| 19 Mar 2022 |
 @elvishjerricco:matrix.org | No idea about the myriad of other LUKS features NixOS currently implements in initramfs | 23:57:56 |
| 20 Mar 2022 |
| @elvishjerricco:matrix.org | Aaand it boots. Finally. Awesome. | 01:28:31 |
 bobvanderlinden | In reply to @flokli:matrix.org
bobvanderlinden: I'm curious about all the systemd cryptsetup stuff in initrd. Asking for passwords from multiple consoles, and reusing passwords for multiple to-be-unlocked volumes should be much much nicer NixOS's ask-password is the main gripe I have with stage-1. It doesn't allow Plymouth usage, so Plymouth on systems with an encrypted root is basically useless.
Adding Plymouth (and others) support is currently done by fiddling with a large bash script that is run during stage1 and fiddling with a bash script that adds specific files to initramfs. Absolutely hard to maintain and hard to modularize. All the while packages like Plymouth already have systemd configuration for systemd specifically for initrd 🤷
I'm also interested how clean we can make the configuration when systemd can be used. | 02:13:19 |
| bobvanderlinden | In reply to @elvishjerricco:matrix.org
Aaand it boots. Finally. Awesome. What has changed since it booted on your old branch? | 02:14:08 |
| @elvishjerricco:matrix.org | bobvanderlinden: Now it uses the systemd options so the API is about 1000x nicer. It also has a more minimal set of default upstream units | 02:17:04 |
| @elvishjerricco:matrix.org | and it's a separate opt-in initrd, instead of flat-out replacing the existing one | 02:17:25 |
| @elvishjerricco:matrix.org | The last thing I think I need to do before the branch can be up for review/merge is the Exec* parsing stuff, though I may just cherry-pick your code instead since that would be easier. | 02:18:34 |
| @elvishjerricco:matrix.org | The size is even reasonable at 15M | 02:19:01 |
| @elvishjerricco:matrix.org | 13 if you don't include cryptsetup libs | 02:19:11 |
| @elvishjerricco:matrix.org | probably smaller when I stop adding unnecessary systemd libs with the proper Exec* parsing | 02:19:25 |
| bobvanderlinden | Cool! I can work on it a bit tomorrow, so if you have something where work can continue on, let me know the branch 👍 | 02:41:30 |
| @elvishjerricco:matrix.org | bobvanderlinden: I'll push my branch here in a minute, and I'll open a PR probably tonight after I do the Exec*/cherry-pick thing | 02:42:10 |
| bobvanderlinden | In reply to @elvishjerricco:matrix.org
The last thing I think I need to do before the branch can be up for review/merge is the Exec* parsing stuff, though I may just cherry-pick your code instead since that would be easier. I have been thinking of find-dependencies. It might also be of use for packing docker images and the like. Maybe we can make it a separate tool with some options to indicate the different strategies it should use. | 02:43:30 |
| @elvishjerricco:matrix.org | That... can be saved for a later date :P | 02:44:04 |
| @elvishjerricco:matrix.org | Gotta get this merged first | 02:44:11 |
| @elvishjerricco:matrix.org | Oh crap I forgot about udev rules | 02:49:04 |
| @elvishjerricco:matrix.org | bobvanderlinden: https://github.com/bobvanderlinden/nixpkgs/compare/pr-refactor-systemd-module...ElvishJerricco:systemd-initrd-reuse-systemd-module | 03:10:41 |
| @elvishjerricco:matrix.org | This is on top of your refactor branch | 03:10:47 |
| @elvishjerricco:matrix.org | This is what I use to test it:
import ./nixos { configuration = { lib, config, pkgs, ... }: {
imports = [./nixos/modules/virtualisation/qemu-vm.nix];
boot.initrd.systemd = {
enable = true;
emergencyHashedPassword = "";
};
virtualisation = {
graphics = false;
memorySize = ;
cores = 4;
};
documentation.enable = false;
services.getty.autologinUser = "root";
}; }
Note that you currently have to format the nixos.qcow2 file manually for the qemu-vm
| 03:13:56 |
| @elvishjerricco:matrix.org | * This is what I use to test it:
import ./nixos { configuration = { lib, config, pkgs, ... }: {
imports = [./nixos/modules/virtualisation/qemu-vm.nix];
boot.initrd.systemd = {
enable = true;
emergencyHashedPassword = "";
};
virtualisation = {
graphics = false;
memorySize = 4096;
cores = 4;
};
documentation.enable = false;
services.getty.autologinUser = "root";
}; }
Note that you currently have to format the nixos.qcow2 file manually for the qemu-vm
| 03:14:14 |
| @elvishjerricco:matrix.org | Once I have the exec detection and udev stuff I want in there, I'll open a PR that I expect to be merge-worthy | 03:15:23 |
| @elvishjerricco:matrix.org | (graphics = false isn't necessary, I just prefer it) | 03:47:49 |
| @elvishjerricco:matrix.org | bobvanderlinden: I switched to your version of the dependencies program and managed to get initrd down to 9.1M, which is crazy! It does boot, but now the rescue mode doesn't work for some reason. | 06:02:24 |
| @elvishjerricco:matrix.org | Aw, that decreased size was entirely because I switched to only including the necessities from util-linux instead of all of it, not because of the automatic dependency finder. And the finder didn't work well enough to actually function without significant help from manual inclusions :/
After staring at it and thinking for a while, I'm starting to think automatically finding Exec* stuff just isn't a problem worth solving. I imagine if a fresh set of eyes came to this project after this problem had been solved, they'd say any solution is way too jank to be worth it. If your unit file points to a program, then just include that program in objects... Adding services to initrd should be a fairly rare thing anyway.
| 06:56:48 |
| @elvishjerricco:matrix.org | Sooo... I'm going to do another little review an then open a PR! | 06:57:07 |
| @elvishjerricco:matrix.org | https://github.com/NixOS/nixpkgs/pull/164943 woot | 08:06:10 |
 Arian | Will try it out right away! | 08:08:58 |
| Arian | I wanted to say we probably need https://github.com/NixOS/nixpkgs/pull/121371 for the correct ordering of kmod-static-nodes and systemd-tmpfiles-setup-dev but it seems flokli merged it already! :D | 08:12:08 |
| Arian | so you probably have those fixed already :P | 08:12:14 |
| Arian | yay about forgetting about PRs and other people picking them up | 08:13:31 |
