spike: mount swap and µsd with keyfiles in initrd

This commit is contained in:
Artemis Tosini 2023-11-27 06:19:04 +00:00
parent b01205f649
commit 69998a47a0
Signed by: artemist
GPG key ID: ADFFE553DCBB831E

View file

@ -9,15 +9,19 @@
};
swapDevices = lib.mkForce [{
device = "/dev/disk/by-partuuid/ef7cb78c-a07d-45e2-a92a-0f041c42f07a";
randomEncryption = {
device = "/dev/disk/by-uuid/addae2e4-d7d7-4fcd-b2cb-7635c794d652";
encrypted = {
enable = true;
allowDiscards = true;
label = "swap";
blkDev = "/dev/disk/by-uuid/e5381f7c-fb90-4762-8a27-aa05429893e7";
keyFile = "/sysroot/var/lib/private/swap_key";
};
}];
# This has to go in crypttab because we won't have the keyfile in the initrd
environment.etc.crypttab.text = ''
microsd /dev/disk/by-uuid/51ed9e97-06cf-4c54-a71a-c182bb0ced9e /var/lib/private/µsd_key
'';
fileSystems."/media/µsd".encrypted = {
enable = true;
label = "microsd";
blkDev = "/dev/disk/by-uuid/51ed9e97-06cf-4c54-a71a-c182bb0ced9e";
keyFile = "/sysroot/var/lib/private/µsd_key";
};
}