Split off disk encryption.

hosts/common/compute-node.nix

@@ -4,16 +4,9 @@
     ./impermanence.nix
     ./sshd.nix
     ./user-ppetru.nix
+    ./unattended-encryption.nix
   ];
 
-  boot.initrd.kernelModules = [ "usb_storage" ];
-  boot.initrd.luks.devices."luksroot" = {
-      allowDiscards = true;
-      bypassWorkqueues = true;
-      keyFileSize = 4096;
-      keyFile = "/dev/sda";
-  };
-
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;

hosts/common/unattended-encryption.nix

@@ -0,0 +1,9 @@
+{
+  boot.initrd.kernelModules = [ "usb_storage" ];
+  boot.initrd.luks.devices."luksroot" = {
+      allowDiscards = true;
+      bypassWorkqueues = true;
+      keyFileSize = 4096;
+      keyFile = "/dev/sda";
+  };
+}