So I’ve set up my laptop with full disk encryption (including /boot) and up to this point everything works flawlessly. However, when I suspend it, it does just that: suspend and nothing more. I often carry my laptop in suspended state, and would like to have the disk locked when doing so.
Searching the internet has revealed some sources that more or less successfully got this working with Archlinux and/or some other distros (Archlinux (copies binaries to unencrypted /boot), BSD, Linux (explanation on how to do this), Archlinux). Now, before I try porting these solutions to Nixos, I would like to verify, if there is already something existing out there or if I am on my own. So:
Is there already code to luksSuspend my disks on suspend?
Could someone at least answer a “no” if there is no such thing, please?
It is extremely difficult to give a definite “no” answer to that question. I guess that no answer here means that no-one that read your query has any idea if it exists or not. No more no less.
Looking at the history of luks-related files in nixos may help identifying knowledgeable users, but looking here[1] it seems quite heterogeneous.
Asking on IRC may get you on track. You could obtain less definite answers, and find people remotely interested in luks but willing to help.
You probably could construct a chroot environment containing cryptsetup and systemctl with something like nix --store /run/suspend-chroot build nixpkgs.cryptsetup nixpkgs.systemd and then use a script that will chroot into that environment, bind-mounting /run, suspending LUKS devices and then suspending the computer.