From fe5e194d14971444174ac542a7e241c455dcbd62 Mon Sep 17 00:00:00 2001
From: Benoit Donneaux <benoit@leastauthority.com>
Date: Thu, 22 Feb 2024 10:44:56 +0100
Subject: [PATCH] Enable swap encryption for hro-cloud

Signed-off-by: Benoit Donneaux <benoit@leastauthority.com>
---
 morph/grid/hro-cloud/storage001-hardware.nix |  7 ++++---
 morph/grid/hro-cloud/storage002-hardware.nix |  7 ++++---
 morph/grid/hro-cloud/storage003-hardware.nix | 10 +++++++---
 morph/lib/issuer-payments-ovh.nix            |  1 +
 4 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/morph/grid/hro-cloud/storage001-hardware.nix b/morph/grid/hro-cloud/storage001-hardware.nix
index b2ebd742..6c76a336 100644
--- a/morph/grid/hro-cloud/storage001-hardware.nix
+++ b/morph/grid/hro-cloud/storage001-hardware.nix
@@ -29,9 +29,10 @@
       fsType = "zfs";
     };
 
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/45eb994e-0d1b-4903-9412-920f0ba017c9"; }
-    ];
+  swapDevices = [ {
+    device = "/dev/disk/by-uuid/45eb994e-0d1b-4903-9412-920f0ba017c9";
+    randomEncryption = true;
+  } ];
 
   nix.maxJobs = lib.mkDefault 24;
   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
diff --git a/morph/grid/hro-cloud/storage002-hardware.nix b/morph/grid/hro-cloud/storage002-hardware.nix
index 15cdbba3..84a20dde 100644
--- a/morph/grid/hro-cloud/storage002-hardware.nix
+++ b/morph/grid/hro-cloud/storage002-hardware.nix
@@ -31,9 +31,10 @@
       fsType = "vfat";
     };
 
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/51e0652f-46c9-4150-95a1-223f37154d4f"; }
-    ];
+  swapDevices = [ {
+    device = "/dev/disk/by-uuid/51e0652f-46c9-4150-95a1-223f37154d4f"; }
+    randomEncryption = true;
+  } ];
 
   nix.maxJobs = lib.mkDefault 24;
   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
diff --git a/morph/grid/hro-cloud/storage003-hardware.nix b/morph/grid/hro-cloud/storage003-hardware.nix
index 1a4bc3f7..8d54609e 100644
--- a/morph/grid/hro-cloud/storage003-hardware.nix
+++ b/morph/grid/hro-cloud/storage003-hardware.nix
@@ -23,12 +23,16 @@
     { device = "/dev/disk/by-uuid/23DC-4051";
       fsType = "vfat";
     };
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/b02af75a-ea3a-47cf-ad40-c6611ee4dc09"; }
-    ];
+
   fileSystems."/storage" = {
      device = "root";
      fsType = "zfs";
    };
+
+  swapDevices = [ {
+    device = "/dev/disk/by-uuid/b02af75a-ea3a-47cf-ad40-c6611ee4dc09"; }
+    randomEncryption = true;
+  } ];
+
   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
diff --git a/morph/lib/issuer-payments-ovh.nix b/morph/lib/issuer-payments-ovh.nix
index 53defef0..a614e743 100644
--- a/morph/lib/issuer-payments-ovh.nix
+++ b/morph/lib/issuer-payments-ovh.nix
@@ -8,6 +8,7 @@
   
   swapDevices = [ {
     device = "/dev/sda2";
+    randomEncryption = true;
   } ];
 
   # Break the tie between AWS and morph for the hostname by forcing the
-- 
GitLab