Full Disk Encryption: Difference between revisions
imported>Zimbatm No edit summary |
imported>Zimbatm m fix formatting |
||
| Line 63: | Line 63: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
= zimbatm's laptop recommendation | = zimbatm's laptop recommendation = | ||
Let's say that you have a GPT partition with EFI enabled. You might be booting on other OSes with it. Let's say that your disk layout looks something like this: | Let's say that you have a GPT partition with EFI enabled. You might be booting on other OSes with it. Let's say that your disk layout looks something like this: | ||
<syntaxhighlight lang="bash"> | |||
8 0 500107608 sda | 8 0 500107608 sda | ||
8 1 266240 sda1 - the EFI partition | 8 1 266240 sda1 - the EFI partition | ||
| Line 74: | Line 74: | ||
8 4 371409920 sda4 - the NixOS root partition | 8 4 371409920 sda4 - the NixOS root partition | ||
8 5 1024000 sda5 | 8 5 1024000 sda5 | ||
</syntaxhighlight> | |||
Boot the NixOS installer and partition things according to your taste. What we are then going to do is prepare sda4 with a luks encryption layer: | Boot the NixOS installer and partition things according to your taste. What we are then going to do is prepare sda4 with a luks encryption layer: | ||
<syntaxhighlight lang="bash"> | |||
# format the disk with the luks structure | # format the disk with the luks structure | ||
$ cryptsetup luksFormat /dev/sda4 | $ cryptsetup luksFormat /dev/sda4 | ||
| Line 88: | Line 88: | ||
$ mount /dev/disk/by-label/nixos /mnt | $ mount /dev/disk/by-label/nixos /mnt | ||
$ mount /dev/sda1 /mnt/boot | $ mount /dev/sda1 /mnt/boot | ||
</syntaxhighlight> | |||
Create a swapfile of the size you want | Create a swapfile of the size you want | ||
<syntaxhighlight lang="bash"> | |||
$ fallocate -l 512M /mnt/swapfile | $ fallocate -l 512M /mnt/swapfile | ||
$ chmod 600 /mnt/swapfile | $ chmod 600 /mnt/swapfile | ||
$ mkswap -L swap /mnt/swapfile | $ mkswap -L swap /mnt/swapfile | ||
$ swapon /mnt/swapfile | $ swapon /mnt/swapfile | ||
</syntaxhighlight> | |||
Now keep installing as usual, nixos-generate-config should detect the right partitioning (maybe not the swap file). | Now keep installing as usual, nixos-generate-config should detect the right partitioning (maybe not the swap file). | ||