decryption loop

2023-04-20 09:31:53 +01:00 · 2023-04-20 09:31:53 +01:00 · d7fa0319d0
commit d7fa0319d0
parent 23c20ce17f
2 changed files with 34 additions and 22 deletions
--- a/system/work/hardware.nix
+++ b/system/work/hardware.nix
@ -5,16 +5,18 @@

 {
  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
    ];

  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ];
-  boot.initrd.kernelModules = ["uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1"];
+  boot.initrd.kernelModules = [ "uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1" ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];

  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/48a07e82-1090-448c-a751-3a410afba0f7";
+    {
+      device = "/dev/disk/by-uuid/48a07e82-1090-448c-a751-3a410afba0f7";
      fsType = "btrfs";
      options = [ "subvol=@" "compress=zstd" "autodefrag" ];
    };
@ -22,11 +24,14 @@
  boot.initrd.postDeviceCommands = pkgs.lib.mkBefore ''
    mkdir -m 0755 -p /key

-    sleep 2
-    echo "found block devices"
-    ls /dev/disk/by-id/
+    until cryptsetup luksOpen /dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0 usbkey
+    do
+      echo "Failed to unlock usbkey!"
+      echo "Found block devices:"
+      ls /dev/disk/by-id/
+      sleep 2
+    done

-    cryptsetup luksOpen /dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0 usbkey
    mount -n -t vfat -o ro /dev/mapper/usbkey /key
  '';

@ -38,13 +43,15 @@
  };

  fileSystems."/home" =
-    { device = "/dev/disk/by-uuid/48a07e82-1090-448c-a751-3a410afba0f7";
+    {
+      device = "/dev/disk/by-uuid/48a07e82-1090-448c-a751-3a410afba0f7";
      fsType = "btrfs";
      options = [ "subvol=@home" "compress=zstd" "autodefrag" ];
    };

  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/EED9-A165";
+    {
+      device = "/dev/disk/by-uuid/EED9-A165";
      fsType = "vfat";
    };

@ -66,7 +73,7 @@
    enable = true;
    extraPackages = with pkgs; [
      intel-media-driver # LIBVA_DRIVER_NAME=iHD
-      vaapiIntel         # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
+      vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
      vaapiVdpau
      libvdpau-va-gl
    ];
--- a/system/zenix/hardware.nix
+++ b/system/zenix/hardware.nix
@ -5,16 +5,18 @@

 {
  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
    ];

  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
-  boot.initrd.kernelModules = ["uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1"];
+  boot.initrd.kernelModules = [ "uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1" ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];

  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/2dad5ed6-44cc-4d9d-9392-32afaa7b3909";
+    {
+      device = "/dev/disk/by-uuid/2dad5ed6-44cc-4d9d-9392-32afaa7b3909";
      fsType = "btrfs";
      options = [ "subvol=@" "compress=zstd" "autodefrag" ];
    };
@ -22,11 +24,13 @@
  boot.initrd.postDeviceCommands = pkgs.lib.mkBefore ''
    mkdir -m 0755 -p /key

-    sleep 2
-    echo "found block devices"
-    ls /dev/disk/by-id/
-
-    cryptsetup luksOpen /dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0 usbkey
+    until cryptsetup luksOpen /dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0 usbkey
+    do
+      echo "Failed to unlock usbkey!"
+      echo "Found block devices:"
+      ls /dev/disk/by-id/
+      sleep 2
+    done
    mount -n -t vfat -o ro /dev/mapper/usbkey /key
  '';

@ -38,19 +42,20 @@
  };

  fileSystems."/home" =
-    { device = "/dev/disk/by-uuid/2dad5ed6-44cc-4d9d-9392-32afaa7b3909";
+    {
+      device = "/dev/disk/by-uuid/2dad5ed6-44cc-4d9d-9392-32afaa7b3909";
      fsType = "btrfs";
      options = [ "subvol=@home" "compress=zstd" "autodefrag" ];
    };

  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/FE7E-0DE3";
+    {
+      device = "/dev/disk/by-uuid/FE7E-0DE3";
      fsType = "vfat";
    };

  swapDevices =
-    [ { device = "/dev/disk/by-uuid/da57b489-ab77-4830-b710-9f96cf43d053"; }
-    ];
+    [{ device = "/dev/disk/by-uuid/da57b489-ab77-4830-b710-9f96cf43d053"; }];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's