use USB flash as decryption key

2025-01-19 23:15:32 +08:00 · 2025-01-19 23:15:32 +08:00 · fabe4337b5
commit fabe4337b5
parent f653aec03c
2 changed files with 5 additions and 2 deletions
--- a/nixos/configurations/Akun/disk-config.nix
+++ b/nixos/configurations/Akun/disk-config.nix
@ -30,7 +30,9 @@
                settings = {
                  allowDiscards = true;
                  fallbackToPassword = true;
-
+                  keyFile = "/dev/disk/by-label/LUKS_DECR";
+                  keyFileSize = 512 * 64;
+                  keyFileOffset = 512 * 128;
                };
                initrdUnlock = true;
                extraFormatArgs = [
@ -39,6 +41,7 @@
                  "--hash sha512"
                  "--iter-time 5000"
                  "--pbkdf argon2id"
+                  "--key-size 256"
                  "--use-random"
                ];
                extraOpenArgs = [
--- a/nixos/configurations/Akun/hardware-configuration.nix
+++ b/nixos/configurations/Akun/hardware-configuration.nix
@ -8,7 +8,7 @@
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];

-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" ];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];