!JQvnJacrwKgtkGHYHO:matrix.org

NixOS + Framework

225 Members
Discussing NixOS in the context of the Framework laptop50 Servers

Load older messages

SenderMessageTime
10 May 2026
@rajil:rajils.comtrumeeyes, i have a single disk.16:12:07
@sudoforge:matrix.orgsudoforgeokay, yeah, i'm going to call it strange then16:12:22
@rajil:rajils.comtrumeeMy goal is to use Yubikey to decrypt the disk.16:12:24
@sudoforge:matrix.orgsudoforgeyou can just do that, directly, on the single luks container that is your entire disk (sans your ESP partition if using systemd-boot)16:12:50
@sudoforge:matrix.orgsudoforgei do this on my FW1316:13:07
@rajil:rajils.comtrumeei was using ZFS encryption instead of using Luks.16:13:19
@sudoforge:matrix.orgsudoforgeno, you're using luks for your keyfile and then using that for zfs16:13:53
@sudoforge:matrix.orgsudoforgebased on: https://discourse.nixos.org/t/yubikey-fido2-and-boot-initrd-systemd/60051/18?u=trumee16:14:10
@sudoforge:matrix.orgsudoforgeanyway, what i've described is far simpler16:15:09
@sudoforge:matrix.orgsudoforgeyou are welcome to continue doing what you're doing, of course16:15:21
@sudoforge:matrix.orgsudoforge 
➜ lsblk /dev/nvme0n1
NAME        MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINTS
nvme0n1     259:0    0  1.8T  0 disk  
├─nvme0n1p1 259:1    0  1.8T  0 part  
│ └─disk    254:0    0  1.8T  0 crypt /swap
│                                     /home
│                                     /persist
│                                     /nix/store
│                                     /nix
│                                     /var/log
│                                     /
└─nvme0n1p2 259:2    0  488M  0 part  /boot

this is what a single luks container containing various partitions (which in this case all happen to be btrfs, but could be a disparate ext4 on /swap, zfs pool on /, etc

16:16:31
@sudoforge:matrix.orgsudoforge * 
➜ lsblk /dev/nvme0n1
NAME        MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINTS
nvme0n1     259:0    0  1.8T  0 disk  
├─nvme0n1p1 259:1    0  1.8T  0 part  
│ └─disk    254:0    0  1.8T  0 crypt /swap
│                                     /home
│                                     /persist
│                                     /nix/store
│                                     /nix
│                                     /var/log
│                                     /
└─nvme0n1p2 259:2    0  488M  0 part  /boot

this is what a single luks container containing various partitions (which in this case all happen to be btrfs, but could be a disparate ext4 on /swap, zfs pool on /, etc)

16:16:34
@rajil:rajils.comtrumeethat is more accurate, my goal was to use native zfs encryption when i set the system up.16:16:52
@sudoforge:matrix.orgsudoforge * 
➜ lsblk /dev/nvme0n1
NAME        MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINTS
nvme0n1     259:0    0  1.8T  0 disk  
├─nvme0n1p1 259:1    0  1.8T  0 part  
│ └─disk    254:0    0  1.8T  0 crypt /swap
│                                     /home
│                                     /persist
│                                     /nix/store
│                                     /nix
│                                     /var/log
│                                     /
└─nvme0n1p2 259:2    0  488M  0 part  /boot

this is what a single luks container containing various partitions looks like (which in this case all happen to be btrfs, but could be a disparate ext4 on /swap, zfs pool on /, etc)

16:16:54
@sudoforge:matrix.orgsudoforge * 
➜ lsblk /dev/nvme0n1
NAME        MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINTS
nvme0n1     259:0    0  1.8T  0 disk  
├─nvme0n1p1 259:1    0  1.8T  0 part  
│ └─disk    254:0    0  1.8T  0 crypt /swap
│                                     /home
│                                     /persist
│                                     /nix/store
│                                     /nix
│                                     /var/log
│                                     /
└─nvme0n1p2 259:2    0  488M  0 part  /boot

this is what a single luks container containing various partitions looks like (which in this case all happen to be btrfs, but could be a disparate ext4 on /swap, zfs pool on /, etc). my single luks container is unlocked with my security key's PIN and presence.

16:17:33
@rajil:rajils.comtrumee

this is what i have currently,

root@lappy ~# lsblk /dev/nvme0n1
NAME                                                                  MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINTS
nvme0n1                                                               259:0    0  1.8T  0 disk  
├─nvme0n1p1                                                           259:1    0    1G  0 part  /boot
├─nvme0n1p2                                                           259:2    0   32M  0 part  
├─nvme0n1p3                                                           259:3    0   86G  0 part  
│ └─dev-disk-byx2did-nvmex2dSHPP41x2dpart 254:0    0   86G  0 crypt [SWAP]
└─nvme0n1p4                                                           259:4    0  1.7T  0 part
16:18:38
@sudoforge:matrix.orgsudoforgedo you see and understand the difference?16:20:41
@albertlarsan68:albertlarsan.frAlbert Larsan

I have something even more complex (ignore p3 and p4, an old dual boot)

❯ lsblk /dev/nvme0n1
NAME            MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
nvme0n1         259:0    0 931.5G  0 disk  
├─nvme0n1p1     259:1    0     2G  0 part  /boot
├─nvme0n1p2     259:2    0 729.5G  0 part  
│ └─enc         254:0    0 729.5G  0 crypt 
│   ├─pool-swap 254:1    0    64G  0 lvm   [SWAP]
│   └─pool-root 254:2    0 665.5G  0 lvm   /mnt
│                                          /home
│                                          ...
│                                          /
├─nvme0n1p3     259:3    0     4G  0 part  
└─nvme0n1p4     259:4    0   196G  0 part
16:24:37
@sudoforge:matrix.orgsudoforgewell ignoring partitions 3 and 4, we have basically the same core setup: a single luks container that contains our filesystems16:25:31
@sudoforge:matrix.orgsudoforge

this is really more telling, i guess:

➜ sudo parted /dev/nvme0n1 print
Model: DOES-NOT-MATTER (nvme)
Disk /dev/nvme0n1: 2000GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags: 

Number  Start   End     Size    File system  Name     Flags
 1      1049kB  2000GB  2000GB               primary
 2      2000GB  2000GB  512MB   fat32        ESP      boot, esp
16:26:23
@sudoforge:matrix.orgsudoforge(yes they're out of order, out of habit - i guess this dates me)16:26:42
@sudoforge:matrix.orgsudoforge Albert Larsan and i will have similar output here (except for partitions 3 and 4, which we were told to ignore): two partitions for our system 16:27:21
@sudoforge:matrix.orgsudoforgeone for our ESP, the other that is a single luks container16:27:48
@albertlarsan68:albertlarsan.frAlbert LarsanYep, except that I have LVM between luks and btrfs16:28:13
@sudoforge:matrix.orgsudoforge presumably for $REASONS :) 16:28:24
@albertlarsan68:albertlarsan.frAlbert Larsan(and a huge ESP)16:28:28
@rajil:rajils.comtrumeeadvantage of lvm is to modify the partition size in the future?16:29:00
@albertlarsan68:albertlarsan.frAlbert Larsan* (and a huge ESP for Lanzaboote and dual-boot)16:29:04
@rajil:rajils.comtrumee Albert Larsan: p4 is windows? 16:30:22
@albertlarsan68:albertlarsan.frAlbert LarsanI don’t really remember, might be qubes or kicksecure.16:31:23

Show newer messages

Back to Room ListRoom Version: 10