| 11 Dec 2025 |
|  suua joined the room. | 16:10:32 |
| 12 Dec 2025 |
|  whispers [& it/fae] changed their profile picture. | 04:51:23 |
| 13 Dec 2025 |
|  NixOS Moderation Bot unbanned  @joepie91:pixie.town. | 05:58:44 |
| 15 Dec 2025 |
|  n4ch723hr3r (putting stuff in your name is cringe) joined the room. | 01:49:40 |
|  @partime:matrix.org joined the room. | 03:32:48 |
| @partime:matrix.org left the room. | 03:34:38 |
|  ghishadow joined the room. | 08:13:10 |
| 16 Dec 2025 |
|  rrnzx joined the room. | 00:17:33 |
|  SaschaOnTour joined the room. | 16:30:26 |
| 21 Dec 2025 |
|  @ixxie:matrix.org left the room. | 22:02:03 |
| 24 Dec 2025 |
|  @pltrz_:matrix.org joined the room. | 12:32:59 |
|  amadaluzia -> 4d2.org changed their profile picture. | 16:53:05 |
| 26 Dec 2025 |
|  aktaboot changed their profile picture. | 19:25:51 |
| 1 Jan 2026 |
| amadaluzia -> 4d2.org changed their display name from amadaluzia to amadaluzia (happy new year!). | 00:15:37 |
| 2 Jan 2026 |
| amadaluzia -> 4d2.org changed their display name from amadaluzia (happy new year!) to amadaluzia. | 04:46:38 |
| 3 Jan 2026 |
|  gapry joined the room. | 22:42:21 |
| 4 Jan 2026 |
|  evaluate2602 joined the room. | 19:51:35 |
| 5 Jan 2026 |
|  goodtab joined the room. | 08:22:24 |
| 6 Jan 2026 |
|  @gmodena:matrix.org left the room. | 11:13:45 |
| 8 Jan 2026 |
|  Diego Reis joined the room. | 02:58:54 |
| @pltrz_:matrix.org left the room. | 23:24:40 |
| 11 Jan 2026 |
|  полынь changed their profile picture. | 14:24:34 |
| 12 Jan 2026 |
|  jimmie joined the room. | 08:07:46 |
| jimmie changed their display name from zigzen to jimmie. | 08:12:36 |
|  jappie joined the room. | 17:28:38 |
| 13 Jan 2026 |
 netpleb | does enabling boot.initrd.systemd.network somehow change where the authorized_keys file is stored when doing remote luks unlocking?
For example, the following config gives me the ssh error "Permission denied (publickey)":
boot.initrd = {
# Include necessary modules for networking and VLAN in initrd
availableKernelModules = [
"r8169" # NIC driver
"8021q" # For VLAN support
];
# Enable networking in initrd
network.enable = true;
# SSH for remote unlock
# enable ssh during boot so we can decrypt disks
# see https://nixos.wiki/wiki/Remote_disk_unlocking
# NOTE: the ssh host keys during boot are different! We can ignore that temporarily as follows
# ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root@<target_ip>
# cryptsetup-askpass # will prompt to unlock disks
# the intrd ssh then exits
network.ssh = {
enable = true;
port = 22;
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
hostKeys = [ "/etc/secrets/initrd/ssh_host_ecdsa_key" ];
};
# Use systemd in initrd (enabled by default when network.enable = true)
systemd.enable = true;
# Configure systemd-networkd in initrd for VLAN 51 and DHCP
systemd.network = {
enable = true;
netdevs = {
"10-vlan51" = {
netdevConfig = {
Kind = "vlan";
Name = "vlan51";
};
vlanConfig.Id = 51;
};
};
networks = {
# Physical interface in initrd (replace enp1s0 if needed)
"10-phy" = {
matchConfig.Name = "enp*s*"; # Match your interface pattern (e.g., enp1s0)
networkConfig = {
LinkLocalAddressing = "no";
VLAN = [ "vlan51" ];
};
};
# DHCP on VLAN 51
"20-vlan51" = {
matchConfig.Name = "vlan51";
networkConfig = {
DHCP = "yes";
};
};
};
};
# Set shell for remote unlock
systemd.users.root.shell = "/bin/cryptsetup-askpass";
};
but I have confirmed with the nix repl that boot.initrd.network.ssh.authorizedKeys does in fact contain my public key.
| 17:33:27 |
| netpleb | I do not know which command to run to build just the stuff that initrd.systemd sees so that I can inspect the actual authorized_keys file that was generated. | 17:46:02 |
| netpleb | actually, sorry for the (false?) alarm. Looks like I got nabbed by this: https://github.com/NixOS/nixpkgs/issues/294032 and commenting out that root shell line lets me in | 17:54:04 |
| 14 Jan 2026 |
 K900 | Did this room split | 16:24:24 |
| K900 | Doesn't have a name anymore for me | 16:24:34 |
