From 58ab58c7ea8fa02a1f060be41d48bdb9752d6dcf Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@nix.build>
Date: Mon, 24 Dec 2018 20:02:25 +0100
Subject: machines/dnyarri: Remove vault device

Since quite a while, NixOS re-uses the passphrases from earlier devices,
so there is no need anymore for such a device in order to unlock
multiple containers with the same passphrase.

Signed-off-by: aszlig <aszlig@nix.build>
---
 machines/aszlig/dnyarri.nix | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

(limited to 'machines/aszlig/dnyarri.nix')

diff --git a/machines/aszlig/dnyarri.nix b/machines/aszlig/dnyarri.nix
index 3b0c7508..bb75a91b 100644
--- a/machines/aszlig/dnyarri.nix
+++ b/machines/aszlig/dnyarri.nix
@@ -1,18 +1,9 @@
 { pkgs, lib, ... }:
 
 let
-  vaultPath = "/dev/mapper/${vaultDevice.name}";
-
   mkDevice = category: num: uuid: {
     name = "dnyarri-${category}-crypt-${toString num}";
     device = "/dev/disk/by-uuid/${uuid}";
-    keyFile = vaultPath;
-    keyFileSize = 1048576;
-  };
-
-  vaultDevice = {
-    name = "dnyarri-crypt-vault";
-    device = "/dev/disk/by-uuid/61e971d2-be93-4e60-8266-b2c6a71e2dc8";
   };
 
   cryptDevices = {
@@ -46,11 +37,7 @@ in {
 
     initrd = {
       availableKernelModules = [ "bcache" ];
-      luks.devices = lib.singleton vaultDevice
-                  ++ lib.concatLists (lib.attrValues cryptDevices);
-      postDeviceCommands = lib.mkAfter ''
-        cryptsetup close ${lib.escapeShellArg vaultPath}
-      '';
+      luks.devices = lib.concatLists (lib.attrValues cryptDevices);
     };
   };
 
-- 
cgit 1.4.1