moved key to initramfs

hosts/miniserver/hardware-configuration.nix

@@ -29,13 +29,14 @@
         enableCryptodisk = true;
       };
     };
-    initrd.luks.devices.nvme = {
-      device = "/dev/disk/by-uuid/30fd7d86-9bed-42a6-8a4e-a2ddb0031233";
-      keyFile = "/boot/keyfile";
-      preLVM = true;
-    };
     extraModulePackages = [ ];
     initrd = {
+      secrets."/keyfile" = /etc/keyfile;
+      luks.devices.nvme = {
+        device = "/dev/disk/by-uuid/30fd7d86-9bed-42a6-8a4e-a2ddb0031233";
+        keyFile = "keyfile";
+        preLVM = true;
+      };
       availableKernelModules = [
         "xhci_pci"
         "ahci"

hosts/server/hardware-configuration.nix

@@ -25,35 +25,38 @@
         enableCryptodisk = true;
       };
     };
-    initrd.luks.devices = {
-      nvme = {
-        device = "/dev/disk/by-uuid/af72f45c-cf7c-4e7d-8eab-2a95ab754921";
-        keyFile = "/boot/keyfile";
-        preLVM = true;
-      };
-      # WHEN MIGRATING THE DISKS
-      # remember to delete this keyfile
-      # and replace it with the one on miniserver
-      # or move the keyfile
-      disk1 = {
-        device = "/dev/disk/by-uuid/a9b0f346-7e38-40a6-baf6-3ad80cafc842";
-        keyFile = "/boot/keyfile";
-        preLVM = true;
-      };
-      disk2 = {
-        device = "/dev/disk/by-uuid/0ed12b83-4c56-4ba8-b4ea-75a9e927d771";
-        keyFile = "/boot/keyfile";
-        preLVM = true;
-      };
-      disk3 = {
-        device = "/dev/disk/by-uuid/8cd728f6-0d5b-4cea-8f7d-01aad11192c1";
-        keyFile = "/boot/keyfile";
-        preLVM = true;
-      };
-      disk4 = {
-        device = "/dev/disk/by-uuid/7fcac808-491f-4846-a4a9-a34cc77cb43d";
-        keyFile = "/boot/keyfile";
-        preLVM = true;
+    initrd = {
+      secrets."/keyfile" = /etc/keyfile;
+      luks.devices = {
+        nvme = {
+          device = "/dev/disk/by-uuid/af72f45c-cf7c-4e7d-8eab-2a95ab754921";
+          keyFile = "/keyfile";
+          preLVM = true;
+        };
+        # WHEN MIGRATING THE DISKS
+        # remember to delete this keyfile
+        # and replace it with the one on miniserver
+        # or move the keyfile
+        disk1 = {
+          device = "/dev/disk/by-uuid/a9b0f346-7e38-40a6-baf6-3ad80cafc842";
+          keyFile = "/keyfile";
+          preLVM = true;
+        };
+        disk2 = {
+          device = "/dev/disk/by-uuid/0ed12b83-4c56-4ba8-b4ea-75a9e927d771";
+          keyFile = "/keyfile";
+          preLVM = true;
+        };
+        disk3 = {
+          device = "/dev/disk/by-uuid/8cd728f6-0d5b-4cea-8f7d-01aad11192c1";
+          keyFile = "/keyfile";
+          preLVM = true;
+        };
+        disk4 = {
+          device = "/dev/disk/by-uuid/7fcac808-491f-4846-a4a9-a34cc77cb43d";
+          keyFile = "/keyfile";
+          preLVM = true;
+        };
       };
     };
     kernelModules = [ "kvm-intel" ];
@@ -112,6 +115,7 @@
     "/boot" = {
       device = "/dev/disk/by-uuid/c574cb53-dc40-46db-beff-0fe8a4787156";
       fsType = "ext4";
+      options = [ "nofail" ];
     };
     "/boot/efi" = {
       device = "/dev/disk/by-uuid/CBE7-5DEB";

hosts/workstation/hardware-configuration.nix

@@ -43,13 +43,16 @@
         '';
       };
     };
-    initrd.luks.devices.nvme = {
-      device = "/dev/disk/by-uuid/e9618e85-a631-4374-b2a4-22c376d6e41b";
-      keyFile = "/boot/keyfile";
-      preLVM = true;
+    initrd = {
+      secrets."/keyfile" = /etc/keyfile;
+      availableKernelModules =
+        [ "xhci_pci" "ahci" "usbhid" "nvme" "usb_storage" "sd_mod" ];
+      luks.devices.nvme = {
+        device = "/dev/disk/by-uuid/e9618e85-a631-4374-b2a4-22c376d6e41b";
+        keyFile = "/keyfile";
+        preLVM = true;
+      };
     };
-    initrd.availableKernelModules =
-      [ "xhci_pci" "ahci" "usbhid" "nvme" "usb_storage" "sd_mod" ];
   };
   fileSystems = let
     nfsMount = server: nfsDisk: {