Mirrors/disko
2
0
Fork 0
mirror of https://github.com/nix-community/disko synced 2024-11-12 23:27:07 +00:00
Code Issues Projects Releases Packages Wiki Activity

add additionalKeyFiles option to example

Browse source
This commit is contained in:
arch 2023-07-11 20:58:29 +02:00 committed by lassulus
parent 3c851fc951
commit 5ff13729e4
4 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
example/complex.nix
View file

@ -32,6 +32,7 @@
type = "luks"; type = "luks";
name = "crypted1"; name = "crypted1";
settings.keyFile = "/tmp/secret.key"; settings.keyFile = "/tmp/secret.key";
additionalKeyFiles = ["/tmp/additionalSecret.key"];
extraFormatArgs = [ extraFormatArgs = [
"--iter-time 1" # unsecure but fast for tests "--iter-time 1" # unsecure but fast for tests
]; ];

1
example/luks-lvm.nix
View file

@ -33,6 +33,7 @@
# if you want to use the key for interactive login be sure there is no trailing newline # if you want to use the key for interactive login be sure there is no trailing newline
# for example use `echo -n "password" > /tmp/secret.key` # for example use `echo -n "password" > /tmp/secret.key`
settings.keyFile = "/tmp/secret.key"; settings.keyFile = "/tmp/secret.key";
additionalKeyFiles = ["/tmp/additionalSecret.key"];
content = { content = {
type = "lvm_pv"; type = "lvm_pv";
vg = "pool"; vg = "pool";

3
lib/types/luks.nix
View file

@ -91,8 +91,7 @@ in
cryptsetup luksOpen ${config.device} ${config.name} \ cryptsetup luksOpen ${config.device} ${config.name} \
${toString config.extraOpenArgs} \ ${toString config.extraOpenArgs} \
${keyFileArgs} ${keyFileArgs}
${lib.optionalString (config.keyFile != null) "--key-file ${config.keyFile}"} ${toString (lib.lists.forEach config.additionalKeyFiles (x: "cryptsetup luksAddKey ${config.device} --key-file ${config.settings.keyFile} ${x};"))}
${toString (lib.lists.forEach config.additionalKeyFiles (x: "cryptsetup luksAddKey ${config.device} ${lib.optionalString (config.keyFile != null) "--key-file ${config.keyFile}"} ${x};"))}
${lib.optionalString (config.content != null) config.content._create} ${lib.optionalString (config.content != null) config.content._create}
''; '';
}; };

1
tests/lib.nix
View file

@ -135,6 +135,7 @@
machine.start() machine.start()
machine.succeed("echo -n 'secretsecret' > /tmp/secret.key") machine.succeed("echo -n 'secretsecret' > /tmp/secret.key")
machine.succeed("echo -n 'additionalSecret' > /tmp/additionalSecret.key")
${lib.optionalString (testMode == "direct") '' ${lib.optionalString (testMode == "direct") ''
machine.succeed("${tsp-create}") machine.succeed("${tsp-create}")
machine.succeed("${tsp-mount}") machine.succeed("${tsp-mount}")