decryption function
This commit is contained in:
parent
cd5a381451
commit
f3eb45a361
7 changed files with 38 additions and 43 deletions
|
|
@ -6,6 +6,7 @@
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
user = config.user;
|
user = config.user;
|
||||||
|
decrypt = import ../lib/decrypt.nix;
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
|
@ -22,19 +23,10 @@ in {
|
||||||
options = ["subvol=@" "compress=zstd" "autodefrag"];
|
options = ["subvol=@" "compress=zstd" "autodefrag"];
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.initrd.postDeviceCommands = pkgs.lib.mkBefore ''
|
boot.initrd.postDeviceCommands = pkgs.lib.mkBefore (decrypt {
|
||||||
mkdir -m 0755 -p /key
|
keydevice = "/dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0";
|
||||||
|
keypartname = "usbkey";
|
||||||
until cryptsetup luksOpen /dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0 usbkey
|
});
|
||||||
do
|
|
||||||
echo "Failed to unlock usbkey!"
|
|
||||||
echo "Found block devices:"
|
|
||||||
ls /dev/disk/by-id/
|
|
||||||
sleep 2
|
|
||||||
done
|
|
||||||
|
|
||||||
mount -n -t vfat -o ro /dev/mapper/usbkey /key
|
|
||||||
'';
|
|
||||||
|
|
||||||
boot.initrd.luks.devices."cryptroot" = {
|
boot.initrd.luks.devices."cryptroot" = {
|
||||||
device = "/dev/disk/by-uuid/570cc51f-bd5c-4bee-a18f-f6aabaf60881";
|
device = "/dev/disk/by-uuid/570cc51f-bd5c-4bee-a18f-f6aabaf60881";
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,7 @@
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
user = config.user;
|
user = config.user;
|
||||||
|
decrypt = import ../lib/decrypt.nix;
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
|
@ -24,22 +25,10 @@ in {
|
||||||
options = ["subvol=@" "compress=zstd" "autodefrag"];
|
options = ["subvol=@" "compress=zstd" "autodefrag"];
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.initrd.postDeviceCommands = pkgs.lib.mkBefore ''
|
boot.initrd.postDeviceCommands = pkgs.lib.mkBefore (decrypt {
|
||||||
mkdir -m 0755 -p /key
|
keydevice = "/dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0";
|
||||||
|
keypartname = "usbkey";
|
||||||
dev=/dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0
|
});
|
||||||
sleep 1
|
|
||||||
until cryptsetup luksOpen "$dev" usbkey
|
|
||||||
do
|
|
||||||
echo "Insert key and press enter..."
|
|
||||||
read res
|
|
||||||
if test "$res" = "fzf"
|
|
||||||
then
|
|
||||||
ls /dev/disk/by-id | ${pkgs.fzf}/bin/fzf
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
mount -n -t vfat -o ro /dev/mapper/usbkey /key
|
|
||||||
'';
|
|
||||||
|
|
||||||
boot.initrd.luks.devices."cryptroot" = {
|
boot.initrd.luks.devices."cryptroot" = {
|
||||||
device = "/dev/disk/by-uuid/cc0617df-8cbf-4618-abbc-df64c96de151";
|
device = "/dev/disk/by-uuid/cc0617df-8cbf-4618-abbc-df64c96de151";
|
||||||
|
|
|
||||||
|
|
@ -5,7 +5,7 @@
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
term = config.programs.terminal;
|
term = config.programs.terminal;
|
||||||
termcmd = "${ config.programs.terminal }/bin/${config.programs.terminal.pname}";
|
termcmd = "${config.programs.terminal}/bin/${config.programs.terminal.pname}";
|
||||||
in {
|
in {
|
||||||
options.programs = {
|
options.programs = {
|
||||||
terminal = lib.mkPackageOption pkgs "foot" {
|
terminal = lib.mkPackageOption pkgs "foot" {
|
||||||
|
|
|
||||||
|
|
@ -5,13 +5,12 @@
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
modifier = config.windowManager.modifierKey;
|
modifier = config.windowManager.modifierKey;
|
||||||
|
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
(import ./swaylock.nix)
|
(import ./swaylock.nix)
|
||||||
(import ./swayidle.nix)
|
(import ./swayidle.nix)
|
||||||
(import ./waybar.nix)
|
(import ./waybar.nix)
|
||||||
(import ./hycov.nix)
|
# (import ./hycov.nix)
|
||||||
];
|
];
|
||||||
xdg.portal = {
|
xdg.portal = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,7 @@
|
||||||
config,
|
config,
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
term = "${ config.programs.terminal }/bin/${config.programs.terminal.pname}";
|
term = "${config.programs.terminal}/bin/${config.programs.terminal.pname}";
|
||||||
modKeyName = config.windowManager.modifierKey;
|
modKeyName = config.windowManager.modifierKey;
|
||||||
modifier =
|
modifier =
|
||||||
if modKeyName == "SUPER"
|
if modKeyName == "SUPER"
|
||||||
|
|
|
||||||
15
lib/decrypt.nix
Normal file
15
lib/decrypt.nix
Normal file
|
|
@ -0,0 +1,15 @@
|
||||||
|
{
|
||||||
|
keydevice,
|
||||||
|
keypartname,
|
||||||
|
}: ''
|
||||||
|
mkdir -m 0755 -p /key
|
||||||
|
|
||||||
|
dev=${keydevice}
|
||||||
|
sleep 1
|
||||||
|
until cryptsetup luksOpen "$dev" usbkey
|
||||||
|
do
|
||||||
|
echo "Insert key and press enter..."
|
||||||
|
read res
|
||||||
|
done
|
||||||
|
mount -n -t vfat -o ro /dev/mapper/${keypartname} /key
|
||||||
|
''
|
||||||
|
|
@ -62,16 +62,16 @@ with lib; let
|
||||||
name = display.name;
|
name = display.name;
|
||||||
value = let
|
value = let
|
||||||
res = display.resolution;
|
res = display.resolution;
|
||||||
in {
|
in
|
||||||
mode =
|
{
|
||||||
mkIf (!resUnset res)
|
mode =
|
||||||
"${toString res.x}x${toString res.y}@${toString res.freq}Hz";
|
mkIf (!resUnset res)
|
||||||
scale = toString display.scaling;
|
"${toString res.x}x${toString res.y}@${toString res.freq}Hz";
|
||||||
}
|
scale = toString display.scaling;
|
||||||
// lib.mkIf ( display ? wallpaper && display.wallpaper != null ) {
|
}
|
||||||
bg = "${ display.wallpaper } fill";
|
// lib.mkIf (display ? wallpaper && display.wallpaper != null) {
|
||||||
}
|
bg = "${display.wallpaper} fill";
|
||||||
;
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
resolutionType = types.submodule {
|
resolutionType = types.submodule {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue