nixfiles/modules/nixos/encryptedDriveMod/options.nix

{
  self,
  config,
  lib,
  ...
}: let
  inherit (lib.modules) mkIf mkBefore;
  inherit (lib.options) mkOption mkEnableOption;
  inherit (lib.lists) optionals;
  inherit (lib) types;

  encryptedUSB = import "${self}/data/drives/encryptedUSB.nix";
  driveData = import "${self}/data/drives/encryptedDrive.nix";

  cfg = config.boot.encryptedDrive;
in {
  options.boot.encryptedDrive = {
    enable = mkEnableOption "encrypted drive support for servers and other devices";

    mode = mkOption {
      type = types.enum [
        "encrypted-usb"
        "password"
        "ssh"
      ];
      default = "encrypted-usb";
    };

    allowPasswordDecrypt = mkOption {
      description = "allow fallback to decrypting with a password when using USB based auth, pass cryptsetup_password to kernel cmdline to switch to password input mode";
      type = types.bool;
      default = true;
    };
  };
}
seperate out encryptedDrive module & move ssh decrypt into it 2024-08-12 16:52:17 +01:00			`{`
			`self,`
			`config,`
			`lib,`
			`...`
			`}: let`
			`inherit (lib.modules) mkIf mkBefore;`
			`inherit (lib.options) mkOption mkEnableOption;`
			`inherit (lib.lists) optionals;`
			`inherit (lib) types;`

			`encryptedUSB = import "${self}/data/drives/encryptedUSB.nix";`
			`driveData = import "${self}/data/drives/encryptedDrive.nix";`

			`cfg = config.boot.encryptedDrive;`
			`in {`
			`options.boot.encryptedDrive = {`
			`enable = mkEnableOption "encrypted drive support for servers and other devices";`

			`mode = mkOption {`
			`type = types.enum [`
			`"encrypted-usb"`
			`"password"`
			`"ssh"`
			`];`
			`default = "encrypted-usb";`
			`};`

			`allowPasswordDecrypt = mkOption {`
			`description = "allow fallback to decrypting with a password when using USB based auth, pass cryptsetup_password to kernel cmdline to switch to password input mode";`
			`type = types.bool;`
			`default = true;`
			`};`
			`};`
			`}`