Talk: Yubikey based Full Disk Encryption (FDE) on NixOS

From NixOS Wiki
Jump to: navigation, search

I've also added a nix expression to set up a shell:

https://github.com/sgillespie/nixos-yubikey-luks

If it's useful I can add it here

Can I update/improve this page

Hi! I'm fairly new to nix/NixOS and tried this guide to rebuild my Yubikey based decryption which I previously used in Arch. While following the guide, I found some issues and also see some improvements:

  • while the SLOT is definded as env variable, the "2" is hardcoded in the yubikey commands
  • the /dev/partition paths didn't work on my VM using NixOS 23.05, I'd use the "old" paths /dev/mapper/<name> instead
  • I would add a section that tries to close and reopen the luks device with the new credentials to test if the setup was successful
  • I would add a section which adds a password as a Backup decryption method (addresses https://github.com/sgillespie/nixos-yubikey-luks/issues/7)

Can I simply edit the page with those changes or is there some PR/review process for the wiki pages?

Retrieved from "https://nixos.wiki/index.php?title=Talk:Yubikey_based_Full_Disk_Encryption_(FDE)_on_NixOS&oldid=10653"