From 48a3557e16bf4e4b373fb569bab621a2245b3087 Mon Sep 17 00:00:00 2001 From: Lily Anderson Date: Sun, 22 Feb 2026 15:52:07 -0600 Subject: [PATCH] encrypted server --- modules/hosts/server/configuration.nix | 2 +- .../hosts/server/hardware-configuration.nix | 54 ++++++++----------- 2 files changed, 23 insertions(+), 33 deletions(-) diff --git a/modules/hosts/server/configuration.nix b/modules/hosts/server/configuration.nix index f8df0cd..20c1c9f 100644 --- a/modules/hosts/server/configuration.nix +++ b/modules/hosts/server/configuration.nix @@ -30,7 +30,7 @@ self.packages.${pkgs.stdenv.hostPlatform.system}.nh ]; - system.stateVersion = "24.11"; + system.stateVersion = "25.11"; }; } diff --git a/modules/hosts/server/hardware-configuration.nix b/modules/hosts/server/hardware-configuration.nix index 076d35d..ca69e85 100644 --- a/modules/hosts/server/hardware-configuration.nix +++ b/modules/hosts/server/hardware-configuration.nix @@ -1,40 +1,30 @@ { - flake.nixosModules.serverHardware = { config, lib, modulesPath, ... }: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; +flake.nixosModules.serverHardware = { config, lib, modulesPath, ... }: { + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/208d39a0-fa7d-4fe4-be61-8867e7a51bc8"; - fsType = "ext4"; - }; + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; - "/boot" = { - device = "/dev/disk/by-uuid/AED2-D209"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; + fileSystems."/" = + { device = "/dev/mapper/luks-e2bd2b2f-7f88-4f4c-8b1f-1033f5bca401"; + fsType = "ext4"; }; - swapDevices = [ { - device = "/dev/disk/by-uuid/ec9d9773-d48b-4221-af73-7c365fe0966d"; - } ]; + boot.initrd.luks.devices."luks-e2bd2b2f-7f88-4f4c-8b1f-1033f5bca401".device = "/dev/disk/by-uuid/e2bd2b2f-7f88-4f4c-8b1f-1033f5bca401"; -# Enables DHCP on each ethernet and wireless interface. In case of scripted networking -# (the default) this is the recommended approach. When using systemd-networkd it's -# still possible to use this option, but it's recommended to use it in conjunction -# with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; -# networking.interfaces.eno1.useDHCP = lib.mkDefault true; + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/7786-BA6A"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - - }; + swapDevices = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +}; } -