virtualisation.fileSystems.<name>.encrypted.keyFile
Path to a keyfile used to unlock the backing encrypted
device. When systemd stage 1 is not enabled, at the time
this keyfile is accessed, the neededForBoot filesystems
(see utils.fsNeededForBoot) will have been mounted under
/mnt-root, so the keyfile path should usually start with
"/mnt-root/". When systemd stage 1 is enabled,
fsNeededForBoot file systems will be mounted as needed
under /sysroot, and the keyfile will not be accessed until
its requisite mounts are done.
- Type
null or string- Default
null- Example
"/mnt-root/root/.swapkey"- Declared
- <nixpkgs/nixos/modules/tasks/encrypted-devices.nix>