| 28 Dec 2024 |
|  lassulus joined the room. | 16:10:48 |
| lassulus | ElvishJerricco: we have a problem with fido2 in systemd-initrd: https://github.com/NixOS/nixpkgs/issues/368856 we wanted to recycle boot.initrd.luks.fido2Support to include the fido_id bin and the fido-id udev rule. Or do you have a better idea how to do that? :) | 16:33:20 |
 ElvishJerricco | on the face of it, that sounds like a good solution. But I'd have to check what that udev rule does | 16:34:56 |
| lassulus | ACTION=="remove", GOTO="fido_id_end"
SUBSYSTEM=="hidraw", IMPORT{program}="fido_id"
# Tag any form of security token as such
ENV{ID_SECURITY_TOKEN}=="1", TAG+="security-device"
SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ENV{ID_USB_INTERFACES}=="*:0b????:*", ENV{ID_SMARTCARD_READER}="1"
# Tag any CCID device (i.e. Smartcard Reader) as security token
ENV{ID_SMARTCARD_READER}=="1", TAG+="security-device"
LABEL="fido_id_end"
| 16:36:18 |
| lassulus | idea for the solution came from here: https://github.com/systemd/systemd/issues/22617#issuecomment-1059048078 | 16:37:03 |
| ElvishJerricco | ok so now the question is, why does that cause it to successfully wait? Does it introduce some kind of systemd ordering somehow? | 16:38:00 |
| ElvishJerricco | (I'm sure this is the right solution; I'm just wanting to understand it) | 16:38:26 |
| ElvishJerricco | Hm. I don't see anything in the generated unit. I wonder if the systemd-cryptsetup binary polls udev or something to search for a fido device? | 16:42:29 |
| ElvishJerricco | https://github.com/systemd/systemd/blob/80797bbb919b3ccde4e51b349f3ca70c1157053e/src/cryptsetup/cryptsetup.c#L1542-L1544 | 16:56:41 |
| ElvishJerricco | ah | 16:56:42 |
| ElvishJerricco | here it is | 16:56:43 |
|  @ronnypfannschmidt:matrix.org left the room. | 17:57:45 |
| ElvishJerricco | nikstur: Any chance you could help me with understanding some of the internals of the composefs stuff that the etc overlay uses? | 21:25:36 |
| ElvishJerricco | I was expecting to be able to getfattr -d - m '-' the files in the the erofs metadata image to see some overlayfs-related xattrs | 21:26:06 |
| ElvishJerricco | but I don't see any | 21:26:09 |
| ElvishJerricco | * I was expecting to be able to getfattr -d -m '-' the files in the the erofs metadata image to see some overlayfs-related xattrs | 21:26:35 |
| ElvishJerricco | Namely, I was expecting to see some trusted.overlay.metacopy and/or trusted.overlay.redirect xattrs | 21:27:50 |
| ElvishJerricco | huh, yea I can definitely see some of that in the strings output on the erofs | 21:54:12 |
| ElvishJerricco | so why can't I mount the erofs and getfattr to see them? | 21:54:34 |
| 29 Dec 2024 |
|  elikoga changed their display name from elikoga (@38c3 📞488{0,1}) to elikoga (@38c3 📞488{0,1,9}). | 11:02:55 |
|  dustee joined the room. | 16:00:16 |
| dustee | hi im getting an eror while configuring a fileSystems.fsType = "sshfs". when i rebuild a second time i get a systemd error that doesnt go away until i reboot, commenting out the sshfs nix config doesnt help
restarting sysinit-reactivation.target
Error: Failed to open unit file /nix/store/0brwavnsjwyi9pgx7zl82cr0gqndl2a1-nixos-system-nixos-blazp-cloud-serv-01-25.05.20241219.d70bd19/etc/systemd/system/mnt-remote-10.100.200.50-sshfs-4tb\x2dsata-torrents.mount
Caused by:
No such file or directory (os error 2)
{
config,
domain,
...
