Swap: Difference between revisions
imported>Axelbdt Add method to add swapfile |
imported>Winny →Configuration: Add section on random encryption key at boot. TODO: test this. |
||
| Line 30: | Line 30: | ||
<enter> | <enter> | ||
w | w | ||
</syntaxhighlight> | |||
=== Encrypt Swap with random key === | |||
Swap can be automatically encrypted with a new key on every boot. This can be used to simplify certain disk layouts, such as securing a swap file on a filesystem partition without an encryption container (such as LUKS). | |||
<syntaxhighlight lang="nix"> | |||
swapDevices = [ { | |||
device = "/dev/sdXY"; | |||
randomEncryption.enable = true; | |||
} ]; | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Revision as of 06:47, 20 April 2023
Configuration
Swap on NixOS is set with the option swapDevices on /etc/nixos/hardware-configuration.nix.
Add a Swapfile
Add a swapfile with the following :
swapDevices = [ {
device = "/var/lib/swapfile";
size = 16*1024;
} ];
Disable swap
To remove all swap devices from NixOS, set the following to remove the swap partition or file from being included in /etc/fstab.
swapDevices = lib.mkForce [ ];
If you are using GPT partitioning tables, systemd-gpt-auto-generator(8) will still mount your swap partition automatically. You must therefore turn on attribute 63 on your partition in the partition table. This can be done with gptfdisk or similar:
gdisk /dev/sda
x
a
<partition number>
63
<enter>
w
Encrypt Swap with random key
Swap can be automatically encrypted with a new key on every boot. This can be used to simplify certain disk layouts, such as securing a swap file on a filesystem partition without an encryption container (such as LUKS).
swapDevices = [ {
device = "/dev/sdXY";
randomEncryption.enable = true;
} ];