decryption loop

system/work/hardware.nix

@@ -5,16 +5,18 @@
 
 {
   imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
     ];
 
   boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ];
-  boot.initrd.kernelModules = ["uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1"];
+  boot.initrd.kernelModules = [ "uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1" ];
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =
-    { device = "/dev/disk/by-uuid/48a07e82-1090-448c-a751-3a410afba0f7";
+    {
+      device = "/dev/disk/by-uuid/48a07e82-1090-448c-a751-3a410afba0f7";
       fsType = "btrfs";
       options = [ "subvol=@" "compress=zstd" "autodefrag" ];
     };
@@ -22,11 +24,14 @@
   boot.initrd.postDeviceCommands = pkgs.lib.mkBefore ''
     mkdir -m 0755 -p /key
 
-    sleep 2
+    until cryptsetup luksOpen /dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0 usbkey
-    echo "found block devices"
+    do
+      echo "Failed to unlock usbkey!"
+      echo "Found block devices:"
       ls /dev/disk/by-id/
+      sleep 2
+    done
 
-    cryptsetup luksOpen /dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0 usbkey
     mount -n -t vfat -o ro /dev/mapper/usbkey /key
   '';
 
@@ -38,13 +43,15 @@
   };
 
   fileSystems."/home" =
-    { device = "/dev/disk/by-uuid/48a07e82-1090-448c-a751-3a410afba0f7";
+    {
+      device = "/dev/disk/by-uuid/48a07e82-1090-448c-a751-3a410afba0f7";
       fsType = "btrfs";
       options = [ "subvol=@home" "compress=zstd" "autodefrag" ];
     };
 
   fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/EED9-A165";
+    {
+      device = "/dev/disk/by-uuid/EED9-A165";
       fsType = "vfat";
     };
 

system/zenix/hardware.nix

@@ -5,16 +5,18 @@
 
 {
   imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
     ];
 
   boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
-  boot.initrd.kernelModules = ["uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1"];
+  boot.initrd.kernelModules = [ "uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1" ];
   boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =
-    { device = "/dev/disk/by-uuid/2dad5ed6-44cc-4d9d-9392-32afaa7b3909";
+    {
+      device = "/dev/disk/by-uuid/2dad5ed6-44cc-4d9d-9392-32afaa7b3909";
       fsType = "btrfs";
       options = [ "subvol=@" "compress=zstd" "autodefrag" ];
     };
@@ -22,11 +24,13 @@
   boot.initrd.postDeviceCommands = pkgs.lib.mkBefore ''
     mkdir -m 0755 -p /key
 
-    sleep 2
+    until cryptsetup luksOpen /dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0 usbkey
-    echo "found block devices"
+    do
+      echo "Failed to unlock usbkey!"
+      echo "Found block devices:"
       ls /dev/disk/by-id/
-
+      sleep 2
-    cryptsetup luksOpen /dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0 usbkey
+    done
     mount -n -t vfat -o ro /dev/mapper/usbkey /key
   '';
 
@@ -38,19 +42,20 @@
   };
 
   fileSystems."/home" =
-    { device = "/dev/disk/by-uuid/2dad5ed6-44cc-4d9d-9392-32afaa7b3909";
+    {
+      device = "/dev/disk/by-uuid/2dad5ed6-44cc-4d9d-9392-32afaa7b3909";
       fsType = "btrfs";
       options = [ "subvol=@home" "compress=zstd" "autodefrag" ];
     };
 
   fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/FE7E-0DE3";
+    {
+      device = "/dev/disk/by-uuid/FE7E-0DE3";
       fsType = "vfat";
     };
 
   swapDevices =
-    [ { device = "/dev/disk/by-uuid/da57b489-ab77-4830-b710-9f96cf43d053"; }
+    [{ device = "/dev/disk/by-uuid/da57b489-ab77-4830-b710-9f96cf43d053"; }];
-    ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's