sys/boot/fscrypt.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

{
  config,
  lib,
  pkgs,
  ...
}:
with lib; let
  cfg = config.local.boot.fscrypt;
in {
  options.local.boot.fscrypt = {
    enable = mkEnableOption "fscrypt support";
  };

  config = mkIf cfg.enable {
    environment.systemPackages = [
      pkgs.fscryptctl
      pkgs.fscrypt-experimental
    ];

    local.boot.impermanence = {
      directories = [
        {
          directory = "/.fscrypt";
          mode = "u=rwx,g=rx,o=rx";
        }
      ];

      files = [
        "/etc/fscrypt.conf"
      ];
    };
  };
}