about summary refs log tree commit diff
path: root/nixos/modules/system
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/system')
-rw-r--r--nixos/modules/system/boot/clevis.md8
1 files changed, 6 insertions, 2 deletions
diff --git a/nixos/modules/system/boot/clevis.md b/nixos/modules/system/boot/clevis.md
index cdd5d12753dad..39edc0fc38dfd 100644
--- a/nixos/modules/system/boot/clevis.md
+++ b/nixos/modules/system/boot/clevis.md
@@ -40,12 +40,16 @@ For more complete documentation on how to generate a secret with clevis, see the
 In order to activate unattended decryption of a resource at boot, enable the `clevis` module:
 
 ```nix
-boot.initrd.clevis.enable = true;
+{
+  boot.initrd.clevis.enable = true;
+}
 ```
 
 Then, specify the device you want to decrypt using a given clevis secret. Clevis will automatically try to decrypt the device at boot and will fallback to interactive unlocking if the decryption policy is not fulfilled.
 ```nix
-boot.initrd.clevis.devices."/dev/nvme0n1p1".secretFile = ./nvme0n1p1.jwe;
+{
+  boot.initrd.clevis.devices."/dev/nvme0n1p1".secretFile = ./nvme0n1p1.jwe;
+}
 ```
 
 Only `bcachefs`, `zfs` and `luks` encrypted devices are supported at this time.
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-05 02:09:43 +0000