22 Jun 2023 |
ElvishJerricco | wonder if there's anything resembling a device unit to indicate that things are ready | 20:52:27 |
@lily:lily.flowers | That's what I was trying to probe for | 20:52:36 |
@lily:lily.flowers | I'll have more info later after poking for longer. I'm taking a break now though | 20:53:07 |
ElvishJerricco | yea, thanks for looking into this | 20:53:22 |
@lily:lily.flowers | I do always love debugging cursed stuff (/s, mostly) | 20:53:55 |
@nikstur:matrix.org | Lily Foster: https://lore.kernel.org/lkml/CADYN=9KXWCA-pi8VCS5r_JScsuRyWBEKqtdBFCAGzg1vq4M5FQ@mail.gmail.com/ this seems related. Can't make much of it alone though | 21:46:12 |
24 Jun 2023 |
| @kadawee:cat.casa joined the room. | 15:59:52 |
ElvishJerricco | responding to a new issue about tpm stuff, this has got to be the most terrible predicate I've ever written:
nonRedundant = { systemd, full, cryptsetup, luks, tpm2, fido2, ... }:
((luks || tpm2 || fido2) -> cryptsetup)
&& (!systemd -> (!(tpm2 || fido2 || full) && (cryptsetup -> luks)));
| 23:36:43 |
ElvishJerricco | I don't even know what it means anymore | 23:36:50 |
ElvishJerricco | I think it translates to "if we have luks, tpm, or fido, then we don't actually care unless we have cryptsetup too. But also, if we're not even doing systemd initrd, then tpm, fido, and full systemd aren't important, but cryptsetup is but only if we also have luks" | 23:39:22 |
ElvishJerricco | like wut | 23:39:25 |
emily | sometimes a non-normalized/golfed boolean expression is more readable :) | 23:52:13 |
ElvishJerricco | It's... just asking a lot of people to maintain this coded lol so it's a good thing it's in a throwaway gist instead of an actual repo | 23:55:07 |
ElvishJerricco | * It's... just asking a lot of people to maintain this code lol so it's a good thing it's in a throwaway gist instead of an actual repo | 23:55:16 |
ElvishJerricco | * It's... just asking a lot of people to maintain this code lol so it's a good thing it's in a throwaway gist instead of an actual repo! | 23:55:27 |
25 Jun 2023 |
ElvishJerricco | I really just wanna enable all the things all the time but that only exacerbates the already significant problem of NixOS being incompatible with small ESPs | 00:01:55 |
ElvishJerricco | we could just tell users "hey fuck off and stop using a very dumb configuration" but something tells me that comes off a bit too rude :P Plus who knows if someone has a legit reason for that config. | 00:04:27 |
Arian | what constitutes a "small ESP" | 08:54:01 |
Arian | It would be nice that if we detect an existing small ESP we suggest setting up an XBOOTLDR partition automatically | 08:54:24 |
@nikstur:matrix.org | In reply to @arianvp:matrix.org It would be nice that if we detect an existing small ESP we suggest setting up an XBOOTLDR partition automatically What would be a good way to implement something like this? I guess the install-systemd-boot.py script could print a warning if the ESP is smaller than size X and link to the XBOOTLDR man page. | 17:47:33 |
@nikstur:matrix.org | Well and it would need actual support in NixOS for XBOOTLDR: https://github.com/NixOS/nixpkgs/pull/226692 | 17:50:53 |
colemickens | I don't remember if I mentioned it there but you can cheat with bind mounts, which is what I do with lanzaboote. | 18:04:14 |
27 Jun 2023 |
| Fruity Passions joined the room. | 14:24:43 |
Fruity Passions | Hello! Is it possible to have usb devices appear in /dev during stage 1, if you for example use one as an encryption key? It might just be as simple as loading a kernel module but I'm really stuck here :-) | 14:26:23 |
ElvishJerricco | Fruity Passions: yea you probably just need a module added to boot.initrd.availableKernelModules | 14:29:45 |
oddlama | In reply to @passion-fruit:matrix.org Hello! Is it possible to have usb devices appear in /dev during stage 1, if you for example use one as an encryption key? It might just be as simple as loading a kernel module but I'm really stuck here :-) my guess is on usb_storage | 14:45:44 |
@linus:schreibt.jetzt | what kind of USB device? | 14:46:27 |
@linus:schreibt.jetzt | you'll need a USB controller driver, though it's likely that that's already covered by what nixos-generate-config produces (typically xhci_pci ) | 14:51:32 |
@linus:schreibt.jetzt | and depending on what kind of USB device you may also need a driver (like usb_storage if it's an older or less fancy USB storage device, or uas for newer ones) | 14:52:11 |
ElvishJerricco | If you want a brute force solution, you could probably just import the all-hardware.nix module out of nixpkgs | 14:52:30 |