Xetibo/DashNix
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Add encryption

Browse source
This commit is contained in:
DashieTM 2025-05-02 11:49:11 +02:00
parent 32f0512ef5
commit f395c61ee3
5 changed files with 292 additions and 257 deletions
Download patch file Download diff file Expand all files Collapse all files

4
docs/src/README.md
View file

@ -5,7 +5,7 @@
</div>
An opinionated flake to bootstrap NixOS systems with default configurations for various programs and services from both NixOS and HomeManger which can be enabled, disabled, configured or replaced at will.
An opinionated flake to bootstrap NixOS systems with default configurations for various programs and services from both NixOS and HomeManager which can be enabled, disabled, configured or replaced at will.
# Usage
@ -116,7 +116,7 @@ Here is a minimal required configuration.nix (the TODOs mention a required chang
# ];
# or amd, whatever you have
gpu.nvidia.enable = true;
kde_connect.enable = true;
kdeConnect.enable = true;
# login manager:
# default is greetd
# greetd = { };

5
home/common.nix
View file

@ -25,11 +25,6 @@ in {
};
keyboard = null;
#file.".local/share/flatpak/overrides/global".text = lib.mkForce ''
# [Context]
# filesystems=xdg-config/gtk-3.0;xdg-config/gtk-4.0
#'';
};
programs.nix-index = {

11
modules/conf.nix
View file

@ -33,7 +33,16 @@
example = true;
description = ''
enables secure boot.
Please don't forget to add your keys.
Note: Secure boot is NOT reproducible
Here are the necessary steps:
+ create your keys with sbctl -> sudo sbctl create-keys
+ build with systemd once -> set this to false and build once
+ build with secureBoot true
+ verify that your keys are signed (note, only systemd and your generations should now be signed): sudo sbtcl verify
+ enroll your keys (microsoft is necessary for windows dualboot support, leave it there): sudo sbctl enroll-keys --microsoft
+ reboot with secureboot enabled
Note: Some motherboards have vendor specific keys for secure boot, this may not necessarily work with our self signed keys
You likely have to disable these vendor specific keys (example HP: sure boot)
'';
};

27
modules/programs/drives.nix
View file

@ -25,6 +25,18 @@
Use swap in drive.
'';
};
useEncryption = lib.mkOption {
default = false;
example = true;
type = lib.types.bool;
description = ''
Enables encryption.
!WARNING!
You need your root drive to be named root exactly!
Otherwise there will not be a root crypt!
!WARNING!
'';
};
homeAndRootFsTypes = lib.mkOption {
default = "ext4";
example = "btrfs";
@ -149,6 +161,21 @@
config = (
lib.optionalAttrs (options ? fileSystems) {
boot.initrd.luks.devices = lib.mkIf (config.mods.drives.variant == "manual" && config.mods.drives.useEncryption) (
builtins.listToAttrs (
map (
{
name,
drive,
}: {
cryptstorage.device = lib.mkIf (name != "root") drive?device;
cryptoroot.device = lib.mkIf (name == "root") drive?device;
}
)
config.mods.drives.extraDrives
)
);
fileSystems = lib.mkIf (config.mods.drives.variant == "manual" && !config.conf.wsl) (
builtins.listToAttrs (
map (

10
modules/programs/hyprland/hyprland.nix
View file

@ -124,6 +124,8 @@ in {
settings =
if config.mods.hyprland.useDefaultConfig
then
(
lib.recursiveUpdate
{
"$mod" = "SUPER";
@ -147,7 +149,7 @@ in {
"$mod SUPER,E,exec,nautilus -w"
"$mod SUPER,N,exec,neovide"
"$mod SUPER,M,exec,oxidash"
"$mod SUPER,R,exec,oxirun"
"$mod SUPER,R,exec,anyrun"
"$mod SUPER,G,exec,oxicalc"
"$mod SUPER,D,exec,oxishut"
"$mod SUPER,A,exec,oxipaste-iced"
@ -373,6 +375,7 @@ in {
++ config.mods.hyprland.extraAutostart;
plugin =
lib.recursiveUpdate
{
hyprspace = lib.mkIf config.mods.hyprland.hyprspaceEnable {
bind = [
@ -380,9 +383,10 @@ in {
];
};
}
// config.mods.hyprland.pluginConfig;
config.mods.hyprland.pluginConfig;
}
// config.mods.hyprland.customConfig
config.mods.hyprland.customConfig
)
else lib.mkForce config.mods.hyprland.customConfig;
plugins =
[