I’m struggling to add a secondary encrypted drive to my nixos setup.
Steps I took:
Made a partition on my drive and enabled encryptino:
$ cryptsetup luksFormat /dev/disk/by-uuid/e7d67827-f3e8-4035-bc2f-408ede82b65a
Opened the disk and formatted it
$ cryptsetup luksOpen /dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d crypted
$ mkfs.ext4 /dev/mapper/crypted
$ lsblk -f
NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTS
...
sdb
└─sdb1 crypto_LUKS 2 e7d67827-f3e8-4035-bc2f-408ede82b65a
└─crypted ext4 1.0 ded7fc5b-0ebc-4226-ae45-cdb46185b16a
Added the following to my configuration.nix
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader.grub = {
enable = true;
enableCryptodisk = true;
efiSupport = true;
device = "nodev";
};
fileSystems."/media/crypted" = {
device = "/dev/disk/by-uuid/ded7fc5b-0ebc-4226-ae45-cdb46185b16a";
fsType = "ext4";
};
boot.initrd.luks.devices."crypted" = {
device = "/dev/disk/by-uuid/e7d67827-f3e8-4035-bc2f-408ede82b65a";
preLVM = true;
};
But when I reboot, It goes straight to login without asking for a password to unlock the drive. Also doesn’t mount it
$ lsblk -f
NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTS
...
sdb
└─sdb1 crypto_LUKS 2 e7d67827-f3e8-4035-bc2f-408ede82b65a
I’m thinking maybe its because I don’t encrypt my boot drive? Or possibly because I use rEFInd to boot to an nvme drive on an older computer. Any help appreciated