1 files changed, 15 insertions, 3 deletions

diff --git a/gnu/system/examples/desktop.tmpl b/gnu/system/examples/desktop.tmpl
index 2fcf90f8b1..21b4563b53 100644
--- a/gnu/system/examples/desktop.tmpl
+++ b/gnu/system/examples/desktop.tmpl
@@ -1,9 +1,10 @@
 ;; This is an operating system configuration template
-;; for a "desktop" setup with GNOME and Xfce.
+;; for a "desktop" setup with GNOME and Xfce where the
+;; root partition is encrypted with LUKS.
 
 (use-modules (gnu) (gnu system nss))
 (use-service-modules desktop)
-(use-package-modules certs)
+(use-package-modules certs gnome)
 
 (operating-system
   (host-name "antelope")
@@ -13,11 +14,21 @@
   ;; Assuming /dev/sdX is the target hard disk, and "my-root"
   ;; is the label of the target root file system.
   (bootloader (grub-configuration (device "/dev/sdX")))
+
+  ;; Specify a mapped device for the encrypted root partition.
+  ;; The UUID is that returned by 'cryptsetup luksUUID'.
+  (mapped-devices
+   (list (mapped-device
+          (source (uuid "12345678-1234-1234-1234-123456789abc"))
+          (target "the-root-device")
+          (type luks-device-mapping))))
+
   (file-systems (cons (file-system
                         (device "my-root")
                         (title 'label)
                         (mount-point "/")
-                        (type "ext4"))
+                        (type "ext4")
+                        (dependencies mapped-devices))
                       %base-file-systems))
 
   (users (cons (user-account
@@ -31,6 +42,7 @@
 
   ;; This is where we specify system-wide packages.
   (packages (cons* nss-certs         ;for HTTPS access
+                   gvfs              ;for user mounts
                    %base-packages))
 
   ;; Add GNOME and/or Xfce---we can choose at the log-in