Closed SuperSandro2000 closed 9 months ago
I've just noticed that people might have been using the following
boot.initrd.network.postCommands = ''
cat <<EOF > /root/.profile
cryptsetup-askpass
EOF
'';
which can be replaced with
boot.initrd.systemd.contents."/root/.profile".text = ''
cryptsetup-askpass
'';
but I still need to verify that
Looking for opinion from @flokli
I'd probably follow nixpkgs defaults, it's fairly recently gotten out of "experimental" and there might still be some rough edges.
Will test and see on my hetzner machine. Not sure if nixpkgs's default are always the best to rely on looking at what we do with networking configuration for example.
boot.initrd.systemd.contents."/root/.profile".text = '' cryptsetup-askpass '';
It turns out that the script no longer exists in the systemd based luks initrd but I could replace it with the following
boot.initrd.systemd = {
contents."/root/.profile".text = ''
for device in "$(cat /etc/crypttab)"; do
systemd-cryptsetup attach $device
done
'';
# fails fast and requires manual input even after unlocking disk via ssh
services."systemd-ask-password-console".enable = false;
};
and that requires the following PR https://github.com/NixOS/nixpkgs/pull/274398 otherwise the .profile is not read.
Disabling systemd-ask-password-console in initrd is generating an error but things continue to boot anyway.
Closing this as systemd-in-stage1 is enabled even with networkd since #312 and this seems to be about nixpkgs, not srvos? Otherwise we can still re-open :)
Disabling systemd-ask-password-console in initrd is generating an error
That error would IMO be more interesting than trying to re-implement the logic manually. Might point at a problem in nixpkgs implementation.
fwiw systemd-ask-password as well as systemctl default
work well for me via SSH when using systemd-in-stage1 and zfs encryption.
That error would IMO be more interesting than trying to re-implement the logic manually. Might point at a problem in nixpkgs implementation.
I've just updated my kernel to 6.6.7 and enabled the unit again and couldn't produce the bug anymore. Maybe it is some race condition.
System package diff:
cpupower: 6.6.6 → 6.6.7
initrd-linux: 6.6.6 → 6.6.7, -11.9 KiB
linux: 6.6.6, 6.6.6-modules → 6.6.7, 6.6.7-modules, +12.0 KiB
unit-systemd-network-generator.service: ε → ∅
unit-systemd-networkd-wait-online.service: ε → ∅
unit-systemd-tmpfiles-setup-dev.service: ε → ∅
zfs-kernel: 2.2.2-6.6.6 → 2.2.2-6.6.7
Stage 1 networking and systemd should work since https://github.com/NixOS/nixpkgs/pull/169116