diff options
author | Kenny Ballou <kballou@devnulllabs.io> | 2020-06-06 11:35:26 -0600 |
---|---|---|
committer | Kenny Ballou <kballou@devnulllabs.io> | 2020-06-06 11:35:26 -0600 |
commit | 670e7f5b745f299e62dccc5e875f9bb9d00cb05e (patch) | |
tree | ce1592979fae3e8ffcb74dcfd7698ebaa1d90b1a /phenex | |
parent | 0977882e279b5b1ac16c635b08b45c6a32be537d (diff) | |
download | cfg.nix-670e7f5b745f299e62dccc5e875f9bb9d00cb05e.tar.gz cfg.nix-670e7f5b745f299e62dccc5e875f9bb9d00cb05e.tar.xz |
phenex: add gpgcard support for encrypted root
Similar to 94677d9 ("eligos: add gpgcard support for encrypted drives",
Fri Jun 5 07:20:25 2020 -0600), add gpgcard support for unlocking the
encrypted root device before booting.
Signed-off-by: Kenny Ballou <kballou@devnulllabs.io>
Diffstat (limited to 'phenex')
-rw-r--r-- | phenex/configuration.nix | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/phenex/configuration.nix b/phenex/configuration.nix index 236f073..c09abd4 100644 --- a/phenex/configuration.nix +++ b/phenex/configuration.nix @@ -45,7 +45,18 @@ "/dev/disk/by-id/wwn-0x5002538e000c21b7" "/dev/disk/by-id/wwn-0x5002538e40de02bf" ]; - boot.initrd.luks.devices.cryptroot.device = "/dev/disk/by-uuid/64dbda22-7a05-4d1c-a64b-bbbc779f1bdc"; + boot.initrd.luks = { + gpgSupport = true; + devices = { + cryptroot = { + device = "/dev/disk/by-uuid/64dbda22-7a05-4d1c-a64b-bbbc779f1bdc"; + gpgCard = { + publicKey = ./public.asc; + encryptedPass = ./luks-passphrase.asc; + }; + }; + }; + }; boot.blacklistedKernelModules = [ "iptables" ]; |