machines/dnyarri: Remove vault device

Since quite a while, NixOS re-uses the passphrases from earlier devices, so there is no need anymore for such a device in order to unlock multiple containers with the same passphrase. Signed-off-by: aszlig <aszlig@nix.build>
author: aszlig <aszlig@nix.build> 2018-12-24 20:02:25 +0100
committer: aszlig <aszlig@nix.build> 2018-12-24 20:05:30 +0100
commit: 58ab58c7ea8fa02a1f060be41d48bdb9752d6dcf (patch)
tree: e481781e44b48399d9555be51ac5fc45c949d5f3 /machines/aszlig/dnyarri.nix
parent: f761cd0b770ebff8e7f78d1d88fa7ac0c9b74590 (diff)
1 files changed, 1 insertions, 14 deletions
diff --git a/machines/aszlig/dnyarri.nix b/machines/aszlig/dnyarri.nix
index 3b0c7508..bb75a91b 100644
--- a/machines/aszlig/dnyarri.nix
+++ b/machines/aszlig/dnyarri.nix
@@ -1,18 +1,9 @@
 { pkgs, lib, ... }:
 
 let
-  vaultPath = "/dev/mapper/${vaultDevice.name}";
-
   mkDevice = category: num: uuid: {
     name = "dnyarri-${category}-crypt-${toString num}";
     device = "/dev/disk/by-uuid/${uuid}";
-    keyFile = vaultPath;
-    keyFileSize = 1048576;
-  };
-
-  vaultDevice = {
-    name = "dnyarri-crypt-vault";
-    device = "/dev/disk/by-uuid/61e971d2-be93-4e60-8266-b2c6a71e2dc8";
   };
 
   cryptDevices = {
@@ -46,11 +37,7 @@ in {
 
     initrd = {
       availableKernelModules = [ "bcache" ];
-      luks.devices = lib.singleton vaultDevice
-                  ++ lib.concatLists (lib.attrValues cryptDevices);
-      postDeviceCommands = lib.mkAfter ''
-        cryptsetup close ${lib.escapeShellArg vaultPath}
-      '';
+      luks.devices = lib.concatLists (lib.attrValues cryptDevices);
     };
   };
author	aszlig <aszlig@nix.build>	2018-12-24 20:02:25 +0100
committer	aszlig <aszlig@nix.build>	2018-12-24 20:05:30 +0100
commit	58ab58c7ea8fa02a1f060be41d48bdb9752d6dcf (patch)
tree	e481781e44b48399d9555be51ac5fc45c949d5f3 /machines/aszlig/dnyarri.nix
parent	f761cd0b770ebff8e7f78d1d88fa7ac0c9b74590 (diff)