hopefully allow unlock encrypt drive with password

2023-12-08 14:28:19 +00:00 · 2023-12-08 14:28:19 +00:00 · 87faf1ee98
parent aefc0b29c4
commit 87faf1ee98
1 changed files with 32 additions and 12 deletions
--- a/presets/nixos/encryptedDrive.nix
+++ b/presets/nixos/encryptedDrive.nix
@ -27,7 +27,13 @@ in {
      mkdir -m 0755 -p /keys
      mkdir -m 0755 -p ${encryptedUSB.mountpoint}

-      while !(test -b ${encryptedUSB.encryptedPath})
+      if grep --quiet "cryptsetup_password" /proc/cmdline; then
+        USE_PASSWORD=true
+      else
+        USE_PASSWORD=false
+      fi
+
+      while !(test -b ${encryptedUSB.encryptedPath}) && [ "$USE_PASSWORD" == "false" ]
      do
        ${
        if config.boot.plymouth.enable
@ -46,24 +52,38 @@ in {
        then ''
          ${pkgs.plymouth}/bin/plymouth hide-message --text="Please Plug In USB"

-          ${pkgs.plymouth}/bin/plymouth ask-for-password \
-            --prompt="Please Decrypt USB" \
-            --command="cryptsetup -T1 open ${encryptedUSB.encryptedPath} ${encryptedUSB.preBootMapperName}" \
-            --number-of-tries=3
+          if [ "$USE_PASSWORD" == "true" ]; then 
+            ${pkgs.plymouth}/bin/plymouth ask-for-password \
+              --prompt="Please Enter Password" \
+              --command="cryptsetup -T1 open ${driveData.encryptedPath} ${driveData.mapperName}" \
+              --number-of-tries=3
+          else
+            ${pkgs.plymouth}/bin/plymouth ask-for-password \
+              --prompt="Please Decrypt USB" \
+              --command="cryptsetup -T1 open ${encryptedUSB.encryptedPath} ${encryptedUSB.preBootMapperName}" \
+              --number-of-tries=3
+          fi
        ''
        else ''
-          echo "Please Decrypt USB"
-          cryptsetup open ${encryptedUSB.encryptedPath} ${encryptedUSB.preBootMapperName}
+          if [ "$USE_PASSWORD" == "true" ]; then 
+            echo "Please Decrypt Drive"
+            cryptsetup open ${driveData.encryptedPath} ${driveData.mapperName}
+          else 
+            echo "Please Decrypt USB"
+            cryptsetup open ${encryptedUSB.encryptedPath} ${encryptedUSB.preBootMapperName}
+          fi
        ''
      }

-      mount -n -t ${encryptedUSB.unencryptedFSType} -o ro ${encryptedUSB.preBootMapperPath} ${encryptedUSB.mountpoint}
+      if [ "$USE_PASSWORD" == "false" ]; then 
+        mount -n -t ${encryptedUSB.unencryptedFSType} -o ro ${encryptedUSB.preBootMapperPath} ${encryptedUSB.mountpoint}

-      cp ${encryptedUSB.encryptionKeysPath}/${config.networking.hostName}.key /keys
-      chmod 0755 /keys/${config.networking.hostName}.key
-      umount -f ${encryptedUSB.mountpoint}
+        cp ${encryptedUSB.encryptionKeysPath}/${config.networking.hostName}.key /keys
+        chmod 0755 /keys/${config.networking.hostName}.key
+        umount -f ${encryptedUSB.mountpoint}

-      cryptsetup close ${encryptedUSB.preBootMapperName}
+        cryptsetup close ${encryptedUSB.preBootMapperName}
+    fi
    '';
    initrd.luks.devices = {
      "${driveData.mapperName}" = {