diff options
author | Alyssa Ross <hi@alyssa.is> | 2024-04-10 20:43:08 +0200 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2024-04-10 20:43:08 +0200 |
commit | 69bfdf2484041b9d242840c4e5017b4703383bb0 (patch) | |
tree | d8bdaa69e7990d7d6f09b594b3c425f742acd2d0 /nixpkgs/nixos/modules/system/boot/clevis.md | |
parent | c8aee4b4363b6bf905a521b05b7476960e8286c8 (diff) | |
parent | d8fe5e6c92d0d190646fb9f1056741a229980089 (diff) | |
download | nixlib-69bfdf2484041b9d242840c4e5017b4703383bb0.tar nixlib-69bfdf2484041b9d242840c4e5017b4703383bb0.tar.gz nixlib-69bfdf2484041b9d242840c4e5017b4703383bb0.tar.bz2 nixlib-69bfdf2484041b9d242840c4e5017b4703383bb0.tar.lz nixlib-69bfdf2484041b9d242840c4e5017b4703383bb0.tar.xz nixlib-69bfdf2484041b9d242840c4e5017b4703383bb0.tar.zst nixlib-69bfdf2484041b9d242840c4e5017b4703383bb0.zip |
Merge commit 'd8fe5e6c'
Conflicts: nixpkgs/pkgs/build-support/go/module.nix
Diffstat (limited to 'nixpkgs/nixos/modules/system/boot/clevis.md')
-rw-r--r-- | nixpkgs/nixos/modules/system/boot/clevis.md | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/nixpkgs/nixos/modules/system/boot/clevis.md b/nixpkgs/nixos/modules/system/boot/clevis.md index dcbf55de60a8..39edc0fc38df 100644 --- a/nixpkgs/nixos/modules/system/boot/clevis.md +++ b/nixpkgs/nixos/modules/system/boot/clevis.md @@ -39,13 +39,17 @@ For more complete documentation on how to generate a secret with clevis, see the In order to activate unattended decryption of a resource at boot, enable the `clevis` module: -``` -boot.initrd.clevis.enable = true; +```nix +{ + boot.initrd.clevis.enable = true; +} ``` Then, specify the device you want to decrypt using a given clevis secret. Clevis will automatically try to decrypt the device at boot and will fallback to interactive unlocking if the decryption policy is not fulfilled. -``` -boot.initrd.clevis.devices."/dev/nvme0n1p1".secretFile = ./nvme0n1p1.jwe; +```nix +{ + boot.initrd.clevis.devices."/dev/nvme0n1p1".secretFile = ./nvme0n1p1.jwe; +} ``` Only `bcachefs`, `zfs` and `luks` encrypted devices are supported at this time. |