From 458d03208dc1a2ae0da6b711380bdc0c8eb978d6 Mon Sep 17 00:00:00 2001 From: Caroline Larimore Date: Thu, 25 Jul 2024 19:52:10 -0700 Subject: c-pc: move keys to encrypted persist --- README.md | 1 + hosts/c-pc/hardware.nix | 17 +++++++++-------- hosts/c-pc/home.nix | 12 +++++++++--- 3 files changed, 19 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 300726f..52aace9 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,7 @@ See [Hardware Configuration](hosts/c-pc/hardware-configuration.nix) - `persist` -> `/persist` - `secure` (encrypted) - `secrets` -> `/secrets` + - `persist` -> `/persist/secure` - `nix` -> `/nix` - 4tb HDD - `4tb` (ext4) -> `/mnt/4tb` diff --git a/hosts/c-pc/hardware.nix b/hosts/c-pc/hardware.nix index 660ac7a..3b4a417 100644 --- a/hosts/c-pc/hardware.nix +++ b/hosts/c-pc/hardware.nix @@ -40,16 +40,17 @@ }; fileSystems = { - "/" = { fsType = "zfs"; device = "zpool/root"; }; - "/nix" = { fsType = "zfs"; device = "zpool/nix"; }; - "/home" = { fsType = "zfs"; device = "zpool/home"; }; - "/persist" = { fsType = "zfs"; device = "zpool/persist"; neededForBoot = true; }; - "/secrets" = { fsType = "zfs"; device = "zpool/secure/secrets"; neededForBoot = true; }; + "/" = { fsType = "zfs"; device = "zpool/root"; }; + "/nix" = { fsType = "zfs"; device = "zpool/nix"; }; + "/home" = { fsType = "zfs"; device = "zpool/home"; }; + "/persist" = { fsType = "zfs"; device = "zpool/persist"; neededForBoot = true; }; + "/persist/secure" = { fsType = "zfs"; device = "zpool/secure/persist"; neededForBoot = true; }; + "/secrets" = { fsType = "zfs"; device = "zpool/secure/secrets"; neededForBoot = true; }; - "/boot" = { fsType = "vfat"; device = "/dev/disk/by-uuid/12CE-A600"; }; + "/boot" = { fsType = "vfat"; device = "/dev/disk/by-uuid/12CE-A600"; }; - "/mnt/4tb" = { fsType = "ext4"; device = "/dev/disk/by-label/4tb"; }; - "/mnt/ssd" = { fsType = "ext4"; device = "/dev/disk/by-label/ssd-256"; }; + "/mnt/4tb" = { fsType = "ext4"; device = "/dev/disk/by-label/4tb"; }; + "/mnt/ssd" = { fsType = "ext4"; device = "/dev/disk/by-label/ssd-256"; }; }; swapDevices = [ ]; diff --git a/hosts/c-pc/home.nix b/hosts/c-pc/home.nix index c2efb51..28a5e12 100644 --- a/hosts/c-pc/home.nix +++ b/hosts/c-pc/home.nix @@ -26,9 +26,6 @@ "Persist" "code" - - ".gnupg" - ".ssh" ".local/bin" ".local/share/applications" @@ -74,6 +71,15 @@ ]; }; + home.persistence."/persist/secure/home" = { + allowOther = true; + + directories = [ + ".gnupg" + ".ssh" + ]; + }; + programs = { feh.enable = true; btop.enable = true; -- cgit v1.2.3