summaryrefslogtreecommitdiff
path: root/modules/nixos/personal/hardware.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/nixos/personal/hardware.nix')
-rw-r--r--modules/nixos/personal/hardware.nix35
1 files changed, 9 insertions, 26 deletions
diff --git a/modules/nixos/personal/hardware.nix b/modules/nixos/personal/hardware.nix
index d01639e..da4629c 100644
--- a/modules/nixos/personal/hardware.nix
+++ b/modules/nixos/personal/hardware.nix
@@ -49,32 +49,15 @@ in {
'';
}
- (lib.mkIf (cfg.disks.crypted != null) {
- boot.initrd.luks.devices.crypt = {
- device =
- cfg.disks.crypted;
- preLVM = true;
- fallbackToPassword = true;
- # broken
- ## only supported with systemd-initrd
- # keyFileTimeout = 1;
- # keyFile =
- # config.fileSystems."/boot".device
- # + ":/keyfile";
- postOpenCommands = ''
- if [[ -f /boot/keyfile ]]
- then
- echo "Detected old LUKS key file."
- echo "Disabling key file..."
- cryptsetup --verbose luksRemoveKey ${cfg.disks.crypted} --key-file /boot/keyfile ||
- echo "Shredding key file..."
- shred --force --zero --remove /boot/keyfile
- else
- echo "No old LUKS keyfile detected."
- fi
- '';
- };
- })
+ (let
+ crypt = cfg.disks.crypted;
+ in
+ lib.mkIf (crypt != null) {
+ boot.initrd.luks.devices.crypt = {
+ device = crypt;
+ preLVM = true;
+ };
+ })
(lib.mkIf cfg.sound.enable {
security.rtkit.enable = true;
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-25 03:57:59 +0000