[Nix-dev] Fwd: Encrypted boot, encrypted root on zfs setup. Problem with root unlocking.

Tomasz Czyż tomasz.czyz at gmail.com
Sat Aug 29 20:37:01 CEST 2015


> I have a working configuration with a Luks-encrypted root filesystem
> on two devices (btrfs). I do not use postBootCommands (except to set
> up encrypted swap). I set
>
>   boot.initrd.luks.devices = [{ device = "/dev/..."; name = (pick any
> name);} {device = ...; name = ...;}];
>   boot.initrd.supportedFilesystems = [ "btrfs" ];
>
> I don't know if there's anything similar if you're not using Luks. Let
> me know if this helps.
>
I'm using luks.
Problem is that I do not want to enter the password for 4 disks. So I keep
key file on other partition and than I have to decrypt partitions with this
key. I didn't find how to do it in configure.nix file. Probably could be
something like

boot.initrd.luks.devices = [{ device="/dev/...", keyfile="XXX" }]

but whatever I do it manually or there is any way in configure.nix, I need
to know where the key actually is.

So I have an Idea, I'll try to mount the boot partition somewhere. but
maybe it's already mounted or there are any better ways to do it ?

>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20150829/5a7f5c04/attachment.html 


More information about the nix-dev mailing list