diff --git a/template/README.md b/template/README.md index 7cd04ff..55ca2c6 100644 --- a/template/README.md +++ b/template/README.md @@ -29,7 +29,7 @@ nixos-generate-config --no-filesystems --root /mnt cat /mnt/etc/nixos/hardware-configuration.nix ``` -Save the output to a new file in [./hardware-configs/](./hardware-configs/). In [./flake.nix](./flake.nix) replace `./hardware-configs/yodaHP.nix` with it. +Save the output to a new file in [./hardware-configs](./hardware-configs). In [./flake.nix](./flake.nix) replace `./hardware-configs/yodaHP.nix` with it. Note: The hardware configuration should not contain any `fileSystems.` options as these are generated based on your disko configuration. @@ -79,3 +79,11 @@ nix --extra-experimental-features nix-command --extra-experimental-features flak ## TODOs - Hetzner Cloud example: https://github.com/numtide/nixos-anywhere-examples/blob/main/flake.nix + +## Appendix - LUKS Parameters + +**Warning**: NixOS has a hardcoded timeout of 10 seconds when opening encrypted drives during boot. Please choose `--iter-time` <= `7500`. + +* https://github.com/NixOS/nixpkgs/blob/ed2ccd4d1748e52d5d28c440d5be4b25a4f21c08/nixos/modules/system/boot/luksroot.nix#L498 +* https://github.com/NixOS/nixpkgs/blob/ed2ccd4d1748e52d5d28c440d5be4b25a4f21c08/nixos/modules/system/boot/luksroot.nix#L30 +* https://github.com/NixOS/nixpkgs/blob/ed2ccd4d1748e52d5d28c440d5be4b25a4f21c08/nixos/modules/system/boot/luksroot.nix#L36C7-L36C7 diff --git a/template/disk-configs/luks-btrfs.nix b/template/disk-configs/luks-btrfs.nix index d61345f..487aeed 100644 --- a/template/disk-configs/luks-btrfs.nix +++ b/template/disk-configs/luks-btrfs.nix @@ -40,7 +40,7 @@ # - 5 seconds to open extraFormatArgs = [ "--cipher" "aes-xts-plain64" "--key-size" "512" "--hash" "sha512" - "--pbkdf-memory" pbkdf-memory "--iter-time" "5000" "--use-random" + "--pbkdf-memory" pbkdf-memory "--iter-time" "7500" "--use-random" ]; extraOpenArgs = [ "--allow-discards" ]; # If you want to use the key for interactive login be sure there is no trailing newline.