| 19 Mar 2022 |
 @elvishjerricco:matrix.org | But, I'm forcing it to include all of ${glibc}/lib because there's some dynamically loaded library that is required to start the recovery shell (not to boot though), and I'm not using systemdMinimal because that wouldn't include cryptsetup. | 14:25:59 |
| @elvishjerricco:matrix.org | If I don't do the glibc thing and I use systemdMinimal, then it's just 13M, which is actually really good | 14:26:26 |
| @elvishjerricco:matrix.org | Using systemdMinimal.override { withCryptsetup = true; } brings it to 15M, which isn't so bad | 14:26:51 |
| @elvishjerricco:matrix.org | Oh, hah, nevermind. If you actually try to run the thing with systemdMinimal then it just doesn't work at all | 14:29:25 |
| @elvishjerricco:matrix.org | Ah no I'm wrong, it boots just fine. I just screwed it up | 14:48:21 |
 bobvanderlinden | That sounds quite promising. I was wondering whether booting with minimal would work when the root runs on non-minimal. Probably fine, but hadn't tried that yet. | 15:15:15 |
| bobvanderlinden |
bobvanderlinden: Btw the reason you had to force it to load ext4 was because /proc/sys/kernel/modprobe wasn't set to a real modprobe program. I solved this by putting kernel.modprobe = /bin/modprobe in /etc/sysctl.d/nixos.conf
Ah haha that makes sense. I didn't know about this option and what trying to figure out why udevd wasn't calling modprobe. Good to hear that workaround is ironed out 👍👍 | 17:04:15 |
|  armeen joined the room. | 17:59:47 |
|  Rhys joined the room. | 21:41:44 |
| @elvishjerricco:matrix.org | Going to have to start caching systemdMinimal.override { withCryptsetup = true; } though. | 23:21:36 |
 flokli | bobvanderlinden: I'm curious about all the systemd cryptsetup stuff in initrd. Asking for passwords from multiple consoles, and reusing passwords for multiple to-be-unlocked volumes should be much much nicer | 23:38:19 |
| flokli | As well as all the yubikey/u2f/tpm stuff, which should now just work out of the box if we provide it in crypttab | 23:38:57 |
| @elvishjerricco:matrix.org | flokli: systemd in initramfs will make the password part at least much nicer, since it uses systemd-ask-password | 23:57:34 |
| @elvishjerricco:matrix.org | No idea about the myriad of other LUKS features NixOS currently implements in initramfs | 23:57:56 |
| 20 Mar 2022 |
| @elvishjerricco:matrix.org | Aaand it boots. Finally. Awesome. | 01:28:31 |
| bobvanderlinden | In reply to @flokli:matrix.org
bobvanderlinden: I'm curious about all the systemd cryptsetup stuff in initrd. Asking for passwords from multiple consoles, and reusing passwords for multiple to-be-unlocked volumes should be much much nicer NixOS's ask-password is the main gripe I have with stage-1. It doesn't allow Plymouth usage, so Plymouth on systems with an encrypted root is basically useless.
Adding Plymouth (and others) support is currently done by fiddling with a large bash script that is run during stage1 and fiddling with a bash script that adds specific files to initramfs. Absolutely hard to maintain and hard to modularize. All the while packages like Plymouth already have systemd configuration for systemd specifically for initrd 🤷
I'm also interested how clean we can make the configuration when systemd can be used. | 02:13:19 |
| bobvanderlinden | In reply to @elvishjerricco:matrix.org
Aaand it boots. Finally. Awesome. What has changed since it booted on your old branch? | 02:14:08 |
| @elvishjerricco:matrix.org | bobvanderlinden: Now it uses the systemd options so the API is about 1000x nicer. It also has a more minimal set of default upstream units | 02:17:04 |
| @elvishjerricco:matrix.org | and it's a separate opt-in initrd, instead of flat-out replacing the existing one | 02:17:25 |
| @elvishjerricco:matrix.org | The last thing I think I need to do before the branch can be up for review/merge is the Exec* parsing stuff, though I may just cherry-pick your code instead since that would be easier. | 02:18:34 |
| @elvishjerricco:matrix.org | The size is even reasonable at 15M | 02:19:01 |
| @elvishjerricco:matrix.org | 13 if you don't include cryptsetup libs | 02:19:11 |
| @elvishjerricco:matrix.org | probably smaller when I stop adding unnecessary systemd libs with the proper Exec* parsing | 02:19:25 |
| bobvanderlinden | Cool! I can work on it a bit tomorrow, so if you have something where work can continue on, let me know the branch 👍 | 02:41:30 |
| @elvishjerricco:matrix.org | bobvanderlinden: I'll push my branch here in a minute, and I'll open a PR probably tonight after I do the Exec*/cherry-pick thing | 02:42:10 |
| bobvanderlinden | In reply to @elvishjerricco:matrix.org
The last thing I think I need to do before the branch can be up for review/merge is the Exec* parsing stuff, though I may just cherry-pick your code instead since that would be easier. I have been thinking of find-dependencies. It might also be of use for packing docker images and the like. Maybe we can make it a separate tool with some options to indicate the different strategies it should use. | 02:43:30 |
| @elvishjerricco:matrix.org | That... can be saved for a later date :P | 02:44:04 |
| @elvishjerricco:matrix.org | Gotta get this merged first | 02:44:11 |
| @elvishjerricco:matrix.org | Oh crap I forgot about udev rules | 02:49:04 |
| @elvishjerricco:matrix.org | bobvanderlinden: https://github.com/bobvanderlinden/nixpkgs/compare/pr-refactor-systemd-module...ElvishJerricco:systemd-initrd-reuse-systemd-module | 03:10:41 |
