nixos: luks: disable tmp keyfile (broken)

2 files changed, 8 insertions, 7 deletions

diff --git a/modules/nixos/personal/hardware.nix b/modules/nixos/personal/hardware.nix
index 0c7a068..d01639e 100644
--- a/modules/nixos/personal/hardware.nix
+++ b/modules/nixos/personal/hardware.nix
@@ -55,11 +55,12 @@ in {
           cfg.disks.crypted;
         preLVM = true;
         fallbackToPassword = true;
-        # only supported with systemd-initrd
+        # broken
+        ## only supported with systemd-initrd
         # keyFileTimeout = 1;
-        keyFile =
-          config.fileSystems."/boot".device
-          + ":/keyfile";
+        # keyFile =
+        #   config.fileSystems."/boot".device
+        #   + ":/keyfile";
         postOpenCommands = ''
           if [[ -f /boot/keyfile ]]
           then
diff --git a/modules/nixos/personal/nix.nix b/modules/nixos/personal/nix.nix
index a66ba07..a5c6e77 100644
--- a/modules/nixos/personal/nix.nix
+++ b/modules/nixos/personal/nix.nix
@@ -143,9 +143,9 @@ in {
               # Creating temporary LUKS key file for next reboot...
               if [[ "''${booted}" != "''${built}" && "''${do_reboot}" = true ]]
               then
-                dd if=/dev/urandom of=/boot/keyfile bs=1024 count=4
-                chmod 400 /boot/keyfile
-                cryptsetup --verbose luksAddKey --key-file /etc/luks/keyfile ${cryptCfg.device} /boot/keyfile
+                # dd if=/dev/urandom of=/boot/keyfile bs=1024 count=4
+                # chmod 400 /boot/keyfile
+                # cryptsetup --verbose luksAddKey --key-file /etc/luks/keyfile ${cryptCfg.device} /boot/keyfile
               fi
             '';
             postStop = ''