diff options
Diffstat (limited to 'modules/usbauth/default.nix')
| -rw-r--r-- | modules/usbauth/default.nix | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/modules/usbauth/default.nix b/modules/usbauth/default.nix new file mode 100644 index 0000000..aca217e --- /dev/null +++ b/modules/usbauth/default.nix @@ -0,0 +1,36 @@ +{ + config, + lib, + modulesPath, + pkgs, + ... +}: +{ + + imports = [ (modulesPath + "/profiles/all-hardware.nix") ]; + + options.usbauth = lib.mkOption { + description = "USB Auth"; + type = lib.types.submodule { + options = lib.mkOption { + device = lib.types.str; + keyname = lib.types.str; + uuid = lib.types.str; + }; + }; + }; + + config = { + boot.initrd.postDeviceCommands = pkgs.lib.mkBefore '' + mkdir -m 0755 -p /key + lsblk -o NAME,UUID + while ! findfs UUID=${config.usbauth.uuid} 2> /dev/null; do sleep 0.1; done + cryptsetup open $(findfs UUID=${config.usbauth.uuid}) _key + mount -o ro "/dev/mapper/_key" /key + ''; + + boot.initrd.luks.devices."${config.usbauth.device + }".keyFile = "/key/.keys/${config.usbauth.keyname}"; + boot.initrd.luks.devices."${config.usbauth.device}".preLVM = false; + }; +} |