hopefully allow unlock encrypt drive with password

This commit is contained in:
chaos 2023-12-08 14:28:19 +00:00
parent aefc0b29c4
commit 87faf1ee98

View file

@ -27,7 +27,13 @@ in {
mkdir -m 0755 -p /keys
mkdir -m 0755 -p ${encryptedUSB.mountpoint}
while !(test -b ${encryptedUSB.encryptedPath})
if grep --quiet "cryptsetup_password" /proc/cmdline; then
USE_PASSWORD=true
else
USE_PASSWORD=false
fi
while !(test -b ${encryptedUSB.encryptedPath}) && [ "$USE_PASSWORD" == "false" ]
do
${
if config.boot.plymouth.enable
@ -46,24 +52,38 @@ in {
then ''
${pkgs.plymouth}/bin/plymouth hide-message --text="Please Plug In USB"
${pkgs.plymouth}/bin/plymouth ask-for-password \
--prompt="Please Decrypt USB" \
--command="cryptsetup -T1 open ${encryptedUSB.encryptedPath} ${encryptedUSB.preBootMapperName}" \
--number-of-tries=3
if [ "$USE_PASSWORD" == "true" ]; then
${pkgs.plymouth}/bin/plymouth ask-for-password \
--prompt="Please Enter Password" \
--command="cryptsetup -T1 open ${driveData.encryptedPath} ${driveData.mapperName}" \
--number-of-tries=3
else
${pkgs.plymouth}/bin/plymouth ask-for-password \
--prompt="Please Decrypt USB" \
--command="cryptsetup -T1 open ${encryptedUSB.encryptedPath} ${encryptedUSB.preBootMapperName}" \
--number-of-tries=3
fi
''
else ''
echo "Please Decrypt USB"
cryptsetup open ${encryptedUSB.encryptedPath} ${encryptedUSB.preBootMapperName}
if [ "$USE_PASSWORD" == "true" ]; then
echo "Please Decrypt Drive"
cryptsetup open ${driveData.encryptedPath} ${driveData.mapperName}
else
echo "Please Decrypt USB"
cryptsetup open ${encryptedUSB.encryptedPath} ${encryptedUSB.preBootMapperName}
fi
''
}
mount -n -t ${encryptedUSB.unencryptedFSType} -o ro ${encryptedUSB.preBootMapperPath} ${encryptedUSB.mountpoint}
if [ "$USE_PASSWORD" == "false" ]; then
mount -n -t ${encryptedUSB.unencryptedFSType} -o ro ${encryptedUSB.preBootMapperPath} ${encryptedUSB.mountpoint}
cp ${encryptedUSB.encryptionKeysPath}/${config.networking.hostName}.key /keys
chmod 0755 /keys/${config.networking.hostName}.key
umount -f ${encryptedUSB.mountpoint}
cp ${encryptedUSB.encryptionKeysPath}/${config.networking.hostName}.key /keys
chmod 0755 /keys/${config.networking.hostName}.key
umount -f ${encryptedUSB.mountpoint}
cryptsetup close ${encryptedUSB.preBootMapperName}
cryptsetup close ${encryptedUSB.preBootMapperName}
fi
'';
initrd.luks.devices = {
"${driveData.mapperName}" = {