From 329fafc3fc7d5937a8fc627e200b2028f7b866dd Mon Sep 17 00:00:00 2001
From: Petru Paler <petru@paler.net>
Date: Fri, 30 Jun 2023 10:35:34 +0100
Subject: [PATCH] Split off disk encryption.

---
 hosts/common/compute-node.nix          | 9 +--------
 hosts/common/unattended-encryption.nix | 9 +++++++++
 2 files changed, 10 insertions(+), 8 deletions(-)
 create mode 100644 hosts/common/unattended-encryption.nix

diff --git a/hosts/common/compute-node.nix b/hosts/common/compute-node.nix
index c9023a1..0930432 100644
--- a/hosts/common/compute-node.nix
+++ b/hosts/common/compute-node.nix
@@ -4,16 +4,9 @@
     ./impermanence.nix
     ./sshd.nix
     ./user-ppetru.nix
+    ./unattended-encryption.nix
   ];
 
-  boot.initrd.kernelModules = [ "usb_storage" ];
-  boot.initrd.luks.devices."luksroot" = {
-      allowDiscards = true;
-      bypassWorkqueues = true;
-      keyFileSize = 4096;
-      keyFile = "/dev/sda";
-  };
-
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
diff --git a/hosts/common/unattended-encryption.nix b/hosts/common/unattended-encryption.nix
new file mode 100644
index 0000000..fae8d58
--- /dev/null
+++ b/hosts/common/unattended-encryption.nix
@@ -0,0 +1,9 @@
+{
+  boot.initrd.kernelModules = [ "usb_storage" ];
+  boot.initrd.luks.devices."luksroot" = {
+      allowDiscards = true;
+      bypassWorkqueues = true;
+      keyFileSize = 4096;
+      keyFile = "/dev/sda";
+  };
+}