s0me1newithhand7s/reNixos
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

kyra(hardening): ESP 1G->128M, LUKS2 volume and options hadrening

Browse source 
Signed-off-by: s0me1newithhand7s <git+me@hand7s.org>
This commit is contained in:
s0me1newithhand7s 2026-05-03 15:29:57 +03:00
parent 14eea58fbb
commit 72def65f54
1 changed files with 16 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

20
kyra/disko/disk.nix
View file

@ -21,7 +21,7 @@
ESP = { ESP = {
name = "ESP"; name = "ESP";
size = "1024M"; size = "128M";
type = "EF00"; type = "EF00";
content = { content = {
type = "filesystem"; type = "filesystem";
@ -29,15 +29,27 @@
mountpoint = "/boot"; mountpoint = "/boot";
mountOptions = [ mountOptions = [
"umask=0077" "umask=0077"
"noexec"
"nosuid"
"nodev"
"ro"
]; ];
}; };
}; };
root = { luks = {
size = "100%"; size = "100%";
content = { content = {
type = "lvm_pv"; type = "luks";
vg = "pool"; name = "crypted";
settings = {
allowDiscards = true;
};
content = {
type = "lvm_pv";
vg = "pool";
};
}; };
}; };
}; };