Mirror/nix-git
Mirror/nix-git
1
0
Fork 0
mirror of https://codeberg.org/privacy1st/nix-git synced 2024-11-20 21:58:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

update README

Browse Source
This commit is contained in:
Daniel Langbein 2023-09-28 16:23:00 +02:00
parent 7f8a6fede2
commit 70a6b18c04
Signed by: langfingaz
GPG Key ID: 6C47C753F0823002
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
README.md
View File

@ -206,11 +206,20 @@ Summary:
* Regenerate hardware-configuration: `sudo nixos-generate-config --dir hosts/$(hostname)`
* Add `swapDevices = [ { device = "/swap/swapfile"; } ];` to hardware configuration and run `nixos-rebuild switch` (see above).
## LUKS Parameters
**Warning**: NixOS has a hardcoded timeout of 10 seconds when opening encrypted drives during boot. Please choose `--iter-time` <= `5000`.
* https://github.com/NixOS/nixpkgs/blob/ed2ccd4d1748e52d5d28c440d5be4b25a4f21c08/nixos/modules/system/boot/luksroot.nix#L498
* https://github.com/NixOS/nixpkgs/blob/ed2ccd4d1748e52d5d28c440d5be4b25a4f21c08/nixos/modules/system/boot/luksroot.nix#L30
* https://github.com/NixOS/nixpkgs/blob/ed2ccd4d1748e52d5d28c440d5be4b25a4f21c08/nixos/modules/system/boot/luksroot.nix#L36C7-L36C7
## Automount encrypted drive
~~* Generate and add keyfile to LUKS device~~
* Use the same password for all attached LUKS devices to be only prompted once while booting
* https://discourse.nixos.org/t/how-to-unlock-some-luks-devices-with-a-keyfile-on-a-first-luks-device/18949/11
* Discussion: https://discourse.nixos.org/t/how-to-unlock-some-luks-devices-with-a-keyfile-on-a-first-luks-device/18949/11
* Related NixOS config option: https://github.com/NixOS/nixpkgs/blob/ed2ccd4d1748e52d5d28c440d5be4b25a4f21c08/nixos/modules/system/boot/luksroot.nix#L570-L584
* luksOpen and mount drive, e.g. to `/mnt/data1`
* Re-generate hardware configuration: