36 lines
899 B
Nix
36 lines
899 B
Nix
{
|
|
self,
|
|
config,
|
|
lib,
|
|
...
|
|
}: let
|
|
inherit (lib.modules) mkIf mkBefore;
|
|
inherit (lib.options) mkOption mkEnableOption;
|
|
inherit (lib.lists) optionals;
|
|
inherit (lib) types;
|
|
|
|
encryptedUSB = import "${self}/data/drives/encryptedUSB.nix";
|
|
driveData = import "${self}/data/drives/encryptedDrive.nix";
|
|
|
|
cfg = config.boot.encryptedDrive;
|
|
in {
|
|
options.boot.encryptedDrive = {
|
|
enable = mkEnableOption "encrypted drive support for servers and other devices";
|
|
|
|
mode = mkOption {
|
|
type = types.enum [
|
|
"encrypted-usb"
|
|
"password"
|
|
"ssh"
|
|
];
|
|
default = "encrypted-usb";
|
|
};
|
|
|
|
allowPasswordDecrypt = mkOption {
|
|
description = "allow fallback to decrypting with a password when using USB based auth, pass cryptsetup_password to kernel cmdline to switch to password input mode";
|
|
type = types.bool;
|
|
default = true;
|
|
};
|
|
};
|
|
}
|