add usbauth module

1 files changed, 36 insertions, 0 deletions

diff --git a/modules/usbauth/default.nix b/modules/usbauth/default.nix
new file mode 100644
index 0000000..aca217e
--- /dev/null
+++ b/modules/usbauth/default.nix
@@ -0,0 +1,36 @@
+{
+  config,
+  lib,
+  modulesPath,
+  pkgs,
+  ...
+}:
+{
+
+  imports = [ (modulesPath + "/profiles/all-hardware.nix") ];
+
+  options.usbauth = lib.mkOption {
+    description = "USB Auth";
+    type = lib.types.submodule {
+      options = lib.mkOption {
+        device = lib.types.str;
+        keyname = lib.types.str;
+        uuid = lib.types.str;
+      };
+    };
+  };
+
+  config = {
+    boot.initrd.postDeviceCommands = pkgs.lib.mkBefore ''
+      mkdir -m 0755 -p /key
+      lsblk -o NAME,UUID
+      while ! findfs UUID=${config.usbauth.uuid} 2> /dev/null; do sleep 0.1; done
+      cryptsetup open $(findfs UUID=${config.usbauth.uuid}) _key
+      mount -o ro "/dev/mapper/_key" /key
+    '';
+
+    boot.initrd.luks.devices."${config.usbauth.device
+    }".keyFile = "/key/.keys/${config.usbauth.keyname}";
+    boot.initrd.luks.devices."${config.usbauth.device}".preLVM = false;
+  };
+}