NixOS Wiki

Full Disk Encryption: Difference between revisions

← Older editNewer edit →
VisualWikitext
No edit summary
Undo revision 18261 and 18262 by Juangiordana (talk) Reason: All files managed by Nix, including those in environment.etc, will always be world-readable in the /nix/store. This is fine, as /etc/crypttab does not contain secrets. Let us avoid no-ops in code examples.
Line 257: Line 257:
<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
{
{
   environment.etc.crypttab = {
   environment.etc.crypttab.text = ''
    mode = "0600";
    cryptstorage UUID=UUID-OF-SDB /root/mykeyfile.key
    text = ''
  '';
      # <volume-name> <encrypted-device> [key-file] [options]
      cryptstorage UUID=UUID-OF-SDB /root/mykeyfile.key
    '';
  };
}
}
</syntaxhighlight>
</syntaxhighlight>
Retrieved from "https://wiki.nixos.org/wiki/Full_Disk_Encryption"