diff options
| -rw-r--r-- | hosts/nixedo/default.nix | 1 | ||||
| -rw-r--r-- | modules/usbauth/default.nix | 18 |
2 files changed, 11 insertions, 8 deletions
diff --git a/hosts/nixedo/default.nix b/hosts/nixedo/default.nix index 2d18739..bf7be7d 100644 --- a/hosts/nixedo/default.nix +++ b/hosts/nixedo/default.nix @@ -46,6 +46,7 @@ }; usbauth = { + enable = true; device = "root"; uuid = "543f281c-4feb-4a5a-b51b-99114fa4b8a1"; keyname = "n8-tuxedo"; diff --git a/modules/usbauth/default.nix b/modules/usbauth/default.nix index aca217e..b10e426 100644 --- a/modules/usbauth/default.nix +++ b/modules/usbauth/default.nix @@ -12,15 +12,16 @@ options.usbauth = lib.mkOption { description = "USB Auth"; type = lib.types.submodule { - options = lib.mkOption { - device = lib.types.str; - keyname = lib.types.str; - uuid = lib.types.str; + options = { + enable = lib.mkOption { type = lib.types.bool; }; + device = lib.mkOption { type = lib.types.str; }; + keyname = lib.mkOption { type = lib.types.str; }; + uuid = lib.mkOption { type = lib.types.str; }; }; }; }; - config = { + config = lib.mkIf config.usbauth.enable { boot.initrd.postDeviceCommands = pkgs.lib.mkBefore '' mkdir -m 0755 -p /key lsblk -o NAME,UUID @@ -29,8 +30,9 @@ mount -o ro "/dev/mapper/_key" /key ''; - boot.initrd.luks.devices."${config.usbauth.device - }".keyFile = "/key/.keys/${config.usbauth.keyname}"; - boot.initrd.luks.devices."${config.usbauth.device}".preLVM = false; + boot.initrd.luks.devices."${config.usbauth.device}" = { + keyFile = "/key/.keys/${config.usbauth.keyname}"; + preLVM = false; + }; }; } |