| 26 Apr 2023 |
 flokli | It makes sense to, let's say, initialize hardware as much as possible. It usually takes a while for it to power up, and the earlier it happens the better | 18:13:30 |
| flokli | It gets tricky when you also need to load some firmware, which isn't present at that time. | 18:13:49 |
| flokli | It should just try again loading that firmware later once available? | 18:14:17 |
| flokli | Janne Heß: try checking your logs to see what kind of init your webcam does, im curious | 18:14:47 |
 @janne.hess:helsinki-systems.de | In reply to @flokli:matrix.org
Janne Heß: try checking your logs to see what kind of init your webcam does, im curious nothing special in the journal. just regular usb connection stuff | 21:34:28 |
| 27 Apr 2023 |
 @elvishjerricco:matrix.org | In reply to @janne.hess:helsinki-systems.de
I didn't to keep some backwards compat So apparently it's a little more than that. All /dev/mapper/* symlinks come from LVM's rules, and that rules file does a couple things with the dmsetup command. So maybe we can't make it optional? Without that rules file, e.g. LUKS devices wouldn't show up in /dev/mapper/ like everyone expects | 01:33:32 |
| @elvishjerricco:matrix.org | I'm not sure what happens without the dmsetup commands; I don't know if udev bails when a command fails, or if the results of that command are critical | 01:34:39 |
| 28 Apr 2023 |
| @elvishjerricco:matrix.org | My initrd is now maximally complicated. Two different LUKS volume, one TPM2 unlocked, both on ZFS zvols, one ZFS encryptionroot, custom ZFS import service, and networking with SSH and tailscale.
I can't imagine the nightmare that would have been without systemd-initrd. | 04:12:38 |
 @aktaboot:tchncs.de | In reply to @elvishjerricco:matrix.org
My initrd is now maximally complicated. Two different LUKS volume, one TPM2 unlocked, both on ZFS zvols, one ZFS encryptionroot, custom ZFS import service, and networking with SSH and tailscale.
I can't imagine the nightmare that would have been without systemd-initrd. may I ask whats your usecase for the networking part ? | 07:14:55 |
| @elvishjerricco:matrix.org | To unlock the the encrypted file system remotely over tailscale | 07:15:41 |
 @uep:matrix.org | I assume the LUKS-on-zvol are relatively small? basically key or config containers with relatively static filesystems, as a way of bootstrapping to the final zfs load-key? | 22:23:32 |
| @uep:matrix.org | (for example, to run the ssh service out of) | 22:24:35 |
| @elvishjerricco:matrix.org | uep: Exactly. The first volume, the tpm2 locked one, contains my ssh host keys and tailscale state directory. That way I can log in remotely, and the presence of correct host keys informs me that the tpm is happy with the boot measurements. The second volume is unlocked manually and contains the zfs key file | 22:24:41 |
| @uep:matrix.org | yup | 22:25:05 |
| @uep:matrix.org | why a second volume with file, rather than a passphrase directly, since you're logging in manually regardless? | 22:25:34 |
| @uep:matrix.org | (would make perfect sense as a multi-factor case, but you can't currently mix them without even more customisation) | 22:26:18 |
| @elvishjerricco:matrix.org | to get all the other nice luks-y things. Like I want to have the second volume unlocked with tpm2+pin (currently having a bug with that one), with a recovery key backup slot. | 22:26:37 |
| @uep:matrix.org | seems like a great topic for a write-up, either once you get the kinks ironed out, or even including the ironing process | 22:28:00 |
| @elvishjerricco:matrix.org | there's a bunch of stuff I need to write about :P I've been putting off writing a blog post about systemd-in-initrd for actual years lol | 22:28:31 |
| @uep:matrix.org | This is The Way | 22:38:23 |
| 29 Apr 2023 |
 @sigmasquadron:matrix.org | This is The Way. | 00:24:02 |
 @hexa:lossy.network | Redacted or Malformed Event | 10:20:12 |
| @janne.hess:helsinki-systems.de | c | 10:21:53 |
| @aktaboot:tchncs.de | ElvishJerricco Is there a reason remove_old_entries is called on rebuild and not hooked to garbage collection ? | 17:41:16 |
| @aktaboot:tchncs.de | * ElvishJerricco Is there a reason systemd-boot remove_old_entries() is called on rebuild and not hooked to garbage collection ? | 17:41:30 |
| @elvishjerricco:matrix.org | aktaboot: There's no such thing as "hooked to garbage collection" | 17:41:48 |
| @aktaboot:tchncs.de | garbage collection is only related to the nix store, but I guessed we could also delete older boot entries and kernel/initrd at garbage collection time as well | 17:42:52 |
| @aktaboot:tchncs.de | I guess that's the only place where this can be handled differently since it's not tied to the nix-store directly | 17:44:14 |
| @aktaboot:tchncs.de | the problem I encountered was that efi partition was full, so I could not rebuild, and therefore I also could not empty the efi | 17:45:16 |
| @aktaboot:tchncs.de | * the problem I encountered was that efi partition was full, so I could not rebuild, and therefore I also could not empty the efi with nix tooling | 17:45:22 |
