geoffrey/dotfiles
geoffrey/dotfiles
1
0
Fork 0
Code Issues 7 Pull requests Releases Activity

Use actual encryption passwords

Browse source
This commit is contained in:
Geoffrey Frogeye 2023-12-09 00:09:36 +01:00
parent 54ec1fc9ba
commit f20678d134
Signed by: geoffrey
GPG key ID: C72403E7F82E6AD8
4 changed files with 15 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
install_os.sh
View file

@ -64,6 +64,7 @@ fi
mountpoint="/mnt/nixos"
nix_flakes_cmd="nix --extra-experimental-features nix-command --extra-experimental-features flakes"
luks_pass_path="luks/$(basename ${profile})"
set -x
@ -73,8 +74,15 @@ sudo mkdir -p "$mountpoint"
# Not great, but fixable with flakes I guess
sudo ./add_channels.sh
# Load encryption password
luks_pass_file="$(mktemp --suffix="luks_password")"
pass $luks_pass_path | head -n1 | tr -d '\n' > $luks_pass_file
# Format or mount disk
sudo $nix_flakes_cmd run github:nix-community/disko -- --root-mountpoint "$mountpoint" --mode "$disko_mode" "$disko_config"
sudo $nix_flakes_cmd run github:nix-community/disko -- --root-mountpoint "$mountpoint" --mode "$disko_mode" --argstr passwordFile "$luks_pass_file" "$disko_config"
# Unload encryption password
rm "$luks_pass_file"
# Generate hardware-config.nix
sudo nixos-generate-config --no-filesystems --root "$mountpoint"