mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

testing

Browse Source
This commit is contained in:
mjallen18
2026-01-26 17:16:33 -06:00
parent c5481909a1
commit c29ff231f9
1 changed files with 19 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
modules/nixos/boot/common/default.nix
View File

@@ -45,30 +45,30 @@ in
initrd = { initrd = {
secrets = { secrets = {
"/etc/clevis/nuc-nixos.jwe" = (lib.snowfall.fs.get-file "secrets/nuc-nixos.jwe"); "/etc/clevis/nuc-nixos.jwe" = (lib.snowfall.fs.get-file "secrets/nuc-nixos.jwe");
}; };
systemd.services."unlock-disk" = { systemd.services."unlock-disk" = {
enable = true; enable = true;
path = [ path = [
pkgs.clevis pkgs.clevis
pkgs.bcachefs-tools pkgs.bcachefs-tools
]; ];
script = '' script = ''
clevis decrypt < "/etc/clevis/nuc-nixos.jwe" | bcachefs unlock -k session /dev/disk/by-label/disk-main-nuc-nixos-bcachefs-root clevis decrypt < "/etc/clevis/nuc-nixos.jwe" | bcachefs unlock -k session /dev/disk/by-label/disk-main-nuc-nixos-bcachefs-root
''; '';
serviceConfig = { wantedBy = [ "initrd-root-device.target" ];
Type = "oneshot"; requiredBy = [ "initrd-root-fs.target" ];
TimeoutSec = "10s"; # Limit how long we wait for network serviceConfig = {
}; Type = "oneshot";
}; TimeoutSec = "10s";
};
};
clevis = mkIf (config.${namespace}.hardware.disko.filesystem == "bcachefs"){ clevis = mkIf (config.${namespace}.hardware.disko.filesystem == "bcachefs"){
enable = true; enable = true;
# devices = {
# "/dev/disk/by-partlabel/${config.disko.devices.disk.main.content.partitions.root.name}".secretFile = (lib.snowfall.fs.get-file "secrets/nuc-nixos.jwe");
# };
}; };
luks = mkIf cfg.yubikeyEncryption { luks = mkIf cfg.yubikeyEncryption {
devices = { devices = {
"${config.disko.devices.disk.main.content.partitions.root.name}" = { "${config.disko.devices.disk.main.content.partitions.root.name}" = {