steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

nix/os: more work on partition handling

Browse source
This commit is contained in:
steveej 2018-11-04 23:56:36 +01:00
parent e7f6744be5
commit f94d349398
3 changed files with 37 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

14
nix/os/modules/encryptedDisk.nix
View file

@ -6,13 +6,23 @@ with lib;
let
cfg = config.hardware.encryptedDisk;
volumeGroup = cfg.diskId;
# This is important at install-time
bootGrubDevice = lib.concatStrings [ "/dev/disk/by-id/" cfg.diskId ];
bootFsDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" cfg.diskId "-part2" ];
bootLuksDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" cfg.diskId "-part3" ];
# These are guaranteed by LVM
rootFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/root" ];
swapFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/swap" ];
# TODO: verify the GPT PARTLABEL cap at 36 chars
shortenPartlabel = name: (builtins.substring 0 36 name);
# Cannot use the disk ID here because might be different at install vs. runtime.
# Example: MMC card which is used in the internal reader vs. USB reader
bootFsDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" (shortenPartlabel ("2-"+cfg.diskId))];
bootLuksDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" (shortenPartlabel ("3-"+cfg.diskId))];
in {
options.hardware.encryptedDisk = {
enable = mkEnableOption "Enable encrypted filesystem layout";