From e1927693e33eabf1bdd29155bb843efb09d47af1 Mon Sep 17 00:00:00 2001 From: Baitinq Date: Wed, 24 Aug 2022 16:48:31 +0200 Subject: [PATCH] Support optional keyfile for luks encrypted partitions If the keyfile attribute is not present it will omit any keyfile luks configuration and instead will make the user be prompted for any passphrases. --- lib/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/default.nix b/lib/default.nix index f2908f5..3d86f28 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -76,8 +76,8 @@ let { ''; create.luks = q: x: '' - cryptsetup -q luksFormat ${q.device} ${x.keyfile} ${toString (x.extraArgs or [])} - cryptsetup luksOpen ${q.device} ${x.name} --key-file ${x.keyfile} + cryptsetup -q luksFormat ${q.device} ${if builtins.hasAttr "keyfile" x then x.keyfile else ""} ${toString (x.extraArgs or [])} + cryptsetup luksOpen ${q.device} ${x.name} ${if builtins.hasAttr "keyfile" x then "--key-file " + x.keyfile else ""} ${create-f { device = "/dev/mapper/${x.name}"; } x.content} ''; @@ -141,7 +141,7 @@ let { recursiveUpdate (mount-f { device = "/dev/mapper/${x.name}"; } x.content) {luks.${q.device} = '' - cryptsetup luksOpen ${q.device} ${x.name} --key-file ${x.keyfile} + cryptsetup luksOpen ${q.device} ${x.name} ${if builtins.hasAttr "keyfile" x then "--key-file " + x.keyfile else ""} '';} );