31 May 2023 |
@lily:lily.flowers | (It should figure it out from the boot.initrd.luks settings, or whatever they are called) | 10:47:04 |
Copa Dium | It's not public but I used disko to configure it. | 10:47:07 |
@lily:lily.flowers | I meant nixos config for luks | 10:47:26 |
Copa Dium | Yeah disko does that too, my boot.initrd.luks is defined | 10:48:24 |
Copa Dium | Systemd also has a job waiting on the device, but there just is no prompt | 10:48:46 |
Copa Dium | This is what disko generated:
nix-repl> myhost.config.boot.initrd.luks.devices.encryptedpool
{ allowDiscards = true; bypassWorkqueues = false; crypttabExtraOpts = [ ... ]; device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_34163169-part3"; fallbackToPassword = false; fido2 = { ... }; gpgCard = null; header = null; keyFile = null; keyFileOffset = null; keyFileSize = null; keyFileTimeout = null; name = "enc-rpool"; postOpenCommands = ""; preLVM = true; preOpenCommands = ""; tryEmptyPassphrase = false; yubikey = null; }
| 10:50:14 |
Copa Dium | * This is what disko generated:
nix-repl> myhost.config.boot.initrd.luks.devices.encryptedpool
{ allowDiscards = true; bypassWorkqueues = false; crypttabExtraOpts = [ ... ]; device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_34163169-part3"; fallbackToPassword = false; fido2 = { ... }; gpgCard = null; header = null; keyFile = null; keyFileOffset = null; keyFileSize = null; keyFileTimeout = null; name = "encryptedpool"; postOpenCommands = ""; preLVM = true; preOpenCommands = ""; tryEmptyPassphrase = false; yubikey = null; }
| 10:50:33 |
@lily:lily.flowers | Can you share the file at config.boot.initrd.systemd.contents."/etc/crypttab".source ? | 10:51:38 |
Copa Dium | Sure, it contains just this one line:
encryptedpool /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_34163169-part3 - discard
| 10:52:34 |
@lily:lily.flowers | In the emergency shell does that device exist? (Are you missing availableKernelModules for initrd?) | 10:53:33 |
Copa Dium | Uh I'm not sure, I assumed it existed since there was no error. One minute, I'll start the server again | 10:54:42 |
Copa Dium | Now I'll have to wait for the timeout :D | 10:55:49 |
@lily:lily.flowers | Oh also did that config boot with old stage 1, with no other changes? | 10:55:55 |
Copa Dium | Btw why does it timeout at all? | 10:55:59 |
Copa Dium | In reply to @lily:lily.flowers Oh also did that config boot with old stage 1, with no other changes? I'm not sure to be honest, I changed a lot of stuff when updating | 10:56:21 |
Copa Dium | I also moved the system to a vm, so your kernel module guess could be pretty on point | 10:57:19 |
@lily:lily.flowers | In reply to @copadium:matrix.org I also moved the system to a vm, so your kernel module guess could be pretty on point Oh yeah prob that then. If the dev doesn't exist there then that's most likely it | 10:57:46 |
Copa Dium | Yeah you seem to be right! Thanks a lot for the help, probably virto_blk is missing | 10:58:33 |
Copa Dium | One more thing, do you know how I can disable the timeout that spawns the emergency shell? I'd like to remove unlock the system later and if it fails after a minute that'd be annoying :D | 10:59:13 |
Copa Dium | * One more thing, do you know how I can disable the timeout that spawns the emergency shell? I'd like to remote unlock the system later and if it fails after a minute that'd be annoying :D | 10:59:23 |
@lily:lily.flowers | So it's actually the mapped device that times out, not the unlocking. So you can probably set a fstab option to disable systemd timeout (i forget what the exact option is) | 11:04:35 |
ElvishJerricco | Lily Foster: is it the mapped device or the physical device? | 11:38:57 |
ElvishJerricco | Copa Dium: could try boot.initrd.luks.devices.encryptedpool.crypttabExtraOpts = ["device-timeout=0"]; | 11:39:57 |
ElvishJerricco | I'm thinking we need to add a NixOS option for that and default it to zero to retain the default behavior of the old initrd | 11:40:36 |
@lily:lily.flowers | In reply to @elvishjerricco:matrix.org Lily Foster: is it the mapped device or the physical device? Mapped. Physical device obviously already exists since it prompts for password on mine | 11:40:36 |
@lily:lily.flowers | If I don't enter password it times out on the mapper device though | 11:40:51 |
ElvishJerricco | Ah | 11:40:57 |
@lily:lily.flowers | In reply to @elvishjerricco:matrix.org Copa Dium: could try boot.initrd.luks.devices.encryptedpool.crypttabExtraOpts = ["device-timeout=0"]; That would be if physical device was not present. Which should be rare? In this case it was because lack of drivers | 11:41:36 |
ElvishJerricco | Yea | 11:41:52 |
@lily:lily.flowers | Idk if we should remove timeouts for physical devices unless user asks for it | 11:41:55 |