extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key"; passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ]; additionalKeyFiles = [ ];
}; };
@ -239,7 +248,7 @@
content = { content = {
type = "luks"; type = "luks";
name = "crypted_hdd3"; name = "crypted_hdd3";
extraOpenArgs = [ "--allow-discards" ]; extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key"; passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ]; additionalKeyFiles = [ ];
}; };
@ -258,7 +267,7 @@
content = { content = {
type = "luks"; type = "luks";
name = "crypted_hdd4"; name = "crypted_hdd4";
extraOpenArgs = [ "--allow-discards" ]; extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key"; passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ]; additionalKeyFiles = [ ];
}; };
@ -277,7 +286,7 @@
content = { content = {
type = "luks"; type = "luks";
name = "crypted_hdd5"; name = "crypted_hdd5";
extraOpenArgs = [ "--allow-discards" ]; extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key"; passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ]; additionalKeyFiles = [ ];
}; };
@ -296,7 +305,7 @@
content = { content = {
type = "luks"; type = "luks";
name = "crypted_hdd6"; name = "crypted_hdd6";
extraOpenArgs = [ "--allow-discards" ]; extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key"; passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ]; additionalKeyFiles = [ ];
}; };
@ -315,7 +324,7 @@
content = { content = {
type = "luks"; type = "luks";
name = "crypted_hdd7"; name = "crypted_hdd7";
extraOpenArgs = [ "--allow-discards" ]; extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key"; passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ]; additionalKeyFiles = [ ];
}; };
@ -334,7 +343,7 @@
content = { content = {
type = "luks"; type = "luks";
name = "crypted_hdd8"; name = "crypted_hdd8";
extraOpenArgs = [ "--allow-discards" ]; extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key"; passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ]; additionalKeyFiles = [ ];
}; };
@ -353,7 +362,7 @@
content = { content = {
type = "luks"; type = "luks";
name = "crypted_hdd9"; name = "crypted_hdd9";
extraOpenArgs = [ "--allow-discards" ]; extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key"; passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ]; additionalKeyFiles = [ ];
}; };