From dc89a7bbe37b3b14cdd8cf8d78fcb0c2c9395ead Mon Sep 17 00:00:00 2001
From: "RingOfStorms (Joshua Bell)" <ringofstorms@gmail.com>
Date: Sat, 13 Dec 2025 16:02:47 -0600
Subject: [PATCH] better unlock hopefully

---
 hosts/i001/hardware-mounts.nix | 35 ++++++++++++++++++++++++++++------
 1 file changed, 29 insertions(+), 6 deletions(-)

diff --git a/hosts/i001/hardware-mounts.nix b/hosts/i001/hardware-mounts.nix
index e8fddc67..5888133f 100644
--- a/hosts/i001/hardware-mounts.nix
+++ b/hosts/i001/hardware-mounts.nix
@@ -1,4 +1,4 @@
-{ ... }:
+{ pkgs, ... }:
 let
   BOOT = "/dev/disk/by-uuid/ABDB-2A38";
   PRIMARY = "/dev/disk/by-uuid/08610781-26d3-456f-9026-35dd4a40846f";
@@ -16,11 +16,6 @@ in
     ];
   };
 
-  # PRIMARY unencrypt
-  # TODO how to auto unencrypt with options...
-  # - USB key
-  # - TPM
-
   # PRIMARY
   fileSystems."/" = {
     device = PRIMARY;
@@ -70,6 +65,34 @@ in
     }
   ];
 
+  # PRIMARY unencrypt
+  # TODO how to auto unencrypt with options...
+  # - USB key
+  # - TPM
+  boot.initrd.availableKernelModules = [ "bcachefs" ];
+  boot.initrd.extraUtilsCommands = ''
+    copy_bin_and_libs ${pkgs.bcachefs-tools}/bin/bcachefs
+  '';
+
+  boot.initrd.preDeviceCommands = ''
+    ${pkgs.bcachefs-tools}/bin/bcachefs unlock /dev/disk/by-uuid/XXXX
+  '';
+
+  # # Run unlock before devices are scanned/mounted
+  # boot.initrd.preDeviceCommands = ''
+  #   echo "Unlocking bcachefs..."
+  #   # Example: ask for a passphrase
+  #   /bin/echo -n "Bcachefs passphrase: "
+  #   /bin/stty -echo
+  #   read PASSPHRASE
+  #   /bin/stty echo
+  #   echo
+  #
+  #   # Use the passphrase to unlock the device
+  #   # Replace /dev/disk/by-uuid/XXXX with your actual device
+  #   echo "$PASSPHRASE" | ${pkgs.bcachefs-tools}/bin/bcachefs unlock /dev/disk/by-uuid/XXXX
+  # '';
+
   # Reset root
   # TODO
   # boot.initrd.systemd.services.rollback-root = {