oleg
/
rion-overlay
mirror of https://github.com/rion-overlay/rion-overlay.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120
							# /etc/conf.d/dmcrypt

# For people who run dmcrypt on top of some other layer (like raid),
# use rc_need to specify that requirement.  See the runscript(8) man
# page for more information.

#--------------------
# Instructions
#--------------------

# Note regarding the syntax of this file.  This file is *almost* bash,
# but each line is evaluated separately.  Separate swaps/targets can be
# specified.  The init-script which reads this file assumes that a
# swap= or target= line starts a new section, similar to lilo or grub
# configuration.

# Note when using gpg keys and /usr on a separate partition, you will
# have to copy /usr/bin/gpg to /bin/gpg so that it will work properly
# and ensure that gpg has been compiled statically.
# See http://bugs.gentoo.org/90482 for more information.

# Note that the init-script which reads this file detects whether your
# partition is LUKS or not. No mkfs is run unless you specify a makefs
# option.

# Global options:
#----------------

# How long to wait for each timeout (in seconds).
dmcrypt_key_timeout=1

# Max number of checks to perform (see dmcrypt_key_timeout).
#dmcrypt_max_timeout=300

# Number of password retries.
dmcrypt_retries=5

# Arguments:
#-----------
# target=<name>                      == Mapping name for partition.
# swap=<name>                        == Mapping name for swap partition.
# source='<dev>'                     == Real device for partition.
#                                    Note: You can (and should) specify a tag like UUID
#                                    for blkid (see -t option).  This is safer than using
#                                    the full path to the device.
# key='</path/to/keyfile>[:<mode>]'  == Fullpath from / or from inside removable media.
# header='</path/to/header>'         == Full path to detached LUKS header file.
# remdev='<dev>'                     == Device that will be assigned to removable media.
# gpg_options='<opts>'               == Default are --quiet --decrypt
# options='<opts>'                   == cryptsetup, for LUKS you can only use --readonly
# loop_file='<file>'                 == Loopback file.
#                                    Note: If you omit $source, then a free loopback will
#                                    be looked up automatically.
# pre_mount='cmds'                   == commands to execute before mounting partition.
# post_mount='cmds'                  == commands to execute after mounting partition.
# wait=5                             == wait given amount of seconds for source or
#                                       detached header file appear.
#-----------
# Supported Modes
# gpg					== decrypt and pipe key into cryptsetup.
#						Note: new-line character must not be part of key.
#						Command to erase \n char: 'cat key | tr -d '\n' > cleanKey'

#--------------------
# dm-crypt examples
#--------------------

## swap
# Swap partitions. These should come first so that no keys make their
# way into unencrypted swap.
# If no options are given, they will default to: -c aes -h sha1 -d /dev/urandom
# If no makefs is given then mkswap will be assumed
#swap=crypt-swap
#source='/dev/hda2'

## /home with passphrase
#target=crypt-home
#source='/dev/hda5'

## /home with regular keyfile
#target=crypt-home
#source='/dev/hda5'
#key='/full/path/to/homekey'

## /home with regular keyfile and detached header
#target=crypt-home
#source='/dev/hda5'
#key='/full/path/to/homekey'
#header='/full/path/to/header/file'

## /home with gpg protected key
#target=crypt-home
#source='/dev/hda5'
#key='/full/path/to/homekey:gpg'

## /home with regular keyfile on removable media(such as usb-stick)
#target=crypt-home
#source='/dev/hda5'
#key='/full/path/to/homekey'
#remdev='/dev/sda1'

## /home with gpg protected key on removable media(such as usb-stick)
#target=crypt-home
#source='/dev/hda5'
#key='/full/path/to/homekey:gpg'
#remdev='/dev/sda1'

## /tmp with regular keyfile
#target=crypt-tmp
#source='/dev/hda6'
#key='/full/path/to/tmpkey'
#pre_mount='/sbin/mkreiserfs -f -f ${dev}'
#post_mount='chown root:root ${mount_point}; chmod 1777 ${mount_point}'

## Loopback file example
#target='crypt-loop-home'
#source='/dev/loop0'
#loop_file='/mnt/crypt/home'

# The file must be terminated by a newline.  Or leave this comment last.