| 10 Nov 2022 |
 @me:linj.tech | 
Download image.png | 18:41:19 |
 @elvishjerricco:matrix.org | I see | 18:41:50 |
| @elvishjerricco:matrix.org | It dies because it doesn't find luks-2 at all | 18:41:56 |
| @me:linj.tech | the old initrd is easy to workaround for this case | 18:41:57 |
| @elvishjerricco:matrix.org | so | 18:42:19 |
| @elvishjerricco:matrix.org | once you're in the emergency shell in the systemd stage 1, you can probably manually mount the degraded btrfs root and let it continue with systemctl default | 18:42:44 |
| @me:linj.tech | https://github.com/NixOS/nixpkgs/blob/717ccacc16e8de01ff06f2f83db6415c01f11527/nixos/modules/system/boot/luksroot.nix#L155 | 18:42:44 |
| @me:linj.tech | just do not die and skip some functions | 18:42:57 |
| @elvishjerricco:matrix.org | linj: Btw what does your fileSystems."/".device look like? | 18:45:20 |
| @me:linj.tech | emm, I use root on tmpfs | 18:45:51 |
| @elvishjerricco:matrix.org | oh | 18:45:58 |
| @elvishjerricco:matrix.org | then whatever your btrfs fileSystem device looks like | 18:46:10 |
| @me:linj.tech | boot.initrd.luks.devices = {
# TODO what if one disk is missing
"nixos-1" = {
allowDiscards = true;
bypassWorkqueues = true;
device = "/dev/disk/by-label/luks-1";
# fallbackToPassword = true;
# TODO x-initrd.attach
# TODO x-systemd.device-timeout=
crypttabExtraOpts = [ "nofail" "x-systemd.device-timeout=10" ];
};
"nixos-2" = {
allowDiscards = true;
bypassWorkqueues = true;
device = "/dev/disk/by-label/luks-2";
# fallbackToPassword = true;
crypttabExtraOpts = [ "nofail" "x-systemd.device-timeout=10" ];
};
};
fileSystems."/" =
{ device = "none";
fsType = "tmpfs";
options = [ "defaults" "size=500M" "mode=755" ];
};
# TODO what if one disk is missing
fileSystems."/boot" =
{ device = "/dev/disk/by-label/efi-1";
fsType = "vfat";
options = [ "nofail" ];
};
# TODO what if one disk is missing
fileSystems."/boot2" =
{ device = "/dev/disk/by-label/efi-2";
fsType = "vfat";
options = [ "nofail" ];
};
# TODO what if one disk is missing
fileSystems."/nix" =
{ # device = "/dev/disk/by-label/nixos";
device = "/dev/disk/by-uuid/f93cfbf1-e9b4-46ca-b7cb-6f3fb1554fbb";
fsType = "btrfs";
options = [ "degraded" "noatime" "ssd" "compress=zstd:1" "space_cache=v2" "subvol=@nix" ];
};
fileSystems."/var" =
{ # device = "/dev/disk/by-label/nixos";
device = "/dev/disk/by-uuid/f93cfbf1-e9b4-46ca-b7cb-6f3fb1554fbb";
fsType = "btrfs";
options = [ "degraded" "noatime" "ssd" "compress=zstd:1" "space_cache=v2" "subvol=@var" ];
};
fileSystems."/home" =
{ # device = "/dev/disk/by-label/nixos";
device = "/dev/disk/by-uuid/f93cfbf1-e9b4-46ca-b7cb-6f3fb1554fbb";
fsType = "btrfs";
options = [ "degraded" "noatime" "ssd" "compress=zstd:1" "space_cache=v2" "subvol=@home" ];
neededForBoot = true;
};
fileSystems."/state" =
{ # device = "/dev/disk/by-label/nixos";
device = "/dev/disk/by-uuid/f93cfbf1-e9b4-46ca-b7cb-6f3fb1554fbb";
fsType = "btrfs";
options = [ "degraded" "noatime" "ssd" "compress=zstd:1" "space_cache=v2" "subvol=@state" ];
neededForBoot = true;
};
| 18:46:31 |
| @elvishjerricco:matrix.org | gotcha, so it's normal to just pick one of the devices in a btrfs raid array as the device? | 18:47:11 |
| @elvishjerricco:matrix.org | that's what the udev rule suggested as well and I just wanted to know | 18:47:32 |
| @me:linj.tech | In reply to @elvishjerricco:matrix.org
gotcha, so it's normal to just pick one of the devices in a btrfs raid array as the device? need to do btrfs device scan first I think | 18:48:39 |
| @elvishjerricco:matrix.org | I believe the udev rule + systemd do it a little differently, but yea | 18:49:19 |
| @elvishjerricco:matrix.org | the scripted initrd would have to | 18:49:28 |
| @me:linj.tech | In reply to @elvishjerricco:matrix.org
once you're in the emergency shell in the systemd stage 1, you can probably manually mount the degraded btrfs root and let it continue with systemctl default yeah, it works | 18:55:16 |
| @me:linj.tech | Should we set x-initrd.attach by default? its doc is man crypttab | 20:59:41 |
| @elvishjerricco:matrix.org | That is a complicated topic | 21:48:04 |
| @elvishjerricco:matrix.org | tl;dr, probably | 21:48:15 |
| @elvishjerricco:matrix.org | linj: to clarify a bit, you want x-initrd.{attach,mount} in the /etc/crypttab and /etc/fstab of stage 2. Their function is to tell systemd two things.
