| 18 Apr 2026 |
 ElvishJerricco | If the latter, don't do it in initrd at all | 01:27:26 |
 sss | it's partitions for lvm which contains root | 01:28:07 |
| sss | sounds weird, but it's legacy | 01:28:27 |
| sss | from even before nixos ) | 01:28:36 |
| ElvishJerricco | so like, you have drive A with a keyfile on it, drive A is unencrypted, and that keyfile is used to decrypt drives B, C, D...? | 01:29:01 |
| ElvishJerricco | and B, C, D constitute the LVM that has the root fs? | 01:29:12 |
| sss | like i have drive a,b,c lvm for root with different keys on d,e,f | 01:29:52 |
| ElvishJerricco | ok sure; but the basic idea of "root is on encrypted drives, the key is on these different unencrypted drives" is right, yea? | 01:30:37 |
| sss | yes | 01:30:49 |
| ElvishJerricco | cool, just making sure I understand your use case right | 01:30:59 |
| sss | and it is complicated yes, but to to a long history of data storage | 01:31:31 |
| sss | * and it is complicated yes, but due to a long history of data storage | 01:31:42 |
| ElvishJerricco | Then yea, just specifying the three boot.initrd.luks.devices.{a,b,c} with keyFile = "/key-file:${otherDrive}"; should work, where otherDrive is anything you'd use as a device like UUID=asdf or /dev/mapper/blah | 01:31:59 |
| sss | probably i will recreate it in a simple way, someday, maybe.... | 01:32:08 |
| sss | is here a way to wait for device to appear ? | 01:32:56 |
| ElvishJerricco | It will do that automatically | 01:33:10 |
| sss | nice, thx for info | 01:33:23 |
| ElvishJerricco | happy to help :) | 01:33:29 |
| sss | is it possible to pass mount options for fs containing decryption key ? | 01:40:03 |
| sss | i have keys on jfs wich is not mounting with defaults for some long time forgotten reason | 01:40:35 |
| ElvishJerricco | oh hm, maybe not | 01:41:03 |
| ElvishJerricco | uhhh | 01:41:13 |
| sss | which fs today is most apropriate to handle keys on small device (few mb) ? | 01:41:51 |
| ElvishJerricco | honestly when the FS is just for storing one key, I question if it should even be an FS; you could just use the partition itself as the key "file" | 01:44:12 |
| sss | * which fs today is most appropriate to handle keys on small device (few mb) ? | 01:42:56 |
| sss | probably, but will keyFile understand it without custom script ? | 01:46:31 |
| ElvishJerricco | yes, at least with systemd initrd I know it will | 01:46:49 |
| sss | sounds interesting, where can i read about syntax ? | 01:47:47 |
| ElvishJerricco | well, basically the whole boot.initrd.luks.devices.<name> thing in NixOS is a frontend for /etc/crypttab, which has a man page | 01:48:32 |
| ElvishJerricco | er, in systemd initrd | 01:48:40 |
