axeman/pub-solar-os
1
0
Fork 0
forked from pub-solar/os
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge pull request 'feature: boot from unencrypted /boot partition' (#53) from feature/separate-boot-partition into main

Browse source 
Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/53
Reviewed-by: Benjamin Bädorf <b12f@noreply.example.org>
This commit is contained in:
Benjamin Bädorf 2021-10-24 21:27:04 +00:00
parent bdb5132460 c35a38f834
commit 845f5114a1
1 changed files with 3 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
modules/x-os/boot.nix
View file

@ -3,40 +3,19 @@
let let
cfg = config.pub-solar.x-os; cfg = config.pub-solar.x-os;
in in
with lib; { {
options = {
pub-solar.x-os.keyfile = mkOption {
type = types.str;
description = "Keyfile location";
};
};
config = { config = {
# Enable plymouth for better experience of booting # Enable plymouth for better experience of booting
boot.plymouth.enable = true; boot.plymouth.enable = true;
# Use Keyfile to unlock the root partition to avoid keying in twice. # Mount / luks device in initrd
# Allow fstrim to work on it. # Allow fstrim to work on it.
boot.initrd = { boot.initrd = {
secrets = { "/keyfile.bin" = cfg.keyfile; };
luks.devices."cryptroot" = { luks.devices."cryptroot" = {
keyFile = "/keyfile.bin";
allowDiscards = true; allowDiscards = true;
fallbackToPassword = true;
}; };
}; };
# Use GRUB with encrypted /boot under EFI env. boot.loader.systemd-boot.enable = true;
boot.loader = {
efi.efiSysMountPoint = "/boot/efi";
grub = {
enable = true;
version = 2;
device = "nodev";
efiSupport = true;
enableCryptodisk = true;
};
};
}; };
} }