summaryrefslogtreecommitdiff
path: root/config/nix.nix
diff options
context:
space:
mode:
authorquentin@aristote.fr <quentin@aristote.fr>2025-03-18 07:02:55 +0100
committerquentin@aristote.fr <quentin@aristote.fr>2025-03-18 07:02:55 +0100
commitefe5da2044e924cada635be4c563916425454a28 (patch)
tree2b5cb4a97d35fd90fe487625dfe26842c4def30c /config/nix.nix
parent8538f77816a5b929f7ed4f0f3ad5225c26e318fb (diff)
autoUpgrade: decrypt disk conditionally
Diffstat (limited to 'config/nix.nix')
-rw-r--r--config/nix.nix29
1 files changed, 17 insertions, 12 deletions
diff --git a/config/nix.nix b/config/nix.nix
index e3b7602..3989c6e 100644
--- a/config/nix.nix
+++ b/config/nix.nix
@@ -52,23 +52,28 @@ in {
let
switch = "$RESULT/bin/switch-to-configuration";
readlink = "${pkgs.coreutils}/bin/readlink";
+ luksCfg = config.boot.initrd.luks.devices;
in
if allowReboot
- then ''
- ${switch} boot
- booted="$(${readlink} /run/booted-system/{initrd,kernel,kernel-modules})"
- built="$(${readlink} /nix/var/nix/profiles/system/{initrd,kernel,kernel-modules})"
- if [ "$booted" = "$built" ]
- then
- ${switch} switch
- else
+ then
+ ''
+ ${switch} boot
+ booted="$(${readlink} /run/booted-system/{initrd,kernel,kernel-modules})"
+ built="$(${readlink} /nix/var/nix/profiles/system/{initrd,kernel,kernel-modules})"
+ if [ "$booted" = "$built" ]
+ then
+ ${switch} switch
+ else ''
+ + lib.optionalString (luksCfg ? crypt) ''
cryptsetup --verbose luksAddKey \
--key-file /etc/luks/keys/master \
- ${config.boot.initrd.luks.devices.crypt.device} \
+ ${luksCfg.crypt.device} \
/etc/luks/keys/tmp
- shutdown -r +1
- fi
- ''
+ ''
+ + ''
+ shutdown -r +1
+ fi
+ ''
else ''
${switch} switch
''
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-25 11:29:06 +0000