decryption function
This commit is contained in:
parent
cd5a381451
commit
f3eb45a361
7 changed files with 38 additions and 43 deletions
|
|
@ -6,6 +6,7 @@
|
|||
...
|
||||
}: let
|
||||
user = config.user;
|
||||
decrypt = import ../lib/decrypt.nix;
|
||||
in {
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
|
|
@ -24,22 +25,10 @@ in {
|
|||
options = ["subvol=@" "compress=zstd" "autodefrag"];
|
||||
};
|
||||
|
||||
boot.initrd.postDeviceCommands = pkgs.lib.mkBefore ''
|
||||
mkdir -m 0755 -p /key
|
||||
|
||||
dev=/dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0
|
||||
sleep 1
|
||||
until cryptsetup luksOpen "$dev" usbkey
|
||||
do
|
||||
echo "Insert key and press enter..."
|
||||
read res
|
||||
if test "$res" = "fzf"
|
||||
then
|
||||
ls /dev/disk/by-id | ${pkgs.fzf}/bin/fzf
|
||||
fi
|
||||
done
|
||||
mount -n -t vfat -o ro /dev/mapper/usbkey /key
|
||||
'';
|
||||
boot.initrd.postDeviceCommands = pkgs.lib.mkBefore (decrypt {
|
||||
keydevice = "/dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0";
|
||||
keypartname = "usbkey";
|
||||
});
|
||||
|
||||
boot.initrd.luks.devices."cryptroot" = {
|
||||
device = "/dev/disk/by-uuid/cc0617df-8cbf-4618-abbc-df64c96de151";
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue