diff options
author | aszlig <aszlig@nix.build> | 2018-12-24 20:02:25 +0100 |
---|---|---|
committer | aszlig <aszlig@nix.build> | 2018-12-24 20:05:30 +0100 |
commit | 58ab58c7ea8fa02a1f060be41d48bdb9752d6dcf (patch) | |
tree | e481781e44b48399d9555be51ac5fc45c949d5f3 /machines | |
parent | f761cd0b770ebff8e7f78d1d88fa7ac0c9b74590 (diff) |
machines/dnyarri: Remove vault device
Since quite a while, NixOS re-uses the passphrases from earlier devices, so there is no need anymore for such a device in order to unlock multiple containers with the same passphrase. Signed-off-by: aszlig <aszlig@nix.build>
Diffstat (limited to 'machines')
-rw-r--r-- | machines/aszlig/dnyarri.nix | 15 |
1 files changed, 1 insertions, 14 deletions
diff --git a/machines/aszlig/dnyarri.nix b/machines/aszlig/dnyarri.nix index 3b0c7508..bb75a91b 100644 --- a/machines/aszlig/dnyarri.nix +++ b/machines/aszlig/dnyarri.nix @@ -1,18 +1,9 @@ { pkgs, lib, ... }: let - vaultPath = "/dev/mapper/${vaultDevice.name}"; - mkDevice = category: num: uuid: { name = "dnyarri-${category}-crypt-${toString num}"; device = "/dev/disk/by-uuid/${uuid}"; - keyFile = vaultPath; - keyFileSize = 1048576; - }; - - vaultDevice = { - name = "dnyarri-crypt-vault"; - device = "/dev/disk/by-uuid/61e971d2-be93-4e60-8266-b2c6a71e2dc8"; }; cryptDevices = { @@ -46,11 +37,7 @@ in { initrd = { availableKernelModules = [ "bcache" ]; - luks.devices = lib.singleton vaultDevice - ++ lib.concatLists (lib.attrValues cryptDevices); - postDeviceCommands = lib.mkAfter '' - cryptsetup close ${lib.escapeShellArg vaultPath} - ''; + luks.devices = lib.concatLists (lib.attrValues cryptDevices); }; }; |