luks upd
This commit is contained in:
parent
1484eb8b1e
commit
d4a5d3c200
|
@ -70,10 +70,21 @@
|
||||||
initrd = {
|
initrd = {
|
||||||
systemd.enable = true; # tpm2 unlock requires systemd initrd
|
systemd.enable = true; # tpm2 unlock requires systemd initrd
|
||||||
luks.devices."cryptroot" = {
|
luks.devices."cryptroot" = {
|
||||||
allowDiscards = true;
|
|
||||||
bypassWorkqueues = true;
|
bypassWorkqueues = true;
|
||||||
device = "/dev/nvme0n1p2";
|
device = "/dev/nvme0n1p2";
|
||||||
crypttabExtraOpts = [ "tpm2-device=auto" ]; # tpm2 unlock
|
crypttabExtraOpts = [ "tpm2-device=auto" ]; # tpm2 unlock
|
||||||
|
preLVM = true;
|
||||||
|
|
||||||
|
# If using a USB or SD Card for decryption include the following.
|
||||||
|
allowDiscards = true;
|
||||||
|
keyFileSize = 4096;
|
||||||
|
# This is the disk id of your USB or SD Card.
|
||||||
|
# Get this by running `ls -l /dev/disk/by-id`,
|
||||||
|
# and copy the long string into the spot below.
|
||||||
|
keyFile = "/dev/disk/by-id/Hello";
|
||||||
|
|
||||||
|
# Use this if you want to fallback to the encryption password when the drive can't be found. HIGHLY RECCOMENDED!!!!
|
||||||
|
fallbackToPassword = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
resumeDevice = config.fileSystems."/swap".device;
|
resumeDevice = config.fileSystems."/swap".device;
|
||||||
|
|
Loading…
Reference in New Issue