diff options
author | André-Patrick Bubel <code@andre-bubel.de> | 2017-09-14 04:44:14 +0200 |
---|---|---|
committer | André-Patrick Bubel <code@andre-bubel.de> | 2017-09-14 05:27:41 +0200 |
commit | 2000fba5619c105f7df24736789365cc271b6596 (patch) | |
tree | abccc12acf406ba1b81d10b22e7319f5d049d6dc /nixos/modules/tasks/encrypted-devices.nix | |
parent | a7637b37955f1beacfe6c0b153fb11e086bb4762 (diff) | |
download | nixpkgs-2000fba5619c105f7df24736789365cc271b6596.tar nixpkgs-2000fba5619c105f7df24736789365cc271b6596.tar.gz nixpkgs-2000fba5619c105f7df24736789365cc271b6596.tar.bz2 nixpkgs-2000fba5619c105f7df24736789365cc271b6596.tar.lz nixpkgs-2000fba5619c105f7df24736789365cc271b6596.tar.xz nixpkgs-2000fba5619c105f7df24736789365cc271b6596.tar.zst nixpkgs-2000fba5619c105f7df24736789365cc271b6596.zip |
nixos/fileystems: Fix boot fails with encrypted fs
Boot fails when a keyfile is configured for all encrypted filesystems and no other luks devices are configured. This is because luks support is only enabled in the initrd, when boot.initrd.luks.devices has entries. When a fileystem has a keyfile configured though, it is setup by a custom command, not by boot.initrd.luks. This commit adds an internal config flag to enable luks support in the initrd file, even if there are no luks devices configured.
Diffstat (limited to 'nixos/modules/tasks/encrypted-devices.nix')
-rw-r--r-- | nixos/modules/tasks/encrypted-devices.nix | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/nixos/modules/tasks/encrypted-devices.nix b/nixos/modules/tasks/encrypted-devices.nix index b1a7711ddcb..b019ddc3a98 100644 --- a/nixos/modules/tasks/encrypted-devices.nix +++ b/nixos/modules/tasks/encrypted-devices.nix @@ -61,6 +61,7 @@ in devices = map (dev: { name = dev.encrypted.label; device = dev.encrypted.blkDev; } ) keylessEncDevs; cryptoModules = [ "aes" "sha256" "sha1" "xts" ]; + forceLuksSupportInInitrd = true; }; postMountCommands = concatMapStrings (dev: "cryptsetup luksOpen --key-file ${dev.encrypted.keyFile} ${dev.encrypted.blkDev} ${dev.encrypted.label};\n") keyedEncDevs; |