nixfiles/modules/nixos/encryptedDriveMod/options.nix

{lib, ...}: let
  inherit (lib.options) mkOption mkEnableOption;
  inherit (lib) types;
in {
  options.boot.encryptedDrive = {
    enable = mkEnableOption "encrypted drive support for servers and other devices";

    mode = mkOption {
      type = types.enum [
        "encrypted-usb"
        "password"
        "ssh"
      ];
      default = "encrypted-usb";
    };

    allowPasswordDecrypt = mkOption {
      description = "allow fallback to decrypting with a password when using USB based auth, pass cryptsetup_password to kernel cmdline to switch to password input mode";
      type = types.bool;
      default = true;
    };
  };
}
format files 2024-08-12 16:54:39 +01:00			`{lib, ...}: let`
seperate out encryptedDrive module & move ssh decrypt into it 2024-08-12 16:52:17 +01:00			`inherit (lib.options) mkOption mkEnableOption;`
			`inherit (lib) types;`
			`in {`
			`options.boot.encryptedDrive = {`
			`enable = mkEnableOption "encrypted drive support for servers and other devices";`

			`mode = mkOption {`
			`type = types.enum [`
			`"encrypted-usb"`
			`"password"`
			`"ssh"`
			`];`
			`default = "encrypted-usb";`
			`};`

			`allowPasswordDecrypt = mkOption {`
			`description = "allow fallback to decrypting with a password when using USB based auth, pass cryptsetup_password to kernel cmdline to switch to password input mode";`
			`type = types.bool;`
			`default = true;`
			`};`
			`};`
			`}`