summary refs log tree commit diff
path: root/nixos/modules/system/boot/luksroot.nix
diff options
context:
space:
mode:
authoreyjhb <eyjhbb@gmail.com>2020-06-14 12:03:00 +0200
committereyjhb <eyjhbb@gmail.com>2020-06-14 12:03:00 +0200
commit72794280964a1d3b14a950b972df5e0e41b46cb8 (patch)
treeeb54b29b61d7b6ba88ab556751486f57214f6549 /nixos/modules/system/boot/luksroot.nix
parenta9b1845d608e49b7c2f0a55e14b6bb5bce4b8677 (diff)
downloadnixpkgs-72794280964a1d3b14a950b972df5e0e41b46cb8.tar
nixpkgs-72794280964a1d3b14a950b972df5e0e41b46cb8.tar.gz
nixpkgs-72794280964a1d3b14a950b972df5e0e41b46cb8.tar.bz2
nixpkgs-72794280964a1d3b14a950b972df5e0e41b46cb8.tar.lz
nixpkgs-72794280964a1d3b14a950b972df5e0e41b46cb8.tar.xz
nixpkgs-72794280964a1d3b14a950b972df5e0e41b46cb8.tar.zst
nixpkgs-72794280964a1d3b14a950b972df5e0e41b46cb8.zip
boot.initrd.luks.devices: add preOpenCommands and postOpenCommands
Diffstat (limited to 'nixos/modules/system/boot/luksroot.nix')
-rw-r--r--nixos/modules/system/boot/luksroot.nix32


1 files changed, 31 insertions, 1 deletions
diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix
index 31f1e22cda3..b8684b981dd 100644
--- a/nixos/modules/system/boot/luksroot.nix
+++ b/nixos/modules/system/boot/luksroot.nix
@@ -140,7 +140,7 @@ let
     umount /crypt-ramfs 2>/dev/null
   '';
 
-  openCommand = name': { name, device, header, keyFile, keyFileSize, keyFileOffset, allowDiscards, yubikey, gpgCard, fido2, fallbackToPassword, ... }: assert name' == name;
+  openCommand = name': { name, device, header, keyFile, keyFileSize, keyFileOffset, allowDiscards, yubikey, gpgCard, fido2, fallbackToPassword, preOpenCommands, postOpenCommands,... }: assert name' == name;
   let
     csopen   = "cryptsetup luksOpen ${device} ${name} ${optionalString allowDiscards "--allow-discards"} ${optionalString (header != null) "--header=${header}"}";
     cschange = "cryptsetup luksChangeKey ${device} ${optionalString (header != null) "--header=${header}"}";
@@ -412,11 +412,17 @@ let
     }
     ''}
 
+    # commands to run right before we mount our device
+    ${preOpenCommands}
+
     ${if (luks.yubikeySupport && (yubikey != null)) || (luks.gpgSupport && (gpgCard != null)) || (luks.fido2Support && (fido2.credential != null)) then ''
     open_with_hardware
     '' else ''
     open_normally
     ''}
+
+    # commands to run right after we mounted our device
+    ${postOpenCommands}
   '';
 
   askPass = pkgs.writeScriptBin "cryptsetup-askpass" ''
@@ -735,6 +741,30 @@ in
               };
             });
           };
+
+          preOpenCommands = mkOption {
+            type = types.lines;
+            default = "";
+            example = ''
+              mkdir -p /tmp/persistent
+              mount -t zfs rpool/safe/persistent /tmp/persistent
+            '';
+            description = ''
+              Commands that should be run right before we try to mount our LUKS device.
+              This can be useful, if the keys needed to open the drive is on another partion.
+            '';
+          };
+
+          postOpenCommands = mkOption {
+            type = types.lines;
+            default = "";
+            example = ''
+              umount /tmp/persistent
+            '';
+            description = ''
+              Commands that should be run right after we have mounted our LUKS device.
+            '';
+          };
         };
       }));
     };

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-02 23:20:43 +0000