holy moly we're almost there

hosts/box/configuration.nix

@@ -0,0 +1,95 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # Use the GRUB 2 boot loader.
+  boot.loader.efi.canTouchEfiVariables = false;
+  boot.loader.efi.efiSysMountPoint = "/boot/efi";
+  boot.loader.grub = {
+    enable = true;
+    device = "nodev";
+    version = 2;
+    efiSupport = true;
+    enableCryptodisk = true;
+    efiInstallAsRemovable = true;
+  };
+
+  boot.initrd.secrets = {
+    "/keyfile0.bin" = /etc/secrets/initrd/keyfile0.bin;
+    "/keyfile1.bin" = /etc/secrets/initrd/keyfile1.bin;
+  };
+
+  boot.initrd.luks.devices = {
+    "root" = {
+      #name = "root";
+      device = "/dev/disk/by-uuid/f37f3222-47d7-42d8-b400-363320a31853"; # UUID for /dev/nvme01np2 
+      preLVM = true;
+      allowDiscards = true;
+      keyFile = "/keyfile0.bin";
+    };
+  };
+
+  # Data mount
+  # fileSystems."/data" = {
+  #   device = "/dev/disk/by-uuid/3276a297-9ee4-4998-b262-1ed100366c06"; # UUID for /dev/mapper/crypted-data
+  #   encrypted = {
+  #     enable = true;
+  #     label = "crypted-data";
+  #     blkDev = "/dev/disk/by-uuid/8a317bf4-fe13-4334-a6df-5fe5a5048b5e"; # UUID for /dev/sda1
+  #     keyFile = "/keyfile1.bin";
+  #   };
+  # };
+
+  networking.interfaces.enp2s0 = {
+    ipv4.addresses = [{
+      address = "192.168.1.240";
+      prefixLength = 24;
+    }];
+    ipv4.routes = [{ address = "192.168.1.0"; prefixLength = 24; via = "192.168.1.1"; }];
+    useDHCP = false;
+  };
+  #networking.nameservers = [ "172.16.11.240" ];
+  networking.nameservers = [ "192.168.1.1" ];
+  networking.defaultGateway = {
+    address = "192.168.1.1";
+    interface = "enp2s0";
+  };
+
+  networking.hostName = "box"; # Define your hostname.
+  # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
+
+  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+  # Per-interface useDHCP will be mandatory in the future, so this generated config
+  # replicates the default behaviour.
+  networking.useDHCP = false;
+  networking.interfaces.wlp3s0.useDHCP = true;
+
+  # Set your time zone.
+  time.timeZone = "Australia/Brisbane";
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+  networking.firewall.allowedTCPPorts = [ 22 ];
+  sound.enable = false;
+
+  programs.gnupg.agent.enable = true;
+  programs.gnupg.agent.pinentryFlavor = "curses";
+  programs.gnupg.agent.enableSSHSupport = true;
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "19.09"; # Did you read the comment?
+
+}
+