I encrypted my boot and root partitions, right now I need to enter password for boot partition twice and one for root partition or I need to use the the same password for both partition, but still I need to enter it twice (once for grub, and once for kernel).
I know that it’s possible to use a key file which would eliminate entering second password. I see that there is an option
boot.initrd.luks.devices.<name?>.keyFile but where should I put this file? This file isn’t visible on any path since the partition itself isn’t decrypted at this point…
I’ve read on Arch wiki that I should create key file named
crypto_keyfile.bin and add it to initramfs. How to do it in Nixos?