From 70a6b18c04ef4194e209d2e41e704f81ca776c32 Mon Sep 17 00:00:00 2001 From: Daniel Langbein Date: Thu, 28 Sep 2023 16:23:00 +0200 Subject: [PATCH] update README --- README.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 436d78e..9bea9c4 100644 --- a/README.md +++ b/README.md @@ -206,11 +206,20 @@ Summary: * Regenerate hardware-configuration: `sudo nixos-generate-config --dir hosts/$(hostname)` * Add `swapDevices = [ { device = "/swap/swapfile"; } ];` to hardware configuration and run `nixos-rebuild switch` (see above). +## LUKS Parameters + +**Warning**: NixOS has a hardcoded timeout of 10 seconds when opening encrypted drives during boot. Please choose `--iter-time` <= `5000`. + +* https://github.com/NixOS/nixpkgs/blob/ed2ccd4d1748e52d5d28c440d5be4b25a4f21c08/nixos/modules/system/boot/luksroot.nix#L498 +* https://github.com/NixOS/nixpkgs/blob/ed2ccd4d1748e52d5d28c440d5be4b25a4f21c08/nixos/modules/system/boot/luksroot.nix#L30 +* https://github.com/NixOS/nixpkgs/blob/ed2ccd4d1748e52d5d28c440d5be4b25a4f21c08/nixos/modules/system/boot/luksroot.nix#L36C7-L36C7 + ## Automount encrypted drive ~~* Generate and add keyfile to LUKS device~~ * Use the same password for all attached LUKS devices to be only prompted once while booting - * https://discourse.nixos.org/t/how-to-unlock-some-luks-devices-with-a-keyfile-on-a-first-luks-device/18949/11 + * Discussion: https://discourse.nixos.org/t/how-to-unlock-some-luks-devices-with-a-keyfile-on-a-first-luks-device/18949/11 + * Related NixOS config option: https://github.com/NixOS/nixpkgs/blob/ed2ccd4d1748e52d5d28c440d5be4b25a4f21c08/nixos/modules/system/boot/luksroot.nix#L570-L584 * luksOpen and mount drive, e.g. to `/mnt/data1` * Re-generate hardware configuration: