^ full nix config
So I want it so i enter a password to decrypt secrets on boots, I dont want LUKS or another method because its both a usb boot (and that can be messy), plus the secret thing is optional, here is what I am talking about:
boot.initrd.postMountCommands = ''
echo -n "Enter decryption key: "
read -s DECRYPTION_KEY
echo ""
${pkgs.gnupg}/bin/gpg --batch --yes --passphrase "$DECRYPTION_KEY" --output /run/keys.txt --decrypt /keys.txt.gpg
${pkgs.gnupg}/bin/gpg --batch --yes --passphrase "$DECRYPTION_KEY" --output /run/ssh_host_ed25519_key --decrypt /ssh_host_ed25519_key.enc
'';
I am pretty sure I entered the correct password otherwise it would have told me bad session key, which i tested, I dont think its doing this at the correct order or something is skewed, this is so I am not hardcoding secrets with additonal benifits and it worked flawlessly until recently