}: let
remote = "torrents@10.100.200.50:/";
local = "/mnt/remote/10.100.200.50/sshfs/4tb-sata/torrents";
in {
systemd.tmpfiles.rules = ["d '${local}' 0755 root root - -"];
fileSystems = {
"${local}" = {
device = "${remote}";
fsType = "sshfs";
options = [
# SSH options
"Port=2022" # specific port to connect to
"IdentityFile=/etc/ssh/ssh_host_ed25519_key" # private key auth
"ServerAliveInterval=15" # keep connections alive
"StrictHostKeyChecking=no" # accept host keys non-interactively, without setting up ssh host config
"UserKnownHostsFile=/dev/null" # prevent storing host keys in the known_hosts file
"reconnect" # handle connection drops
# Filesystem options
"allow_other" # for non-root access
"_netdev" # this is a network fs
"x-systemd.automount" # mount on demand
# Filesystem options - additional/optional
"noatime" # dont update access times for files, improves performance
"nodev" # prevent users from accessing raw block device files through the mounted filesystem
];
};
};
}
| 16:01:10 |
| dustee | * hi im getting an error while configuring a fileSystems.fsType = "sshfs". when i rebuild a second time i get a systemd error that doesnt go away until i reboot, commenting out the sshfs nix config doesnt help
restarting sysinit-reactivation.target
Error: Failed to open unit file /nix/store/0brwavnsjwyi9pgx7zl82cr0gqndl2a1-nixos-system-nixos-blazp-cloud-serv-01-25.05.20241219.d70bd19/etc/systemd/system/mnt-remote-10.100.200.50-sshfs-4tb\x2dsata-torrents.mount
Caused by:
No such file or directory (os error 2)
{
config,
domain,
...
}: let
remote = "torrents@10.100.200.50:/";
local = "/mnt/remote/10.100.200.50/sshfs/4tb-sata/torrents";
in {
systemd.tmpfiles.rules = ["d '${local}' 0755 root root - -"];
fileSystems = {
"${local}" = {
device = "${remote}";
fsType = "sshfs";
options = [
# SSH options
"Port=2022" # specific port to connect to
"IdentityFile=/etc/ssh/ssh_host_ed25519_key" # private key auth
"ServerAliveInterval=15" # keep connections alive
"StrictHostKeyChecking=no" # accept host keys non-interactively, without setting up ssh host config
"UserKnownHostsFile=/dev/null" # prevent storing host keys in the known_hosts file
"reconnect" # handle connection drops
# Filesystem options
"allow_other" # for non-root access
"_netdev" # this is a network fs
"x-systemd.automount" # mount on demand
# Filesystem options - additional/optional
"noatime" # dont update access times for files, improves performance
"nodev" # prevent users from accessing raw block device files through the mounted filesystem
];
};
};
}
| 16:01:29 |
| dustee | * hi im getting an error while configuring a fileSystems.fsType = "sshfs". when i rebuild a second time i get a systemd error that doesnt go away until i reboot, commenting out the sshfs nix config doesnt help
restarting sysinit-reactivation.target
Error: Failed to open unit file /nix/store/0brwavnsjwyi9pgx7zl82cr0gqndl2a1-nixos-system-nixos-blazp-cloud-serv-01-25.05.20241219.d70bd19/etc/systemd/system/mnt-remote-10.100.200.50-sshfs-4tb\x2dsata-torrents.mount
Caused by:
No such file or directory (os error 2)
{
config,
domain,
...
}: let
remote = "torrents@10.100.200.50:/";
local = "/mnt/remote/10.100.200.50/sshfs/4tb-sata/torrents";
in {
systemd.tmpfiles.rules = ["d '${local}' 0755 root root - -"];
fileSystems = {
"${local}" = {
device = "${remote}";
fsType = "sshfs";
options = [
# this is what im trying to do but the error appeared even with the most basic options
# SSH options
"Port=2022" # specific port to connect to
"IdentityFile=/etc/ssh/ssh_host_ed25519_key" # private key auth
"ServerAliveInterval=15" # keep connections alive
"StrictHostKeyChecking=no" # accept host keys non-interactively, without setting up ssh host config
"UserKnownHostsFile=/dev/null" # prevent storing host keys in the known_hosts file
"reconnect" # handle connection drops
# Filesystem options
"allow_other" # for non-root access
"_netdev" # this is a network fs
"x-systemd.automount" # mount on demand
# Filesystem options - additional/optional
"noatime" # dont update access times for files, improves performance
"nodev" # prevent users from accessing raw block device files through the mounted filesystem
];
};
};
}
| 16:02:12 |
| dustee | * hi im getting an error while configuring a fileSystems.fsType = "sshfs". when i rebuild a second time i get a systemd error that doesnt go away until i reboot, commenting out the sshfs nix config doesnt help
restarting sysinit-reactivation.target
Error: Failed to open unit file /nix/store/0brwavnsjwyi9pgx7zl82cr0gqndl2a1-nixos-system-nixos-blazp-cloud-serv-01-25.05.20241219.d70bd19/etc/systemd/system/mnt-remote-10.100.200.50-sshfs-4tb\x2dsata-torrents.mount
Caused by:
No such file or directory (os error 2)
{
config,
domain,
...
