Swap: Difference between revisions
imported>Winny →Configuration: Add section on random encryption key at boot. TODO: test this. |
imported>Winny m case |
||
| Line 32: | Line 32: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=== Encrypt | === Encrypt swap with random key === | ||
Swap can be automatically encrypted with a new key on every boot. This can be used to simplify certain disk layouts, such as securing a swap file on a filesystem partition without an encryption container (such as LUKS). | Swap can be automatically encrypted with a new key on every boot. This can be used to simplify certain disk layouts, such as securing a swap file on a filesystem partition without an encryption container (such as LUKS). | ||
Revision as of 06:48, 20 April 2023
Configuration
Swap on NixOS is set with the option swapDevices on /etc/nixos/hardware-configuration.nix.
Add a Swapfile
Add a swapfile with the following :
swapDevices = [ {
device = "/var/lib/swapfile";
size = 16*1024;
} ];
Disable swap
To remove all swap devices from NixOS, set the following to remove the swap partition or file from being included in /etc/fstab.
swapDevices = lib.mkForce [ ];
If you are using GPT partitioning tables, systemd-gpt-auto-generator(8) will still mount your swap partition automatically. You must therefore turn on attribute 63 on your partition in the partition table. This can be done with gptfdisk or similar:
gdisk /dev/sda
x
a
<partition number>
63
<enter>
w
Encrypt swap with random key
Swap can be automatically encrypted with a new key on every boot. This can be used to simplify certain disk layouts, such as securing a swap file on a filesystem partition without an encryption container (such as LUKS).
swapDevices = [ {
device = "/dev/sdXY";
randomEncryption.enable = true;
} ];