nixos-config/nixos/roles/boot-key.nix

{ lib, config, ... }:
let secretsFile = "/var/lib/luks-secret/key";
in
{
  boot = {
    initrd = {
      luks.devices."nixos" = {
        fallbackToPassword = true;
        keyFile = secretsFile;
      };
      # copy the secret into the additional initramfs. `null` means same path
      secrets."${secretsFile}" = null;
    };
  };
}
Update everything 2019-08-02 03:17:00 +00:00			`{ lib, config, ... }:`
Migrate to 20.09 2020-09-16 17:32:23 +00:00			`let secretsFile = "/var/lib/luks-secret/key";`
Reformat with nixpkgs-fmt 2021-05-18 14:33:28 +00:00			`in`
			`{`
Migrate to 20.09 2020-09-16 17:32:23 +00:00			`boot = {`
			`initrd = {`
			`luks.devices."nixos" = {`
			`fallbackToPassword = true;`
			`keyFile = secretsFile;`
			`};`
			# copy the secret into the additional initramfs. `null` means same path
			`secrets."${secretsFile}" = null;`
			`};`
Update everything 2019-08-02 03:17:00 +00:00			`};`
			`}`