hopefully allow unlock encrypt drive with password
This commit is contained in:
parent
aefc0b29c4
commit
87faf1ee98
|
|
@ -27,7 +27,13 @@ in {
|
||||||
mkdir -m 0755 -p /keys
|
mkdir -m 0755 -p /keys
|
||||||
mkdir -m 0755 -p ${encryptedUSB.mountpoint}
|
mkdir -m 0755 -p ${encryptedUSB.mountpoint}
|
||||||
|
|
||||||
while !(test -b ${encryptedUSB.encryptedPath})
|
if grep --quiet "cryptsetup_password" /proc/cmdline; then
|
||||||
|
USE_PASSWORD=true
|
||||||
|
else
|
||||||
|
USE_PASSWORD=false
|
||||||
|
fi
|
||||||
|
|
||||||
|
while !(test -b ${encryptedUSB.encryptedPath}) && [ "$USE_PASSWORD" == "false" ]
|
||||||
do
|
do
|
||||||
${
|
${
|
||||||
if config.boot.plymouth.enable
|
if config.boot.plymouth.enable
|
||||||
|
|
@ -46,24 +52,38 @@ in {
|
||||||
then ''
|
then ''
|
||||||
${pkgs.plymouth}/bin/plymouth hide-message --text="Please Plug In USB"
|
${pkgs.plymouth}/bin/plymouth hide-message --text="Please Plug In USB"
|
||||||
|
|
||||||
${pkgs.plymouth}/bin/plymouth ask-for-password \
|
if [ "$USE_PASSWORD" == "true" ]; then
|
||||||
--prompt="Please Decrypt USB" \
|
${pkgs.plymouth}/bin/plymouth ask-for-password \
|
||||||
--command="cryptsetup -T1 open ${encryptedUSB.encryptedPath} ${encryptedUSB.preBootMapperName}" \
|
--prompt="Please Enter Password" \
|
||||||
--number-of-tries=3
|
--command="cryptsetup -T1 open ${driveData.encryptedPath} ${driveData.mapperName}" \
|
||||||
|
--number-of-tries=3
|
||||||
|
else
|
||||||
|
${pkgs.plymouth}/bin/plymouth ask-for-password \
|
||||||
|
--prompt="Please Decrypt USB" \
|
||||||
|
--command="cryptsetup -T1 open ${encryptedUSB.encryptedPath} ${encryptedUSB.preBootMapperName}" \
|
||||||
|
--number-of-tries=3
|
||||||
|
fi
|
||||||
''
|
''
|
||||||
else ''
|
else ''
|
||||||
echo "Please Decrypt USB"
|
if [ "$USE_PASSWORD" == "true" ]; then
|
||||||
cryptsetup open ${encryptedUSB.encryptedPath} ${encryptedUSB.preBootMapperName}
|
echo "Please Decrypt Drive"
|
||||||
|
cryptsetup open ${driveData.encryptedPath} ${driveData.mapperName}
|
||||||
|
else
|
||||||
|
echo "Please Decrypt USB"
|
||||||
|
cryptsetup open ${encryptedUSB.encryptedPath} ${encryptedUSB.preBootMapperName}
|
||||||
|
fi
|
||||||
''
|
''
|
||||||
}
|
}
|
||||||
|
|
||||||
mount -n -t ${encryptedUSB.unencryptedFSType} -o ro ${encryptedUSB.preBootMapperPath} ${encryptedUSB.mountpoint}
|
if [ "$USE_PASSWORD" == "false" ]; then
|
||||||
|
mount -n -t ${encryptedUSB.unencryptedFSType} -o ro ${encryptedUSB.preBootMapperPath} ${encryptedUSB.mountpoint}
|
||||||
|
|
||||||
cp ${encryptedUSB.encryptionKeysPath}/${config.networking.hostName}.key /keys
|
cp ${encryptedUSB.encryptionKeysPath}/${config.networking.hostName}.key /keys
|
||||||
chmod 0755 /keys/${config.networking.hostName}.key
|
chmod 0755 /keys/${config.networking.hostName}.key
|
||||||
umount -f ${encryptedUSB.mountpoint}
|
umount -f ${encryptedUSB.mountpoint}
|
||||||
|
|
||||||
cryptsetup close ${encryptedUSB.preBootMapperName}
|
cryptsetup close ${encryptedUSB.preBootMapperName}
|
||||||
|
fi
|
||||||
'';
|
'';
|
||||||
initrd.luks.devices = {
|
initrd.luks.devices = {
|
||||||
"${driveData.mapperName}" = {
|
"${driveData.mapperName}" = {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue