From 94ffaabeb9602e689e55fdd21b9beb2d9c552901 Mon Sep 17 00:00:00 2001
From: Alejandro Soto <alejandro@34project.org>
Date: Thu, 2 Apr 2026 19:07:17 -0600
Subject: sys/platform: [lustrated]: switch to luks-ext4-fscrypt-impermanence
 boot stack

---
 sys/boot/detached-luks.nix | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

(limited to 'sys/boot/detached-luks.nix')

diff --git a/sys/boot/detached-luks.nix b/sys/boot/detached-luks.nix
index d3e7c29..79241f6 100644
--- a/sys/boot/detached-luks.nix
+++ b/sys/boot/detached-luks.nix
@@ -58,6 +58,14 @@ in {
         sleep 2
       '';
 
+      postMountCommands =
+        ''
+          umount /initrd-boot
+        ''
+        + optionalString tpmInitrd ''
+          rm -r /tpm
+        '';
+
       luks.devices.${cfg.target} = {
         device = cfg.crypt;
         header = headerPath;
@@ -96,13 +104,6 @@ in {
 
             unseal_tpm_key
           '';
-
-        postOpenCommands = mkBefore (''
-            umount /initrd-boot
-          ''
-          + optionalString tpmInitrd ''
-            rm -r /tpm
-          '');
       };
     };
 
-- 
cgit v1.2.3