mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

isk

Browse Source
This commit is contained in:
mjallen
2026-01-26 23:08:34 +00:00
parent 8b4489cf8f
commit c5481909a1
5 changed files with 88 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
modules/nixos/boot/common/default.nix
View File

@@ -44,6 +44,31 @@ in
bootspec.enable = (!isArm);
initrd = {
secrets = {
"/etc/clevis/nuc-nixos.jwe" = (lib.snowfall.fs.get-file "secrets/nuc-nixos.jwe");
};
systemd.services."unlock-disk" = {
enable = true;
path = [
pkgs.clevis
pkgs.bcachefs-tools
];
script = ''
clevis decrypt < "/etc/clevis/nuc-nixos.jwe" | bcachefs unlock -k session /dev/disk/by-label/disk-main-nuc-nixos-bcachefs-root
'';
serviceConfig = {
Type = "oneshot";
TimeoutSec = "10s"; # Limit how long we wait for network
};
};
clevis = mkIf (config.${namespace}.hardware.disko.filesystem == "bcachefs"){
enable = true;
# devices = {
# "/dev/disk/by-partlabel/${config.disko.devices.disk.main.content.partitions.root.name}".secretFile = (lib.snowfall.fs.get-file "secrets/nuc-nixos.jwe");
# };
};
luks = mkIf cfg.yubikeyEncryption {
devices = {
"${config.disko.devices.disk.main.content.partitions.root.name}" = {