}: let
remote = "torrents@10.100.200.50:/"; # stfpgo user
local = "/mnt/remote/10.100.200.50/sshfs/4tb-sata/torrents";
in {
systemd.tmpfiles.rules = ["d '${local}' 0755 root root - -"];
fileSystems = {
"${local}" = {
device = "${remote}";
fsType = "sshfs";
options = [
# this is what im trying to do but the error appeared even with the most basic options
# SSH options
"Port=2022" # specific port to connect to
"IdentityFile=/etc/ssh/ssh_host_ed25519_key" # private key auth
"ServerAliveInterval=15" # keep connections alive
"StrictHostKeyChecking=no" # accept host keys non-interactively, without setting up ssh host config
"UserKnownHostsFile=/dev/null" # prevent storing host keys in the known_hosts file
"reconnect" # handle connection drops
# Filesystem options
"allow_other" # for non-root access
"_netdev" # this is a network fs
"x-systemd.automount" # mount on demand
# Filesystem options - additional/optional
"noatime" # dont update access times for files, improves performance
"nodev" # prevent users from accessing raw block device files through the mounted filesystem
];
};
};
}
| 16:03:10 |
| dustee | * hi im getting an error while configuring a fileSystems.fsType = "sshfs". when i rebuild the nix host a second time i get a systemd error that doesnt go away until i reboot, commenting out the sshfs nix config doesnt help
restarting sysinit-reactivation.target
Error: Failed to open unit file /nix/store/0brwavnsjwyi9pgx7zl82cr0gqndl2a1-nixos-system-nixos-blazp-cloud-serv-01-25.05.20241219.d70bd19/etc/systemd/system/mnt-remote-10.100.200.50-sshfs-4tb\x2dsata-torrents.mount
Caused by:
No such file or directory (os error 2)
{
config,
domain,
...
}: let
remote = "torrents@10.100.200.50:/"; # sftpgo user
local = "/mnt/remote/10.100.200.50/sshfs/4tb-sata/torrents";
in {
systemd.tmpfiles.rules = ["d '${local}' 0755 root root - -"];
fileSystems = {
"${local}" = {
device = "${remote}";
fsType = "sshfs";
options = [
# this is what im trying to do but the error appeared even with the most basic options
# SSH options
"Port=2022" # specific port to connect to
"IdentityFile=/etc/ssh/ssh_host_ed25519_key" # private key auth
"ServerAliveInterval=15" # keep connections alive
"StrictHostKeyChecking=no" # accept host keys non-interactively, without setting up ssh host config
"UserKnownHostsFile=/dev/null" # prevent storing host keys in the known_hosts file
"reconnect" # handle connection drops
# Filesystem options
"allow_other" # for non-root access
"_netdev" # this is a network fs
"x-systemd.automount" # mount on demand
# Filesystem options - additional/optional
"noatime" # dont update access times for files, improves performance
"nodev" # prevent users from accessing raw block device files through the mounted filesystem
];
};
};
}
| 16:10:27 |
| ElvishJerricco | that's interesting | 16:33:37 |
| ElvishJerricco | dustee: That definitely looks like a stc bug of some kind | 16:33:56 |
| ElvishJerricco | * dustee: That definitely looks like a switch-to-configuration bug of some kind | 16:34:10 |
| ElvishJerricco | /cc Jared Baur | 16:34:29 |
