encrypted usb key

system/work/hardware.nix

@@ -9,7 +9,7 @@
     ];
 
   boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ];
-  boot.initrd.kernelModules = [ ];
+  boot.initrd.kernelModules = ["uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1"];
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
 
@@ -19,10 +19,22 @@
       options = [ "subvol=@" "compress=zstd" "autodefrag" ];
     };
 
+  boot.initrd.postDeviceCommands = pkgs.lib.mkBefore ''
+    mkdir -m 0755 -p /key
+
+    sleep 2
+    echo "found block devices"
+    ls /dev/disk/by-id/
+
+    cryptsetup luksOpen /dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0 usbkey
+    mount -n -t vfat -o ro /dev/mapper/usbkey /key
+  '';
+
   boot.initrd.luks.devices."cryptroot" = {
     device = "/dev/disk/by-uuid/570cc51f-bd5c-4bee-a18f-f6aabaf60881";
     keyFileSize = 4096;
-    keyFile = "/dev/sda";
+    keyFile = "/key/keyfile";
+    preLVM = false;
   };
 
   fileSystems."/home" =

system/work/home.nix

@@ -23,10 +23,9 @@
 
   wayland.windowManager.hyprland = {
     extraConfig = ''
-      exec-once = swaybg -o eDP-1 -i ~/Pictures/backgrounds/nix-wallpaper-simple-red.png &
+      exec-once = ${pkgs.swaybg}/bin/swaybg -o eDP-1 -i ~/Pictures/backgrounds/nix-wallpaper-simple-red.png &
 
       monitor = ,preferred,auto, 1.2
-      accel_profile = flat
       input {
         kb_variant = dvorak
       }