add LUKS format arguments

This commit is contained in:
Daniel Langbein 2023-10-16 18:50:51 +02:00
parent a4bcb6cc77
commit fb9102f3de
Signed by: langfingaz
GPG Key ID: 6C47C753F0823002
2 changed files with 10 additions and 0 deletions

View File

@ -2,6 +2,9 @@
This is an example repository for nixos-anywhere and disko. This is an example repository for nixos-anywhere and disko.
* disko reference: https://github.com/nix-community/disko/blob/master/docs/reference.md
* nixos-anywhere reference: https://github.com/nix-community/nixos-anywhere/blob/main/docs/reference.md
## Build installer ISO with passwordless SSH ## Build installer ISO with passwordless SSH
```shell ```shell

View File

@ -35,6 +35,13 @@
content = { content = {
type = "luks"; type = "luks";
name = "crypted"; name = "crypted";
# Additional arguments passed to luksFormat:
# - 4GB RAM to unlock disk
# - 5 seconds to open
extraFormatArgs = [
"--cipher" "aes-xts-plain64" "--key-size" "512" "--hash" "sha512"
"--pbkdf-memory" "4000000" "--iter-time" "5000" "--use-random"
];
extraOpenArgs = [ "--allow-discards" ]; extraOpenArgs = [ "--allow-discards" ];
# If you want to use the key for interactive login be sure there is no trailing newline. # If you want to use the key for interactive login be sure there is no trailing newline.
# For example use `echo -n 'password' > /tmp/secret.key` # For example use `echo -n 'password' > /tmp/secret.key`