4 Oct 2024 |
ElvishJerricco | thanks for the fstab | 01:00:59 |
ElvishJerricco | but suffice to say, you cannot use it right now :P | 01:01:12 |
mjm | np, let me know anything else i can provide that's useful | 01:01:13 |
ElvishJerricco | no this is plenty | 01:01:25 |
mjm | cool, i can test again whenever you have something | 01:02:16 |
ElvishJerricco | mjm: one issue I do understand: I had it work on auto mounts because I figured the condition I added to skip the unit if the device isn't a bcachefs device would be enough. But it's flipping out on your bind mounts because of that :P | 01:02:50 |
ElvishJerricco | so I'll make it only work on explicit bcachefs type | 01:03:03 |
ElvishJerricco | actually that might be the only issue | 01:03:12 |
ElvishJerricco | that might explain why it's creating non-sysroot mount units for those things too | 01:03:24 |
ElvishJerricco | I'll have to test to see and then think on why | 01:03:39 |
mjm | interesting | 01:03:55 |
ElvishJerricco | nope, that doesn't explain it. It's also trying to create the deps for your persist mount without the sysroot prefix, in addition to the sysroot one | 01:05:40 |
ElvishJerricco | oh | 01:08:30 |
ElvishJerricco | no | 01:08:31 |
ElvishJerricco | I'm just silly | 01:08:33 |
ElvishJerricco | and did my test badly | 01:08:40 |
mjm | so it might still just be that? | 01:11:16 |
ElvishJerricco | mjm: definitely was. Pushed a fix to the nixpkgs branch. Give it a try | 01:14:07 |
mjm | okay yeah that fixed that issue, thanks! once i finish making dinner i need to try the credential thing | 01:36:03 |
ElvishJerricco | nice | 01:36:11 |
ElvishJerricco | mjm: I'm actually really curious if that will work for you. I actually have no idea how / if it's going to delay to find the TPM to decrypt the credential | 01:36:42 |
ElvishJerricco | hm it might actually just... not | 01:38:07 |
ElvishJerricco | but I think it would fallback to password in that case | 01:38:18 |
ElvishJerricco | (but also it would be a race condition) | 01:38:26 |
mjm | we shall see | 01:38:29 |
mjm | no luck so far, it's falling back to prompting. i might be able to introduce dependencies to get it to wait for the tpm? | 02:21:57 |
ElvishJerricco | In reply to @mjm:midna.dev no luck so far, it's falling back to prompting. i might be able to introduce dependencies to get it to wait for the tpm? Yea, you should be able to do
boot.initrd.systemd.services."bcachefs-unlock@" = {
overrideStrategy = "asDropin";
after = ["tpm2.target"];
};
| 02:27:30 |
mjm | alright let me give that a shot | 02:27:44 |
mjm | i wonder why clevis doesn't need that? | 02:27:49 |
ElvishJerricco | mjm: also how do you have the secret placed in the initrd? | 02:28:07 |