49 lines
1.3 KiB
Nix
49 lines
1.3 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
{
|
|
# decrypt data drives with keyfiles
|
|
boot.initrd.luks.devices = {
|
|
"data1" = {
|
|
device = "/dev/disk/by-uuid/dfae62cc-bad1-4879-bf9a-461bde833625";
|
|
keyFile = "/etc/nixos/keys/data1.key";
|
|
fallbackToPassword = true;
|
|
};
|
|
"data2" = {
|
|
device = "/dev/disk/by-uuid/8312edae-9247-481b-a313-52a7f848f027";
|
|
keyFile = "/etc/nixos/keys/data2.key";
|
|
fallbackToPassword = true;
|
|
};
|
|
"nvmecache" = {
|
|
device = "/dev/disk/by-uuid/2352250e-4ebe-4f9a-bf66-0d4aaa961bd8";
|
|
keyFile = "/etc/nixos/keys/nvmecache.key";
|
|
fallbackToPassword = true;
|
|
};
|
|
};
|
|
|
|
# copy keyfiles into initrd to make them available during early boot
|
|
boot.initrd.secrets = {
|
|
"/etc/nixos/keys/data1.key" = "/etc/nixos/keys/data1.key";
|
|
"/etc/nixos/keys/data2.key" = "/etc/nixos/keys/data2.key";
|
|
"/etc/nixos/keys/nvmecache.key" = "/etc/nixos/keys/nvmecache.key";
|
|
};
|
|
|
|
# mount decrypted filesystems
|
|
fileSystems."/mnt/data1" = {
|
|
device = "/dev/mapper/data1";
|
|
fsType = "ext4";
|
|
options = [ "nofail" ];
|
|
};
|
|
|
|
fileSystems."/mnt/data2" = {
|
|
device = "/dev/mapper/data2";
|
|
fsType = "ext4";
|
|
options = [ "nofail" ];
|
|
};
|
|
|
|
fileSystems."/mnt/nvmecache" = {
|
|
device = "/dev/mapper/nvmecache";
|
|
fsType = "ext4";
|
|
options = [ "nofail" ];
|
|
};
|
|
}
|