blob: a7b1bc971706bf62684b08950107466a1053e6c1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
{ config, lib, pkgs, ... }:
with lib; let
cfg = config.local.boot.detachedLuks;
in
{
options.local.boot.detachedLuks = {
enable = mkEnableOption "detached LUKS header in initrd";
headerFromBoot = mkOption {
type = types.str;
};
crypt = mkOption {
type = types.str;
};
target = mkOption {
type = types.str;
};
};
config = mkIf cfg.enable {
boot.initrd =
let
headerPath = "/initrd-boot/${cfg.headerFromBoot}";
in
{
preDeviceCommands =
let
headerPathEscaped = escapeShellArg headerPath;
in
''
mkdir -p `dirname ${headerPathEscaped}`
touch ${headerPathEscaped}
'';
postDeviceCommands = mkIf (!config.boot.initrd.systemd.enable) ''
# Set the system time from the hardware clock to work around a
# bug in qemu-kvm > 1.5.2 (where the VM clock is initialised
# to the *boot time* of the host).
hwclock -s
'';
#FIXME: Demasiado vulgar
preLVMCommands = optionalString (config.local.boot.efi.enable && config.local.boot.efi.removable) ''
sleep 2
'';
luks.devices.${cfg.target} = {
device = cfg.crypt;
header = headerPath;
preLVM = false;
preOpenCommands =
let
boot = config.fileSystems."/boot";
in
''
mount -o ro -t ${boot.fsType} ${boot.device} /initrd-boot
'';
postOpenCommands = mkBefore ''
umount /initrd-boot
'';
};
};
local.boot.stack = {
btrfsToplevelMultidrive.toplevel.device = "/dev/mapper/${cfg.target}";
luksExt4FscryptImpermanence = { inherit (cfg) target; };
};
};
}
|
