allow unattended boot firelink

author: Kjetil Orbekk <kj@orbekk.com> 2021-07-12 09:14:36 -0400
committer: Kjetil Orbekk <kj@orbekk.com> 2021-07-12 09:14:36 -0400
commit: b4d9ba419a430d0162ec19eb426f2b3f9a5aae0e (patch)
tree: e3b966e8ad1c76acc73f8a6169f5e67cb08e47e9 /machines
parent: 4747e07a30d53516c85967a2e485a1735c1d5694 (diff)
1 files changed, 8 insertions, 4 deletions
diff --git a/machines/firelink.nix b/machines/firelink.nix
index 4f23835..7673c21 100644
--- a/machines/firelink.nix
+++ b/machines/firelink.nix
@@ -133,7 +133,7 @@ in {
   console.earlySetup = true;
 
   boot.loader.grub.enable = true;
-  boot.loader.grub.devices = ["nodev"];
+  boot.loader.grub.devices = [ "nodev" ];
   boot.loader.grub.efiSupport = true;
   boot.loader.efi.canTouchEfiVariables = true;
   # boot.loader.grub.efiInstallAsRemovable = true;
@@ -210,9 +210,13 @@ in {
     options = [ "noatime" "discard" ];
   };
 
-  boot.initrd.luks.devices."cryptsystem".device =
-    "/dev/disk/by-uuid/8acc11c2-e540-4561-8c88-34176fca1a72";
-  boot.initrd.luks.devices."cryptsystem".allowDiscards = true;
+  boot.initrd.luks.devices."cryptsystem" = {
+    device = "/dev/disk/by-uuid/8acc11c2-e540-4561-8c88-34176fca1a72";
+    allowDiscards = true;
+    keyFile = "/dev/zero";
+    keyFileSize = 32;
+    fallbackToPassword = true;
+  };
 
   fileSystems."/boot" = {
     device = "/dev/disk/by-uuid/C636-D264";
author	Kjetil Orbekk <kj@orbekk.com>	2021-07-12 09:14:36 -0400
committer	Kjetil Orbekk <kj@orbekk.com>	2021-07-12 09:14:36 -0400
commit	b4d9ba419a430d0162ec19eb426f2b3f9a5aae0e (patch)
tree	e3b966e8ad1c76acc73f8a6169f5e67cb08e47e9 /machines
parent	4747e07a30d53516c85967a2e485a1735c1d5694 (diff)