diff options
author | Baitinq <manuelpalenzuelamerino@gmail.com> | 2022-08-24 16:48:31 +0200 |
---|---|---|
committer | Baitinq <manuelpalenzuelamerino@gmail.com> | 2022-08-24 16:48:31 +0200 |
commit | e1927693e33eabf1bdd29155bb843efb09d47af1 (patch) | |
tree | 39efacffa6fbf4570843d9d1d5b75b15091b34ea /lib | |
parent | 9bca66ca7d2f8c9ac39d1f4a067ae45e681b87f9 (diff) |
Support optional keyfile for luks encrypted partitions
If the keyfile attribute is not present it will omit any keyfile luks
configuration and instead will make the user be prompted for any
passphrases.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/default.nix | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/default.nix b/lib/default.nix index f2908f5..3d86f28 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -76,8 +76,8 @@ let { ''; create.luks = q: x: '' - cryptsetup -q luksFormat ${q.device} ${x.keyfile} ${toString (x.extraArgs or [])} - cryptsetup luksOpen ${q.device} ${x.name} --key-file ${x.keyfile} + cryptsetup -q luksFormat ${q.device} ${if builtins.hasAttr "keyfile" x then x.keyfile else ""} ${toString (x.extraArgs or [])} + cryptsetup luksOpen ${q.device} ${x.name} ${if builtins.hasAttr "keyfile" x then "--key-file " + x.keyfile else ""} ${create-f { device = "/dev/mapper/${x.name}"; } x.content} ''; @@ -141,7 +141,7 @@ let { recursiveUpdate (mount-f { device = "/dev/mapper/${x.name}"; } x.content) {luks.${q.device} = '' - cryptsetup luksOpen ${q.device} ${x.name} --key-file ${x.keyfile} + cryptsetup luksOpen ${q.device} ${x.name} ${if builtins.hasAttr "keyfile" x then "--key-file " + x.keyfile else ""} '';} ); |