nixos-config/modules/luks.nix

16 lines
367 B
Nix

let
secretsFile = "/root.key";
in
{
boot.loader.grub.enableCryptodisk = true;
# enable passing of keyfile between grub and initrd
boot.initrd.luks.devices."cryptroot" = {
fallbackToPassword = true;
keyFile = secretsFile;
};
# copy the secret into the additional initramfs. `null` means same path
boot.initrd.secrets."${secretsFile}" = null;
}