[Nix-dev] How to add file to initrd?
Tomasz Czyż
tomasz.czyz at gmail.com
Thu Sep 10 10:19:21 CEST 2015
2015-09-09 7:03 GMT+01:00 Bryan Gardiner <bog at khumba.net>:
> On Tue, Sep 08, 2015 at 08:09:16PM +0100, Tomasz Czyż wrote:
> > Hi,
> >
> > Continuation of this thread:
> >
> http://thread.gmane.org/gmane.linux.distributions.nixos/17879/focus=17880
> >
> > I already successfully set up crypted partitions for mdadm and for zfs.
> The
> > system is mounting them properly with standard nixos configuration using
> > ``boot.initrd.luks`` configs.
> >
> > But for each mount I have to pass password/key. I thought I can put keys
> > for all partitions to initrd as initrd is on encrypted boot partition
> > (boot). The process would be like:
> > * enter password for grub
> > * grub loads initrd
> > * initrd unlocks all other partitions
> >
> > Currently it works for me in very strange way.
> > I am using preLVMCommands option with "echo 'mykey' > /key".
> > I don't like it because I cannot keep my configuration on git somewhere
> > cause it expose my passwords.
>
> How about doing something like:
>
> preLVMCommands =
> let key = builtins.readFile ./keyfile; in
> "echo '${key}' >/key"
>
> then putting keyfile in gitignore?
>
Thanks Bryan,
looks like good trick :-) I'm new to nix, I didn't even thought about that
stuff, cheers!
Tom
>
> - Bryan
>
> > Is there any way to add key files to initrd? (I found some "extra"
> options
> > for boot partition but not for initrd, maybe there are some hooks I'm not
> > aware of)
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
--
Tomasz Czyż
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20150910/8942faee/attachment.html
More information about the nix-dev
mailing list