summary refs log blame commit diff
path: root/modules/system/boot/luksroot.nix
blob: a01395647a37c6cf753f89517730bf4ed573ceff (plain) (tree) 
791c758b413 ^












dff372db3c4 ^

791c758b413 ^















dff372db3c4 ^

791c758b413 ^
















1
2
3
4
5
6
7
8
9
10
11
12

13

14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

29

30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45












                                         
                   














                                                                                   
                                  















                                              
{pkgs, config, ...}:

with pkgs.lib;

let
  luksRoot = config.boot.initrd.luksRoot;
in
{

  options = {

    boot.initrd.luksRoot = mkOption {
      default = "";
      example = "/dev/sda3";
      description = '';
        The device that should be decrypted using LUKS before trying to mount the
        root partition. This works for both LVM-over-LUKS and LUKS-over-LVM setups.
         
        Make sure that initrd has the crypto modules needed for decryption.

        The decrypted device name is /dev/mapper/luksroot.
      '';
    };

  };



  config = mkIf (luksRoot != "") {

    boot.initrd.extraUtilsCommands = ''
      cp -r ${pkgs.cryptsetup}/lib/* $out/lib/
      cp -r ${pkgs.popt}/lib/* $out/lib
      cp ${pkgs.cryptsetup}/sbin/* $out/bin
    '';

    boot.initrd.postDeviceCommands = ''
      cryptsetup luksOpen ${luksRoot} luksroot
      lvm vgscan
      lvm vgchange -ay
    '';

  };

}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-25 05:06:41 +0000