diff options
author | Marcin Falkiewicz <avalatron@gmail.com> | 2015-06-29 10:56:19 +0200 |
---|---|---|
committer | Marcin Falkiewicz <avalatron@gmail.com> | 2015-06-29 17:36:47 +0200 |
commit | c1becad3eb8b5cef1f0db046295edcab35a5b080 (patch) | |
tree | 08f413ee6e87a577d54b10b41cb4fe76c4f4d8f5 /nixos/modules/system/boot/luksroot.nix | |
parent | d94285788f854b91dc34b9b084b291606d3b1a60 (diff) | |
download | nixlib-c1becad3eb8b5cef1f0db046295edcab35a5b080.tar nixlib-c1becad3eb8b5cef1f0db046295edcab35a5b080.tar.gz nixlib-c1becad3eb8b5cef1f0db046295edcab35a5b080.tar.bz2 nixlib-c1becad3eb8b5cef1f0db046295edcab35a5b080.tar.lz nixlib-c1becad3eb8b5cef1f0db046295edcab35a5b080.tar.xz nixlib-c1becad3eb8b5cef1f0db046295edcab35a5b080.tar.zst nixlib-c1becad3eb8b5cef1f0db046295edcab35a5b080.zip |
nixos/modules/system/boot/luksroot.nix: allow for LUKS devices with detached header
Diffstat (limited to 'nixos/modules/system/boot/luksroot.nix')
-rw-r--r-- | nixos/modules/system/boot/luksroot.nix | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix index 3799e5d7ddb6..1b4f0d401e6d 100644 --- a/nixos/modules/system/boot/luksroot.nix +++ b/nixos/modules/system/boot/luksroot.nix @@ -5,7 +5,7 @@ with lib; let luks = config.boot.initrd.luks; - openCommand = { name, device, keyFile, keyFileSize, allowDiscards, yubikey, ... }: '' + openCommand = { name, device, header, keyFile, keyFileSize, allowDiscards, yubikey, ... }: '' # Wait for luksRoot to appear, e.g. if on a usb drive. # XXX: copied and adapted from stage-1-init.sh - should be # available as a function. @@ -33,6 +33,7 @@ let open_normally() { cryptsetup luksOpen ${device} ${name} ${optionalString allowDiscards "--allow-discards"} \ + ${optionalString (header != null) "--header=${header}"} \ ${optionalString (keyFile != null) "--key-file=${keyFile} ${optionalString (keyFileSize != null) "--keyfile-size=${toString keyFileSize}"}"} } @@ -251,6 +252,16 @@ in description = "Path of the underlying block device."; }; + header = mkOption { + default = null; + example = "/root/header.img"; + type = types.nullOr types.string; + description = '' + The name of the file or block device that + should be used as header for the encrypted device. + ''; + }; + keyFile = mkOption { default = null; example = "/dev/sdb1"; |