diff options
| -rw-r--r-- | modules/nixos/personal/nix.nix | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/modules/nixos/personal/nix.nix b/modules/nixos/personal/nix.nix index 0ecc459..abe291b 100644 --- a/modules/nixos/personal/nix.nix +++ b/modules/nixos/personal/nix.nix @@ -158,12 +158,18 @@ in { lib.mkIf (cryptExists && config.system.autoUpgrade.allowReboot) { path = [pkgs.cryptsetup]; script = lib.mkAfter '' - cryptsetup --verbose luksAddKey --key-file /etc/luks/keys/master ${cryptCfg.device} /etc/luks/keys/tmp + if [ "$do_reboot" ] + then + cryptsetup --verbose luksAddKey --key-file /etc/luks/keys/master ${cryptCfg.device} /etc/luks/keys/tmp + fi ''; + serviceConfig.TimeoutStopSec = "infinity"; postStop = '' - # if a reboot due to nixos-upgrade happens, it should occur within a minute - sleep 120 - # if no reboot has happened, disable any leftover keyfile + # if a reboot due to nixos-upgrade happens, + # it should occur within a minute + sleep 60 + # if no reboot has happened, + # disable any leftover keyfile while cryptsetup --verbose luksRemoveKey ${cryptCfg.device} --key-file /etc/luks/keys/tmp do : |