 | NixOS systemd | 599 Members |
| NixOS ❤️ systemd | 165 Servers |
| NixOS systemd | 599 Members |
| NixOS ❤️ systemd | 165 Servers |
| Sender | Message | Time |
|---|---|---|
| 16 Oct 2024 | ||
 Arian | I think just udev doesnt | 07:46:43 |
| Arian | systemctl service-log-level | 07:46:57 |
 Moritz Sanft | Can someone give this one a review? https://github.com/NixOS/nixpkgs/pull/340763 | 10:04:24 |
 ElvishJerricco | In reply to @arianvp:matrix.orgkinda hard to use this fact when the service is a oneshot that happens during stage 1 :P | 13:30:50 |
| Arian | Oh yeh lmao | 14:08:24 |
| 17 Oct 2024 | ||
 Jared Baur | In reply to @msanft:matrix.orgKind of a tangent, do you know why using systemd-based initrd results in overlayfs mounts having /sysroot prefix littered in the mount options, as opposed to the scripted initrd where the /mnt-root prefix is noticably not present? I figured the behavior would be the same between the two and assumed the kernel would remove the prefix when the root mount point changes post initrd | 02:05:03 |
| ElvishJerricco | Jared Baur: because scripted stage 1 prepends the options in the script. I think if you check the actual mount table rather than /etc/fstab you'll see /mnt-root in there | 02:34:17 |
| ElvishJerricco | It's why I want there to be such a thing as a chroot mount unit. You can actually get kinda close with RootDirectory= in the mount unit but it blows up for various reasons | 02:35:09 |
| ElvishJerricco | (yea, just made sure in a nixos tests; /etc/mtab has overlay /nix/store overlay ...lowerdir=/mnt-root/nix/.ro-store,upperdir=/mnt-root/nix/.rw-store/upper,workdir=/mnt-root/nix/.rw-store/work... | 02:37:38 |
| ElvishJerricco | * (yea, just made sure in a nixos tests; /etc/mtab has overlay /nix/store overlay ...lowerdir=/mnt-root/nix/.ro-store,upperdir=/mnt-root/nix/.rw-store/upper,workdir=/mnt-root/nix/.rw-store/work...) | 02:37:42 |
| ElvishJerricco | though I'm actually completely unsure if a chroot mount would even work for overlays. Like, if you do a mount syscall in a chroot, does overlayfs take that into account for its dir options? No clue | 02:39:49 |
| ElvishJerricco | * though I'm actually completely unsure if a chroot process would even work for overlays. Like, if you do a mount syscall in a chroot, does overlayfs take that into account for its dir options? No clue | 02:40:03 |
| Jared Baur | Ah you're right, I could've sworn I remember the /mnt-root prefix not existing in /proc/mounts, but there it is | 02:41:08 |
 Mic92 changed their display name from Mic92 to Mic3000. | 06:51:17 | |
| Mic92 changed their display name from Mic3000 to Mic3000 🌋. | 06:51:46 | |
| Arian | It's almost working. Got remote attestation using the signed PCR policy in the UKI running | 08:23:34 |
| Arian | This is so sick!!! | 08:23:37 |
| Arian | NixOS image comes up. Does challenge to prove possession of Endorsement key and Attestation Key. I create the Attestation Key using the signed PCR Policy authorization. And then Certify its creation | 08:24:43 |
| ElvishJerricco | Arian: I am extremely interested | 08:27:21 |
| Arian | I get so productive when i need to procrastinate on something lmao | 08:30:11 |
| Arian | (in this case procayinsting on my nixcon talk) | 08:30:31 |
| Mic92 changed their display name from Mic3000 🌋 to Mic92. | 12:22:31 | |
| ElvishJerricco | Arian: What exactly are you setting up? I've got one or two things I'd like to do with proper attestation but I don't have a starting point at the moment. Would very much like to see anything that can be shared. | 23:41:39 |
| 18 Oct 2024 | ||
| ElvishJerricco | Ramses 🇵🇸 nikstur I should have gotten around to reviewing this PR but I've been relatively uninvolved in the etc overlay so I didn't get to it: https://github.com/NixOS/nixpkgs/pull/340722 This is starting to seem significantly more complicated than it needs to be. The main thing I'm wondering is why we can't be using the overlay fileSystems module for most of it. I think doing so would only require Moritz Sanft's PR (which I also need to review), right? I also don't see the point in the Also I see it's hard coding Finally, something I've only mentioned here a little bit so far, I wanted to move activation to after I think I'm going to look into some pretty major modifications here to simplify things | 01:26:19 |
 Ramses 🇵🇸 | @elvishjerricco:matrix.org: yeah sure. I'm not as familiar with the whole initrd setup, so I wanted to solve the issue of constantly rebuilding the initrd without changing too much else. | 06:34:47 |
 nikstur | In reply to @elvishjerricco:matrix.orgWe probably can with this change. However that would only reduce some of the complexity. | 07:53:12 |
| nikstur | This was related to using fileSystems for the etc mounts. | 07:53:45 |
| nikstur | The biggest simplification we can do is to finally get rid of scripted initrd. We can then also think more clearly about an activation system that makes more sense within the constraints of the systemd initrd | 07:54:41 |
 emily | hopefully we can drop scripted initrd in 25.11 | 07:55:31 |
| emily | a year from now 🫠 | 07:55:34 |