diff options
| author | Caroline Larimore <caroline@larimo.re> | 2024-07-25 19:52:10 -0700 |
|---|---|---|
| committer | Caroline Larimore <caroline@larimo.re> | 2024-07-25 19:52:10 -0700 |
| commit | 458d03208dc1a2ae0da6b711380bdc0c8eb978d6 (patch) | |
| tree | 0d156f2d8ec213bcc59b84a7cbf1b78a1b977cd9 /hosts/c-pc | |
| parent | 427bff7d59080b7053ce37a88bfb42e078a40fba (diff) | |
c-pc: move keys to encrypted persist
Diffstat (limited to 'hosts/c-pc')
| -rw-r--r-- | hosts/c-pc/hardware.nix | 17 | ||||
| -rw-r--r-- | hosts/c-pc/home.nix | 12 |
2 files changed, 18 insertions, 11 deletions
diff --git a/hosts/c-pc/hardware.nix b/hosts/c-pc/hardware.nix index 660ac7a..3b4a417 100644 --- a/hosts/c-pc/hardware.nix +++ b/hosts/c-pc/hardware.nix @@ -40,16 +40,17 @@ }; fileSystems = { - "/" = { fsType = "zfs"; device = "zpool/root"; }; - "/nix" = { fsType = "zfs"; device = "zpool/nix"; }; - "/home" = { fsType = "zfs"; device = "zpool/home"; }; - "/persist" = { fsType = "zfs"; device = "zpool/persist"; neededForBoot = true; }; - "/secrets" = { fsType = "zfs"; device = "zpool/secure/secrets"; neededForBoot = true; }; + "/" = { fsType = "zfs"; device = "zpool/root"; }; + "/nix" = { fsType = "zfs"; device = "zpool/nix"; }; + "/home" = { fsType = "zfs"; device = "zpool/home"; }; + "/persist" = { fsType = "zfs"; device = "zpool/persist"; neededForBoot = true; }; + "/persist/secure" = { fsType = "zfs"; device = "zpool/secure/persist"; neededForBoot = true; }; + "/secrets" = { fsType = "zfs"; device = "zpool/secure/secrets"; neededForBoot = true; }; - "/boot" = { fsType = "vfat"; device = "/dev/disk/by-uuid/12CE-A600"; }; + "/boot" = { fsType = "vfat"; device = "/dev/disk/by-uuid/12CE-A600"; }; - "/mnt/4tb" = { fsType = "ext4"; device = "/dev/disk/by-label/4tb"; }; - "/mnt/ssd" = { fsType = "ext4"; device = "/dev/disk/by-label/ssd-256"; }; + "/mnt/4tb" = { fsType = "ext4"; device = "/dev/disk/by-label/4tb"; }; + "/mnt/ssd" = { fsType = "ext4"; device = "/dev/disk/by-label/ssd-256"; }; }; swapDevices = [ ]; diff --git a/hosts/c-pc/home.nix b/hosts/c-pc/home.nix index c2efb51..28a5e12 100644 --- a/hosts/c-pc/home.nix +++ b/hosts/c-pc/home.nix @@ -26,9 +26,6 @@ "Persist" "code" - - ".gnupg" - ".ssh" ".local/bin" ".local/share/applications" @@ -74,6 +71,15 @@ ]; }; + home.persistence."/persist/secure/home" = { + allowOther = true; + + directories = [ + ".gnupg" + ".ssh" + ]; + }; + programs = { feh.enable = true; btop.enable = true; |