From 2f864beb9c0910d36c386571a89fff227d43cd34 Mon Sep 17 00:00:00 2001
From: aristote <quentin.aristote@irif.fr>
Date: Fri, 28 Feb 2025 13:00:50 +0100
Subject: nixos: luks: disable tmp keyfile (broken)

---
 modules/nixos/personal/hardware.nix | 9 +++++----
 modules/nixos/personal/nix.nix      | 6 +++---
 2 files changed, 8 insertions(+), 7 deletions(-)

(limited to 'modules/nixos')

diff --git a/modules/nixos/personal/hardware.nix b/modules/nixos/personal/hardware.nix
index 0c7a068..d01639e 100644
--- a/modules/nixos/personal/hardware.nix
+++ b/modules/nixos/personal/hardware.nix
@@ -55,11 +55,12 @@ in {
           cfg.disks.crypted;
         preLVM = true;
         fallbackToPassword = true;
-        # only supported with systemd-initrd
+        # broken
+        ## only supported with systemd-initrd
         # keyFileTimeout = 1;
-        keyFile =
-          config.fileSystems."/boot".device
-          + ":/keyfile";
+        # keyFile =
+        #   config.fileSystems."/boot".device
+        #   + ":/keyfile";
         postOpenCommands = ''
           if [[ -f /boot/keyfile ]]
           then
diff --git a/modules/nixos/personal/nix.nix b/modules/nixos/personal/nix.nix
index a66ba07..a5c6e77 100644
--- a/modules/nixos/personal/nix.nix
+++ b/modules/nixos/personal/nix.nix
@@ -143,9 +143,9 @@ in {
               # Creating temporary LUKS key file for next reboot...
               if [[ "''${booted}" != "''${built}" && "''${do_reboot}" = true ]]
               then
-                dd if=/dev/urandom of=/boot/keyfile bs=1024 count=4
-                chmod 400 /boot/keyfile
-                cryptsetup --verbose luksAddKey --key-file /etc/luks/keyfile ${cryptCfg.device} /boot/keyfile
+                # dd if=/dev/urandom of=/boot/keyfile bs=1024 count=4
+                # chmod 400 /boot/keyfile
+                # cryptsetup --verbose luksAddKey --key-file /etc/luks/keyfile ${cryptCfg.device} /boot/keyfile
               fi
             '';
             postStop = ''
-- 
cgit v1.2.3