From 4b0b8d385062c7642e8763a73530bc5f3b02a303 Mon Sep 17 00:00:00 2001
From: Natasha Moongrave <natasha@256phi.eu>
Date: Mon, 11 May 2026 12:50:04 +0200
Subject: Added encryption configuration to the system config

---
 system/default.nix    |  1 +
 system/encryption.nix | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 system/encryption.nix

(limited to 'system')

diff --git a/system/default.nix b/system/default.nix
index 0893ac0..5022caf 100644
--- a/system/default.nix
+++ b/system/default.nix
@@ -10,6 +10,7 @@
     ./programs.nix
     ./services.nix
     ./users.nix
+    ./encryption.nix
     # Desktop and stylix are now configured per-rice in home/rices/*/system.nix
   ];
 
diff --git a/system/encryption.nix b/system/encryption.nix
new file mode 100644
index 0000000..152d657
--- /dev/null
+++ b/system/encryption.nix
@@ -0,0 +1,17 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [
+    cryptsetup
+  ];
+
+  environment.etc."crypttab" = {
+    text = ''
+      ssh-keys UUID=da31e270-80d4-4a89-9633-87dd4d736ca2 none noauto,x-systemd.device-timeout=0
+    '';
+  };
+
+  fileSystems."/mnt/ssh-keys" = {
+    device = "/dev/mapper/ssh-keys";
+    fsType = "ext4";
+    options = ["noauto" "nofail" "x-systemd.automount" "x-systemd.idle-timeout=300"];
+  };
+}
-- 
cgit v1.2.3