On Tue, Sep 08, 2015 at 08:09:16PM +0100, Tomasz Czyż wrote: > Hi, > > Continuation of this thread: > http://thread.gmane.org/gmane.linux.distributions.nixos/17879/focus=17880 > > I already successfully set up crypted partitions for mdadm and for zfs. The > system is mounting them properly with standard nixos configuration using > ``boot.initrd.luks`` configs. > > But for each mount I have to pass password/key. I thought I can put keys > for all partitions to initrd as initrd is on encrypted boot partition > (boot). The process would be like: > * enter password for grub > * grub loads initrd > * initrd unlocks all other partitions > > Currently it works for me in very strange way. > I am using preLVMCommands option with "echo 'mykey' > /key". > I don't like it because I cannot keep my configuration on git somewhere > cause it expose my passwords.
How about doing something like:
preLVMCommands =
let key = builtins.readFile ./keyfile; in
"echo '${key}' >/key"
then putting keyfile in gitignore?
- Bryan
> Is there any way to add key files to initrd? (I found some "extra" options
> for boot partition but not for initrd, maybe there are some hooks I'm not
> aware of)
pgpI7Lh6NM5O6.pgp
Description: PGP signature
_______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
