Swap: Difference between revisions

From NixOS Wiki
imported>Axelbdt
Add method to add swapfile
imported>Winny
→‎Configuration: Add section on random encryption key at boot. TODO: test this.
Line 30: Line 30:
<enter>
<enter>
w
w
</syntaxhighlight>
=== Encrypt Swap with random key ===
Swap can be automatically encrypted with a new key on every boot.  This can be used to simplify certain disk layouts, such as securing a swap file on a filesystem partition without  an encryption container (such as LUKS).
<syntaxhighlight lang="nix">
swapDevices = [ {
    device = "/dev/sdXY";
    randomEncryption.enable = true;
  } ];
</syntaxhighlight>
</syntaxhighlight>

Revision as of 06:47, 20 April 2023

Configuration

Swap on NixOS is set with the option swapDevices on /etc/nixos/hardware-configuration.nix.

Add a Swapfile

Add a swapfile with the following :

 swapDevices = [ {
    device = "/var/lib/swapfile";
    size = 16*1024;
  } ];

Disable swap

To remove all swap devices from NixOS, set the following to remove the swap partition or file from being included in /etc/fstab.

swapDevices = lib.mkForce [ ];

If you are using GPT partitioning tables, systemd-gpt-auto-generator(8) will still mount your swap partition automatically. You must therefore turn on attribute 63 on your partition in the partition table. This can be done with gptfdisk or similar:

gdisk /dev/sda
x
a
<partition number>
63
<enter>
w

Encrypt Swap with random key

Swap can be automatically encrypted with a new key on every boot. This can be used to simplify certain disk layouts, such as securing a swap file on a filesystem partition without an encryption container (such as LUKS).

 swapDevices = [ {
    device = "/dev/sdXY";
    randomEncryption.enable = true; 
  } ];