nullbite/nixfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nullbox: setup auto decrypt

Browse Source
This commit is contained in:
NullBite 2024-03-01 20:52:40 -05:00
parent f2bc1b7d0b
commit cef77e2a56
Signed by: nullbite
GPG Key ID: 6C4D545385D4925A
2 changed files with 29 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
hosts/nullbox/configuration.nix
View File

@ -10,6 +10,8 @@
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
# Encryption
./luks.nix
]; ];
config = { config = {
@ -54,16 +56,6 @@
packageSets.gaming.enable = true; packageSets.gaming.enable = true;
}; };
# cryptsetup
boot.initrd.luks.devices = {
lvmroot = {
device="/dev/disk/by-uuid/85b5f22e-0fa5-4f0d-8fba-f800a0b41671";
allowDiscards = true;
fallbackToPassword = true;
preLVM = true;
};
};
# bootloader setup # bootloader setup
boot.loader = { boot.loader = {
efi = { efi = {

27
hosts/nullbox/luks.nix Normal file
View File

@ -0,0 +1,27 @@
{ pkgs, config, lib, ... }:
let
usb = "903D-DF5B";
in
{
config = {
# cryptsetup
boot.initrd.kernelModules = ["uas" "usbcore" "usb_storage"];
boot.initrd.supportedFilesystems = ["vfat"];
boot.initrd.luks.devices = {
lvmroot = {
preOpenCommands = ''
mkdir -m 0755 /key
sleep 1
mount -n -t vfat -o ro `findfs UUID=${usb}` /key
'';
device="/dev/disk/by-uuid/85b5f22e-0fa5-4f0d-8fba-f800a0b41671";
keyFile = "/key/image.png"; # yes it's literally an image file. bite me
allowDiscards = true;
fallbackToPassword = true;
preLVM = true;
};
};
};
}