From 0f11519d450ac27fb3e32cc720f45b4894994f7c Mon Sep 17 00:00:00 2001
From: Evgeny Egorochkin <phreedom.stdin@gmail.com>
Date: Sun, 13 Jan 2013 12:44:16 +0200
Subject: [PATCH] LuksRoot: add more modules to load by default and let users
 add more or override the list. Added every module mentioned by most popular
 guides, benchmarks and discussions to make things just work.

---
 modules/system/boot/luksroot.nix | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/modules/system/boot/luksroot.nix b/modules/system/boot/luksroot.nix
index 4620a34cbcb..a076a1be6dc 100644
--- a/modules/system/boot/luksroot.nix
+++ b/modules/system/boot/luksroot.nix
@@ -61,6 +61,14 @@ in
       '';
     };
 
+    boot.initrd.luks.cryptoModules = mkOption {
+      default = [ "aes_generic" "aes_x86_64" "blowfish" "twofish" "serpent" "cbc" "xts" "lrw" "sha256" "sha1" "sha2" ];
+      description = ''
+	A list of cryptographic kernel modules needed to decrypt the root device(s).
+	The default includes all common modules.
+      '';
+    };
+
     boot.initrd.luks.devices = mkOption {
       default = [ ];
       example = [ { name = "luksroot"; device = "/dev/sda3"; preLVM = true; } ];
@@ -140,8 +148,7 @@ in
       ["firewire_ohci" "firewire_core" "firewire_sbp2"];
 
     # Some modules that may be needed for mounting anything ciphered
-    boot.initrd.kernelModules = [ "aes_generic" "aes_x86_64" "dm_mod" "dm_crypt"
-      "sha256_generic" "cbc" "cryptd" ];
+    boot.initrd.kernelModules = [ "dm_mod" "dm_crypt" "cryptd" ] ++ luks.cryptoModules; 
 
     # copy the cryptsetup binary and it's dependencies
     boot.initrd.extraUtilsCommands = ''