2015-09-09 7:03 GMT+01:00 Bryan Gardiner <[email protected]>: > On Tue, Sep 08, 2015 at 08:09:16PM +0100, Tomasz Czyż wrote: > > Hi, > > > > Continuation of this thread: > > > http://thread.gmane.org/gmane.linux.distributions.nixos/17879/focus=17880 > > > > I already successfully set up crypted partitions for mdadm and for zfs. > The > > system is mounting them properly with standard nixos configuration using > > ``boot.initrd.luks`` configs. > > > > But for each mount I have to pass password/key. I thought I can put keys > > for all partitions to initrd as initrd is on encrypted boot partition > > (boot). The process would be like: > > * enter password for grub > > * grub loads initrd > > * initrd unlocks all other partitions > > > > Currently it works for me in very strange way. > > I am using preLVMCommands option with "echo 'mykey' > /key". > > I don't like it because I cannot keep my configuration on git somewhere > > cause it expose my passwords. > > How about doing something like: > > preLVMCommands = > let key = builtins.readFile ./keyfile; in > "echo '${key}' >/key" > > then putting keyfile in gitignore? > Thanks Bryan,
looks like good trick :-) I'm new to nix, I didn't even thought about that stuff, cheers! Tom > > - Bryan > > > Is there any way to add key files to initrd? (I found some "extra" > options > > for boot partition but not for initrd, maybe there are some hooks I'm not > > aware of) > > _______________________________________________ > nix-dev mailing list > [email protected] > http://lists.science.uu.nl/mailman/listinfo/nix-dev > > -- Tomasz Czyż
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
