nichts/nyx/hosts/hermes/encryption.nix

{
  config,
  lib,
  ...
}: {
  # mildly improves performance for the disk encryption
  boot.initrd.availableKernelModules = [
    "aesni_intel"
    "cryptd"
    "usb_storage"
  ];

  services.lvm.enable = lib.mkForce true;

  boot.initrd.luks.devices."enc" = {
    # improve performance on ssds
    bypassWorkqueues = true;
    preLVM = true;

    # the device with the maching id will be searched for the key file
    # keyFile = "/dev/disk/by-id/usb-Generic_Flash_Disk_B314B63E-0:0";
    # keyFileSize = 4096;

    # if keyfile is not there, fall back to cryptsetup password
    fallbackToPassword = !config.boot.initrd.systemd.enable; # IMPLIED BY config.boot.initrd.systemd.enable
  };
}
added stuff 2024-04-09 23:11:33 +02:00			`{`
			`config,`
			`lib,`
			`...`
			`}: {`
			`# mildly improves performance for the disk encryption`
			`boot.initrd.availableKernelModules = [`
			`"aesni_intel"`
			`"cryptd"`
			`"usb_storage"`
			`];`

			`services.lvm.enable = lib.mkForce true;`

			`boot.initrd.luks.devices."enc" = {`
			`# improve performance on ssds`
			`bypassWorkqueues = true;`
			`preLVM = true;`

			`# the device with the maching id will be searched for the key file`
			`# keyFile = "/dev/disk/by-id/usb-Generic_Flash_Disk_B314B63E-0:0";`
			`# keyFileSize = 4096;`

			`# if keyfile is not there, fall back to cryptsetup password`
			`fallbackToPassword = !config.boot.initrd.systemd.enable; # IMPLIED BY config.boot.initrd.systemd.enable`
			`};`
			`}`