| 23 Oct 2022 |
 Paul Haerle | With the networkd PR and a small PR which changes an assertion to a warning https://github.com/NixOS/nixpkgs/pull/197382 I succeeded in building a 30MB initrd without stage2, that can be kexec'ed into to partition the disks (with disko and zfs) and to download and install a nixosConfiguration from a flake - all on a remote host.
Still got a few things to iron out, but a PoC went pretty smooth. The initrd being about 5% in size compared to a full nixos kexec-bundle makes it much easier to work on low-memory VPS.
Thanks everyone involved in this effort :tada: | 15:09:07 |
| 24 Oct 2022 |
 colemickens | um, hell yes. | 08:06:49 |
| 25 Oct 2022 |
 @kranzes:matrix.org | Has anyone got systemd-cryptenroll working without a password slot? | 11:21:39 |
| @kranzes:matrix.org | I initially only had a password slot, so I added my FIDO2 key to the second slot | 11:22:04 |
| @kranzes:matrix.org | and wanted to delete the first slot (password one) | 11:22:10 |
| @kranzes:matrix.org | so I deleted it just fine | 11:22:19 |
| @kranzes:matrix.org | but every other use of systemd-cryptenroll requires me to put in a passphrase which I no longer have | 11:22:43 |
| @kranzes:matrix.org | Unlocking the device on boot via the fido2 still works fine, so i'm not locked out. | 11:22:57 |
 @elvishjerricco:matrix.org | my steam deck boots without a paswword | 11:22:58 |
| @kranzes:matrix.org | Same, but I wanna add another slot | 11:23:10 |
| @elvishjerricco:matrix.org | using the tpm | 11:23:10 |
| @kranzes:matrix.org | how many slots do you have enrolled? | 11:23:23 |
| @elvishjerricco:matrix.org | i just have the password fallback and the tpm | 11:23:43 |
| @kranzes:matrix.org | ok, so i wanted to get rid of the password fallback | 11:23:56 |
| @kranzes:matrix.org | just FIDO2 | 11:23:59 |
| @elvishjerricco:matrix.org | oof | 11:24:06 |
| @elvishjerricco:matrix.org | would not recommend | 11:24:11 |
| @kranzes:matrix.org | I wanted to add my backup FIDO2 but it asks for password | 11:24:12 |
| @kranzes:matrix.org | In reply to @elvishjerricco:matrix.org
would not recommend Why not? | 11:24:18 |
| @kranzes:matrix.org | * I wanted to add my backup FIDO2 but it asks for password even though I deleted it already. I would expect it to try to do it via the other FIDO2 slot still available... | 11:25:01 |
| @elvishjerricco:matrix.org | your data should not be beholden to any one thing. So having a backup passphrase lets you recover in the event that all else fails | 11:25:18 |
| @kranzes:matrix.org | but it's not one thing | 11:25:42 |
| @kranzes:matrix.org | it's two things | 11:25:44 |
| @kranzes:matrix.org | i wanted to add multiple FIDO2 keys | 11:25:48 |
| @elvishjerricco:matrix.org | i mena | 11:26:04 |
| @elvishjerricco:matrix.org | * i mean | 11:26:08 |
| @elvishjerricco:matrix.org | there is one device | 11:26:17 |
| @kranzes:matrix.org | no | 11:26:21 |
| @kranzes:matrix.org | multiple | 11:26:23 |
| @elvishjerricco:matrix.org | and once lost, so is all else | 11:26:24 |