-
In stage 1, when the root fs is mounted at /sysroot, check /sysroot/etc/{crypttab,fstab} for entries with these options by re-running generators and generating stage 1 units for them with /sysroot prefixed for FSes. This is why we have the initrd-root-fs.target and initrd-fs.target sync points; they represent /sysroot being mounted and x-initrd.mount FSes being mounted.
-
They tell the shutdown process not to mess with these things. The shutdown ramfs (if enabled) can attempt to safely unmount and detach them, but the regular shutdown process shouldn't.
So this gets complicated for NixOS. We want these things written in our stage 2 crypttab and fstab files so that shutdown respects them, but the problem is that we can't rely on them existing for stage 1. For instance if you have root on tmpfs, then /sysroot/etc doesn't even exist, let alone contain the necessary crypttab and fstab entries with x-initrd.* options. And even for people whose root is persistent, those files need to be updated by initrd-nixos-activation.service before we can rely on them, which itself already requires all the stage 1 FSes to be mounted.
| 23:58:41 |
| @elvishjerricco:matrix.org | So it's...... highly annoying | 23:58:46 |
| @elvishjerricco:matrix.org | The solution I kinda want to do is put /sysroot/etc/{crypttab,fstab} in the initramfs lol. Then the initial generators will pick up the x-initrd.* entries, and the real /sysroot will overmount this stupid one | 23:59:30 |
| @elvishjerricco:matrix.org | (have tested; it does work) | 23:59:55 |
| 11 Nov 2022 |
| @elvishjerricco:matrix.org | oh but all that is to say: We do not want these options in the initramfs's /etc/fstab or /etc/crypttab because they're basically meaningless there (and I think it might even cause the generators to skip them? not sure) | 00:02:20 |
| @me:linj.tech | ElvishJerricco: After reading your repl, systemd doc and nixpkgs pr, I have several questions:
- Do we need
/sysroot/etc/{crypttab,fstab}? I think currently we have put FSes needed in /etc/fstab and /etc/crypttab of initrd.
- Is this the shutdown ramfs you mentioned above? Does that pr handles unmounting "root on btrfs raid1 on luks on two disks" correctly? Some FSes is missing in
journalctl -b -1 -g Unmounting. Don't know if that is related though.
| 12:20:40 |
| @me:linj.tech | * ElvishJerricco: After reading your reply, systemd doc and nixpkgs pr, I have several questions:
- Do we need
/sysroot/etc/{crypttab,fstab}? I think currently we have put FSes needed in /etc/fstab and /etc/crypttab of initrd.
- Is this the shutdown ramfs you mentioned above? Does that pr handles unmounting "root on btrfs raid1 on luks on two disks" correctly? Some FSes is missing in
journalctl -b -1 -g Unmounting. Don't know if that is related though.
| 12:20:51 |
| @me:linj.tech | * ElvishJerricco: After reading your reply, systemd doc and nixpkgs pr, I have several questions:
- Do we need
/sysroot/etc/{crypttab,fstab}? I think currently we have put FSes needed in /etc/fstab and /etc/crypttab of initrd.
- Is this the shutdown ramfs you mentioned above? Does that pr handle unmounting "root on btrfs raid1 on luks on two disks" correctly? Some FSes is missing in
journalctl -b -1 -g Unmounting. Don't know if that is related though.
| 12:21:24 |
