phenex: add gpgcard support for encrypted root

Similar to 94677d9 ("eligos: add gpgcard support for encrypted drives", Fri Jun 5 07:20:25 2020 -0600), add gpgcard support for unlocking the encrypted root device before booting. Signed-off-by: Kenny Ballou <kballou@devnulllabs.io>
author: Kenny Ballou <kballou@devnulllabs.io> 2020-06-06 11:35:26 -0600
committer: Kenny Ballou <kballou@devnulllabs.io> 2020-06-06 11:35:26 -0600
commit: 670e7f5b745f299e62dccc5e875f9bb9d00cb05e (patch)
tree: ce1592979fae3e8ffcb74dcfd7698ebaa1d90b1a /phenex
parent: 0977882e279b5b1ac16c635b08b45c6a32be537d (diff)
download: cfg.nix-670e7f5b745f299e62dccc5e875f9bb9d00cb05e.tar.gz
cfg.nix-670e7f5b745f299e62dccc5e875f9bb9d00cb05e.tar.xz
1 files changed, 12 insertions, 1 deletions
diff --git a/phenex/configuration.nix b/phenex/configuration.nix
index 236f073..c09abd4 100644
--- a/phenex/configuration.nix
+++ b/phenex/configuration.nix
@@ -45,7 +45,18 @@
       "/dev/disk/by-id/wwn-0x5002538e000c21b7"
       "/dev/disk/by-id/wwn-0x5002538e40de02bf"
   ];
-  boot.initrd.luks.devices.cryptroot.device = "/dev/disk/by-uuid/64dbda22-7a05-4d1c-a64b-bbbc779f1bdc";
+  boot.initrd.luks = {
+    gpgSupport = true;
+    devices = {
+      cryptroot = {
+        device = "/dev/disk/by-uuid/64dbda22-7a05-4d1c-a64b-bbbc779f1bdc";
+        gpgCard = {
+          publicKey = ./public.asc;
+          encryptedPass = ./luks-passphrase.asc;
+        };
+      };
+    };
+  };
   boot.blacklistedKernelModules = [
     "iptables"
   ];
author	Kenny Ballou <kballou@devnulllabs.io>	2020-06-06 11:35:26 -0600
committer	Kenny Ballou <kballou@devnulllabs.io>	2020-06-06 11:35:26 -0600
commit	670e7f5b745f299e62dccc5e875f9bb9d00cb05e (patch)
tree	ce1592979fae3e8ffcb74dcfd7698ebaa1d90b1a /phenex
parent	0977882e279b5b1ac16c635b08b45c6a32be537d (diff)
download	cfg.nix-670e7f5b745f299e62dccc5e875f9bb9d00cb05e.tar.gz cfg.nix-670e7f5b745f299e62dccc5e875f9bb9d00cb05e.tar.xz