nixos/doc/manual/configuration/luks-file-systems.xml at 17.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / doc / manual / configuration / luks-file-systems.xml

at 17.09-beta 1.6 kB view raw

 1<section xmlns="http://docbook.org/ns/docbook"
 2         xmlns:xlink="http://www.w3.org/1999/xlink"
 3         xmlns:xi="http://www.w3.org/2001/XInclude"
 4         version="5.0"
 5         xml:id="sec-luks-file-systems">
 6
 7<title>LUKS-Encrypted File Systems</title>
 8
 9<para>NixOS supports file systems that are encrypted using
10<emphasis>LUKS</emphasis> (Linux Unified Key Setup).  For example,
11here is how you create an encrypted Ext4 file system on the device
12<filename>/dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d</filename>:
13
14<screen>
15# cryptsetup luksFormat /dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d
16
17WARNING!
18========
19This will overwrite data on /dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d irrevocably.
20
21Are you sure? (Type uppercase yes): YES
22Enter LUKS passphrase: ***
23Verify passphrase: ***
24
25# cryptsetup luksOpen /dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d crypted
26Enter passphrase for /dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d: ***
27
28# mkfs.ext4 /dev/mapper/crypted
29</screen>
30
31To ensure that this file system is automatically mounted at boot time
32as <filename>/</filename>, add the following to
33<filename>configuration.nix</filename>:
34
35<programlisting>
36boot.initrd.luks.devices.crypted.device = "/dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d";
37fileSystems."/".device = "/dev/mapper/crypted";
38</programlisting>
39
40Should grub be used as bootloader, and <filename>/boot</filename> is located
41on an encrypted partition, it is necessary to add the following grub option:
42<programlisting>boot.loader.grub.enableCryptodisk = true;</programlisting>
43
44</para>
45
46</section>