diff --git a/config/host-config/nostromo.nix b/config/host-config/nostromo.nix index adcf11c..65e32e9 100644 --- a/config/host-config/nostromo.nix +++ b/config/host-config/nostromo.nix @@ -37,6 +37,21 @@ in { # }; # }; + fudo.hosts.nostromo.encrypted-filesystems.sea-store = { + encrypted-device = "/dev/nostromo-store/locked"; + key-path = "/run/keys/sea-store"; + filesystem-type = "btrfs"; + options = [ "noatime" "nodiratime" "compress=zstd" "noexec" ]; + mountpoints = { + "/share/downloads" = { + options = [ "subvol=@downloads" ]; + }; + "/share/documents" = { + options = [ "subvol=@documents" ]; + }; + }; + }; + fudo.ipfs = { enable = true; users = [ "niten" ]; diff --git a/lib/fudo/host-filesystems.nix b/lib/fudo/host-filesystems.nix index 35bca71..5958ee2 100644 --- a/lib/fudo/host-filesystems.nix +++ b/lib/fudo/host-filesystems.nix @@ -6,15 +6,6 @@ let host-filesystems = config.fudo.hosts.${hostname}.encrypted-filesystems; in { config = { - fileSystems = mapAttrs' (filesystem-name: opts: - nameValuePair opts.target-path - { - device = "/dev/mapper/${filesystem-name}"; - fsType = opts.filesystem-type; - options = opts.filesystem-options; - }) - host-filesystems; - systemd = { mounts = let filesystems = mapAttrsToList @@ -45,7 +36,7 @@ in { path = with pkgs; [ cryptsetup ]; serviceConfig = { ExecStart = pkgs.writeShellScript "decrypt-${filesystem-name}.sh" '' - cryptsetup open --type luks --key-file ${opts.key-path} ${opts.device} ${filesystem-name} + cryptsetup open --type luks --key-file ${opts.key-path} ${opts.encrypted-device} ${filesystem-name} ''; ExecStop = pkgs.writeShellScript "close-${filesystem-name}.sh" '' cryptsetup close /dev/mapper/${filesystem-name} diff --git a/lib/types/host.nix b/lib/types/host.nix index e00402d..889a054 100644 --- a/lib/types/host.nix +++ b/lib/types/host.nix @@ -19,7 +19,7 @@ rec { }; in { options = with types; { - device = mkOption { + encrypted-device = mkOption { type = str; description = "Path to the encrypted device."; };