luks upd
This commit is contained in:
parent
1484eb8b1e
commit
d4a5d3c200
|
@ -70,10 +70,21 @@
|
|||
initrd = {
|
||||
systemd.enable = true; # tpm2 unlock requires systemd initrd
|
||||
luks.devices."cryptroot" = {
|
||||
allowDiscards = true;
|
||||
bypassWorkqueues = true;
|
||||
device = "/dev/nvme0n1p2";
|
||||
crypttabExtraOpts = [ "tpm2-device=auto" ]; # tpm2 unlock
|
||||
preLVM = true;
|
||||
|
||||
# If using a USB or SD Card for decryption include the following.
|
||||
allowDiscards = true;
|
||||
keyFileSize = 4096;
|
||||
# This is the disk id of your USB or SD Card.
|
||||
# Get this by running `ls -l /dev/disk/by-id`,
|
||||
# and copy the long string into the spot below.
|
||||
keyFile = "/dev/disk/by-id/Hello";
|
||||
|
||||
# Use this if you want to fallback to the encryption password when the drive can't be found. HIGHLY RECCOMENDED!!!!
|
||||
fallbackToPassword = true;
|
||||
};
|
||||
};
|
||||
resumeDevice = config.fileSystems."/swap".device;
|
||||
|
|
Loading…
Reference in New Issue