diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-08-26 15:45:47 +0200 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-08-26 19:04:02 +0200 |
commit | 60e6cc81b5a76751c289d7184ff5842f5e5cca84 (patch) | |
tree | bbfdfc94d48c390756fc96578cf017d693c460c9 /nixos/doc/manual/configuration/luks-file-systems.xml | |
parent | a099ca45054940b63b1615920de158ebafb25ea8 (diff) | |
download | nixlib-60e6cc81b5a76751c289d7184ff5842f5e5cca84.tar nixlib-60e6cc81b5a76751c289d7184ff5842f5e5cca84.tar.gz nixlib-60e6cc81b5a76751c289d7184ff5842f5e5cca84.tar.bz2 nixlib-60e6cc81b5a76751c289d7184ff5842f5e5cca84.tar.lz nixlib-60e6cc81b5a76751c289d7184ff5842f5e5cca84.tar.xz nixlib-60e6cc81b5a76751c289d7184ff5842f5e5cca84.tar.zst nixlib-60e6cc81b5a76751c289d7184ff5842f5e5cca84.zip |
No caps in filenames
Diffstat (limited to 'nixos/doc/manual/configuration/luks-file-systems.xml')
-rw-r--r-- | nixos/doc/manual/configuration/luks-file-systems.xml | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/nixos/doc/manual/configuration/luks-file-systems.xml b/nixos/doc/manual/configuration/luks-file-systems.xml new file mode 100644 index 000000000000..45475dbcd446 --- /dev/null +++ b/nixos/doc/manual/configuration/luks-file-systems.xml @@ -0,0 +1,42 @@ +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-luks-file-systems"> + +<title>LUKS-Encrypted File Systems</title> + +<para>NixOS supports file systems that are encrypted using +<emphasis>LUKS</emphasis> (Linux Unified Key Setup). For example, +here is how you create an encrypted Ext4 file system on the device +<filename>/dev/sda2</filename>: + +<screen> +$ cryptsetup luksFormat /dev/sda2 + +WARNING! +======== +This will overwrite data on /dev/sda2 irrevocably. + +Are you sure? (Type uppercase yes): YES +Enter LUKS passphrase: *** +Verify passphrase: *** + +$ cryptsetup luksOpen /dev/sda2 crypted +Enter passphrase for /dev/sda2: *** + +$ mkfs.ext4 /dev/mapper/crypted +</screen> + +To ensure that this file system is automatically mounted at boot time +as <filename>/</filename>, add the following to +<filename>configuration.nix</filename>: + +<programlisting> +boot.initrd.luks.devices = [ { device = "/dev/sda2"; name = "crypted"; } ]; +fileSystems."/".device = "/dev/mapper/crypted"; +</programlisting> + +</para> + +</section> |