2024-08-12 16:52:17 +01:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
lib,
|
|
|
|
self,
|
|
|
|
...
|
|
|
|
}: let
|
|
|
|
inherit (lib.modules) mkIf;
|
|
|
|
|
|
|
|
driveData = import "${self}/data/drives/encryptedDrive.nix";
|
|
|
|
|
|
|
|
cfg = config.boot.encryptedDrive;
|
|
|
|
in {
|
2024-08-12 16:54:39 +01:00
|
|
|
config = mkIf cfg.enable {
|
2024-08-12 16:52:17 +01:00
|
|
|
boot.initrd.luks.devices = {
|
|
|
|
"${driveData.mapperName}" = {
|
|
|
|
device = "${driveData.encryptedPath}";
|
|
|
|
preLVM = false;
|
|
|
|
allowDiscards = true;
|
|
|
|
fallbackToPassword = cfg.allowPasswordDecrypt;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
fileSystems = {
|
|
|
|
"/" = {
|
|
|
|
device = "${driveData.decryptedPath}";
|
|
|
|
fsType = "${driveData.unencryptedFSType}";
|
|
|
|
};
|
|
|
|
"/boot" = {
|
|
|
|
device = "${driveData.bootPath}";
|
|
|
|
fsType = "${driveData.bootFSType}";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|