[Nix-dev] How to add file to initrd?

Bryan Gardiner bog at khumba.net
Wed Sep 9 08:03:50 CEST 2015


On Tue, Sep 08, 2015 at 08:09:16PM +0100, Tomasz Czyż wrote:
> Hi,
> 
> Continuation of this thread:
> http://thread.gmane.org/gmane.linux.distributions.nixos/17879/focus=17880
> 
> I already successfully set up crypted partitions for mdadm and for zfs. The
> system is mounting them properly with standard nixos configuration using
> ``boot.initrd.luks`` configs.
> 
> But for each mount I have to pass password/key. I thought I can put keys
> for all partitions to initrd as initrd is on encrypted boot partition
> (boot). The process would be like:
> * enter password for grub
> * grub loads initrd
> * initrd unlocks all other partitions
> 
> Currently it works for me in very strange way.
> I am using preLVMCommands option with "echo 'mykey' > /key".
> I don't like it because I cannot keep my configuration on git somewhere
> cause it expose my passwords.

How about doing something like:

    preLVMCommands =
      let key = builtins.readFile ./keyfile; in
      "echo '${key}' >/key"

then putting keyfile in gitignore?

- Bryan

> Is there any way to add key files to initrd? (I found some "extra" options
> for boot partition but not for initrd, maybe there are some hooks I'm not
> aware of)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
Url : http://lists.science.uu.nl/pipermail/nix-dev/attachments/20150908/eead89ff/attachment.bin 


More information about the nix-dev mailing list