On Tue, Sep 08, 2015 at 08:09:16PM +0100, Tomasz Czyż wrote: > Hi, > > Continuation of this thread: > http://thread.gmane.org/gmane.linux.distributions.nixos/17879/focus=17880 > > I already successfully set up crypted partitions for mdadm and for zfs. The > system is mounting them properly with standard nixos configuration using > ``boot.initrd.luks`` configs. > > But for each mount I have to pass password/key. I thought I can put keys > for all partitions to initrd as initrd is on encrypted boot partition > (boot). The process would be like: > * enter password for grub > * grub loads initrd > * initrd unlocks all other partitions > > Currently it works for me in very strange way. > I am using preLVMCommands option with "echo 'mykey' > /key". > I don't like it because I cannot keep my configuration on git somewhere > cause it expose my passwords.
How about doing something like: preLVMCommands = let key = builtins.readFile ./keyfile; in "echo '${key}' >/key" then putting keyfile in gitignore? - Bryan > Is there any way to add key files to initrd? (I found some "extra" options > for boot partition but not for initrd, maybe there are some hooks I'm not > aware of)
pgpI7Lh6NM5O6.pgp
Description: PGP signature
_______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev