From 97b8d30b7c4f992a2151316b6c6f926acb2ad001 Mon Sep 17 00:00:00 2001
From: tristan <tristan@tristans.cloud>
Date: Wed, 19 Apr 2023 08:46:26 +0100
Subject: [PATCH] encrypt usbkey

---
 system/zenix/hardware.nix | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/system/zenix/hardware.nix b/system/zenix/hardware.nix
index 8588c32..5cb80af 100644
--- a/system/zenix/hardware.nix
+++ b/system/zenix/hardware.nix
@@ -9,7 +9,7 @@
     ];
 
   boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
+  boot.initrd.kernelModules = ["uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1"];
   boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
 
@@ -19,10 +19,22 @@
       options = [ "subvol=@" "compress=zstd" "autodefrag" ];
     };
 
+  boot.initrd.postDeviceCommands = pkgs.lib.mkBefore ''
+    mkdir -m 0755 -p /key
+
+    sleep 2
+    echo "found block devices"
+    ls /dev/disk/by-id/
+
+    cryptsetup luksOpen /dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0 usbkey
+    mount -n -t vfat -o ro /dev/mapper/usbkey /key
+  '';
+
   boot.initrd.luks.devices."cryptroot" = {
     device = "/dev/disk/by-uuid/cc0617df-8cbf-4618-abbc-df64c96de151";
     keyFileSize = 4096;
-    keyFile = "/dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0";
+    keyFile = "/key/keyfile";
+    preLVM = false;
   };
 
   fileSystems."/home" =