[Nix-dev] How to add file to initrd?
Bryan Gardiner
bog at khumba.net
Wed Sep 9 08:03:50 CEST 2015
On Tue, Sep 08, 2015 at 08:09:16PM +0100, Tomasz Czyż wrote:
> Hi,
>
> Continuation of this thread:
> http://thread.gmane.org/gmane.linux.distributions.nixos/17879/focus=17880
>
> I already successfully set up crypted partitions for mdadm and for zfs. The
> system is mounting them properly with standard nixos configuration using
> ``boot.initrd.luks`` configs.
>
> But for each mount I have to pass password/key. I thought I can put keys
> for all partitions to initrd as initrd is on encrypted boot partition
> (boot). The process would be like:
> * enter password for grub
> * grub loads initrd
> * initrd unlocks all other partitions
>
> Currently it works for me in very strange way.
> I am using preLVMCommands option with "echo 'mykey' > /key".
> I don't like it because I cannot keep my configuration on git somewhere
> cause it expose my passwords.
How about doing something like:
preLVMCommands =
let key = builtins.readFile ./keyfile; in
"echo '${key}' >/key"
then putting keyfile in gitignore?
- Bryan
> Is there any way to add key files to initrd? (I found some "extra" options
> for boot partition but not for initrd, maybe there are some hooks I'm not
> aware of)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
Url : http://lists.science.uu.nl/pipermail/nix-dev/attachments/20150908/eead89ff/attachment.bin
More information about the nix-dev
mailing list