Added support for encrypted Linodes

2020-05-12 13:05:09 +10:00 · 2020-05-12 13:05:09 +10:00 · 995e5c0735
parent 18997c0d72
commit 995e5c0735
1 changed files with 56 additions and 0 deletions
--- a/hardware/linode_vm-encrypted.nix
+++ b/hardware/linode_vm-encrypted.nix
@ -0,0 +1,56 @@
+# Configuration common to all my encrypted Linode VMs
+
+{ config, pkgs, lib, ... }:
+
+{
+  imports = [
+    # Import the NixOS Qemu guest settings
+    <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+  ];
+
+  boot = {
+    extraModulePackages = [ ];
+    initrd = {
+      availableKernelModules = [ "virtio_pci" "ahci" "sd_mod" ];
+      kernelModules = [ "dm-snapshot" ];
+      luks = {
+        devices = {
+          root = {
+            device = "/dev/sdb";
+            preLVM = true;
+          };
+        };
+      };
+    };
+    kernelModules = [ ];
+    kernelParams = [ "console=ttyS0,19200n8" ];
+    loader = {
+      grub = {
+        forceInstall = true;
+        version =1;
+        extraPerEntryConfig = "root (hd0)";
+        extraConfig = ''
+          serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1;
+          terminal_input serial;
+          terminal_output serial
+        '';
+        device = "nodev";
+      };
+      timeout = 10;
+    };
+  };
+
+  # File systems configuration for the Linode VMs
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/nixos";
+      fsType = "ext4";
+    };
+
+  swapDevices = [
+    {
+      device = "/dev/disk/by-label/swap";
+    }
+  ];
+
+  nix.maxJobs = lib.mkDefault 8;
+}