about summary refs log tree commit diff
path: root/etc/conf.d/dmcrypt
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--etc/conf.d/dmcrypt112
1 files changed, 112 insertions, 0 deletions
diff --git a/etc/conf.d/dmcrypt b/etc/conf.d/dmcrypt
new file mode 100644
index 0000000..96c523e
--- /dev/null
+++ b/etc/conf.d/dmcrypt
@@ -0,0 +1,112 @@
+# /etc/conf.d/dmcrypt
+
+# For people who run dmcrypt on top of some other layer (like raid),
+# use rc_need to specify that requirement.  See the runscript(8) man
+# page for more information.
+
+#--------------------
+# Instructions
+#--------------------
+
+# Note regarding the syntax of this file.  This file is *almost* bash,
+# but each line is evaluated separately.  Separate swaps/targets can be
+# specified.  The init-script which reads this file assumes that a
+# swap= or target= line starts a new section, similar to lilo or grub
+# configuration.
+
+# Note when using gpg keys and /usr on a separate partition, you will
+# have to copy /usr/bin/gpg to /bin/gpg so that it will work properly
+# and ensure that gpg has been compiled statically.
+# See http://bugs.gentoo.org/90482 for more information.
+
+# Note that the init-script which reads this file detects whether your
+# partition is LUKS or not. No mkfs is run unless you specify a makefs
+# option.
+
+# Global options:
+#----------------
+
+# How long to wait for each timeout (in seconds).
+dmcrypt_key_timeout=1
+
+# Max number of checks to perform (see dmcrypt_key_timeout).
+#dmcrypt_max_timeout=300
+
+# Number of password retries.
+dmcrypt_retries=5
+
+# Arguments:
+#-----------
+# target=<name>                      == Mapping name for partition.
+# swap=<name>                        == Mapping name for swap partition.
+# source='<dev>'                     == Real device for partition.
+#                                    Note: You can (and should) specify a tag like UUID
+#                                    for blkid (see -t option).  This is safer than using
+#                                    the full path to the device.
+# key='</path/to/keyfile>[:<mode>]'  == Fullpath from / or from inside removable media.
+# remdev='<dev>'                     == Device that will be assigned to removable media.
+# gpg_options='<opts>'               == Default are --quiet --decrypt
+# options='<opts>'                   == cryptsetup, for LUKS you can only use --readonly
+# loop_file='<file>'                 == Loopback file.
+#                                    Note: If you omit $source, then a free loopback will
+#                                    be looked up automatically.
+# pre_mount='cmds'                   == commands to execute before mounting partition.
+# post_mount='cmds'                  == commands to execute after mounting partition.
+# wait=5                             == wait given amount of seconds for source to appear
+#-----------
+# Supported Modes
+# gpg					== decrypt and pipe key into cryptsetup.
+#						Note: new-line character must not be part of key.
+#						Command to erase \n char: 'cat key | tr -d '\n' > cleanKey'
+
+#--------------------
+# dm-crypt examples
+#--------------------
+
+## swap
+# Swap partitions. These should come first so that no keys make their
+# way into unencrypted swap.
+# If no options are given, they will default to: -c aes -h sha1 -d /dev/urandom
+# If no makefs is given then mkswap will be assumed
+#swap=crypt-swap
+#source='/dev/hda2'
+
+## /home with passphrase
+#target=crypt-home
+#source='/dev/hda5'
+
+## /home with regular keyfile
+#target=crypt-home
+#source='/dev/hda5'
+#key='/full/path/to/homekey'
+
+## /home with gpg protected key
+#target=crypt-home
+#source='/dev/hda5'
+#key='/full/path/to/homekey:gpg'
+
+## /home with regular keyfile on removable media(such as usb-stick)
+#target=crypt-home
+#source='/dev/hda5'
+#key='/full/path/to/homekey'
+#remdev='/dev/sda1'
+
+## /home with gpg protected key on removable media(such as usb-stick)
+#target=crypt-home
+#source='/dev/hda5'
+#key='/full/path/to/homekey:gpg'
+#remdev='/dev/sda1'
+
+## /tmp with regular keyfile
+#target=crypt-tmp
+#source='/dev/hda6'
+#key='/full/path/to/tmpkey'
+#pre_mount='/sbin/mkreiserfs -f -f ${dev}'
+#post_mount='chown root:root ${mount_point}; chmod 1777 ${mount_point}'
+
+## Loopback file example
+#target='crypt-loop-home'
+#source='/dev/loop0'
+#loop_file='/mnt/crypt/home'
+
+# The file must be terminated by a newline.  Or leave this comment last.

Consider giving Nix/NixOS a try! <3