sys/boot/fscrypt.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

{ config, lib, pkgs, ... }:
with lib; let
  cfg = config.local.boot.fscrypt;
in
{
  options.local.boot.fscrypt = {
    enable = mkEnableOption "fscrypt support";
  };

  config = mkIf cfg.enable {
    environment.systemPackages = [ pkgs.fscrypt-experimental ];

    local.boot.impermanence = {
      directories = [
        { directory = "/.fscrypt"; mode = "u=rwx,g=rx,o=rx"; }
      ];

      files = [
        "/etc/fscrypt.conf"
      ];
    };
  };
}