sys/platform: [lustrated]: switch to luks-ext4-fscrypt-impermanence boot stack

author: Alejandro Soto <alejandro@34project.org> 2026-04-02 19:07:17 -0600
committer: Alejandro Soto <alejandro@34project.org> 2026-04-02 23:33:02 -0600
commit: 94ffaabeb9602e689e55fdd21b9beb2d9c552901 (patch)
tree: 72c4d82ed2afc2386e7462c727d213f11d249cd3 /sys/boot/detached-luks.nix
parent: ee0b5f7edfe9fba65f9749f65377c4f519c7fc0a (diff)
1 files changed, 8 insertions, 7 deletions
diff --git a/sys/boot/detached-luks.nix b/sys/boot/detached-luks.nix
index d3e7c29..79241f6 100644
--- a/sys/boot/detached-luks.nix
+++ b/sys/boot/detached-luks.nix
@@ -58,6 +58,14 @@ in {
         sleep 2
       '';
 
+      postMountCommands =
+        ''
+          umount /initrd-boot
+        ''
+        + optionalString tpmInitrd ''
+          rm -r /tpm
+        '';
+
       luks.devices.${cfg.target} = {
         device = cfg.crypt;
         header = headerPath;
@@ -96,13 +104,6 @@ in {
 
             unseal_tpm_key
           '';
-
-        postOpenCommands = mkBefore (''
-            umount /initrd-boot
-          ''
-          + optionalString tpmInitrd ''
-            rm -r /tpm
-          '');
       };
     };
author	Alejandro Soto <alejandro@34project.org>	2026-04-02 19:07:17 -0600
committer	Alejandro Soto <alejandro@34project.org>	2026-04-02 23:33:02 -0600
commit	94ffaabeb9602e689e55fdd21b9beb2d9c552901 (patch)
tree	72c4d82ed2afc2386e7462c727d213f11d249cd3 /sys/boot/detached-luks.nix
parent	ee0b5f7edfe9fba65f9749f65377c4f519c7fc0a (diff)