nixos-config/modules/luks.nix

let
  secretsFile = "/root.key";
in
{
  boot.loader.grub.enableCryptodisk = true;

  # enable passing of keyfile between grub and initrd
  boot.initrd.luks.devices."cryptroot" = {
    fallbackToPassword = true;
    keyFile = secretsFile;
    allowDiscards = true; # Allow TRIM
  };

  # copy the secret into the additional initramfs. `null` means same path
  boot.initrd.secrets."${secretsFile}" = null;
}
move grub and full-disk-encryption into seperate files 2022-06-05 00:12:55 +00:00			`let`
			`secretsFile = "/root.key";`
			`in`
			`{`
			`boot.loader.grub.enableCryptodisk = true;`

			`# enable passing of keyfile between grub and initrd`
			`boot.initrd.luks.devices."cryptroot" = {`
			`fallbackToPassword = true;`
			`keyFile = secretsFile;`
all: Add allowDiscards to LUKS and enable weekly fstrim 2023-06-24 23:06:46 +00:00			`allowDiscards = true; # Allow TRIM`
move grub and full-disk-encryption into seperate files 2022-06-05 00:12:55 +00:00			`};`

			# copy the secret into the additional initramfs. `null` means same path
			`boot.initrd.secrets."${secretsFile}" = null;`
			`}`