diff options
Diffstat (limited to 'nixos/modules/autounlock.nix')
| -rw-r--r-- | nixos/modules/autounlock.nix | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/nixos/modules/autounlock.nix b/nixos/modules/autounlock.nix new file mode 100644 index 0000000..2e40bb2 --- /dev/null +++ b/nixos/modules/autounlock.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cnf = config.cynerd.autounlock; + +in { + + options = { + cynerd.autounlock = mkOption { + type = with types; attrsOf string; + default = {}; + description = "Devices to be auto-unlocked."; + }; + }; + + config = mkIf (cnf != {}) { + + environment.systemPackages = [ pkgs.luks-hw-password ]; + boot.initrd = { + extraFiles."/bin/luks-password" = pkgs.luks-hw-password + "/bin/luks-hw-password"; + luks.devices = mapAttrs (name: value: { + device = value; + keyFile = "/keys/${name}.key"; + fallbackToPassword = true; + preOpenCommands = '' + mkdir -p /keys + luks-hw-password > /keys/${name}.key + ''; + postOpenCommands = '' + rm -rf /keys + ''; + }) cnf; + }; + + }; + +} |