{ pkgs, ... }: let usb_data = import ../../data/usb_data.nix { }; drive_data = import ../../data/normal_drive_data.nix { }; in { config.boot = { initrd.availableKernelModules = [ # For USB w/ Encryption Key "usb_storage" "usbcore" "uas" "sd_mod" # For USB Keyboards "usbhid" # For Cryptography "aesni_intel" "cryptd" ]; initrd.postDeviceCommands = pkgs.lib.mkBefore '' mkdir -m 0755 -p ${usb_data.mountpoint} while !(test -b ${usb_data.encrypted_path}) do echo "Please Plug In USB" sleep 1 done echo "Please Decrypt USB" cryptsetup luksOpen ${usb_data.encrypted_path} ${usb_data.mapper_name} mount -n -t ${usb_data.unencrypted_fs_type} -o ro ${usb_data.mapper_path} ${usb_data.mountpoint} ''; initrd.luks.devices = { "${drive_data.root_mapper_name}" = { device = "${drive_data.encrypted_root_path}"; keyFile = "${usb_data.lappy_encryption_key_path}"; preLVM = false; allowDiscards = true; }; }; }; config.fileSystems = { "/" = { device = "${drive_data.decrypted_root_path}"; fsType = "${drive_data.unencrypted_root_fs_type}"; }; "/boot" = { device = "${drive_data.boot_path}"; fsType = "${drive_data.boot_fs_type}"; }; }; }