!kyXJonZuBXCGzVwuSn:nixos.org

Systems Programming

280 Members
Kernel, stdenv, low-level hacking, patchelf, … 68 Servers

Load older messages

SenderMessageTime
1 Jan 2026
@amadaluzia:unredacted.orgamadaluzia -> 4d2.org changed their display name from amadaluzia to amadaluzia (happy new year!).00:15:37
2 Jan 2026
@amadaluzia:unredacted.orgamadaluzia -> 4d2.org changed their display name from amadaluzia (happy new year!) to amadaluzia.04:46:38
3 Jan 2026
@gapry:matrix.orggapry joined the room.22:42:21
4 Jan 2026
@evaluate2602:metropolis.nexusevaluate2602 joined the room.19:51:35
5 Jan 2026
@goodtab:matrix.orggoodtab joined the room.08:22:24
6 Jan 2026
@gmodena:matrix.org@gmodena:matrix.org left the room.11:13:45
8 Jan 2026
@yawd:matrix.orgDiego Reis joined the room.02:58:54
@pltrz_:matrix.org@pltrz_:matrix.org left the room.23:24:40
11 Jan 2026
@balasubramanium:tchncs.deполынь changed their profile picture.14:24:34
12 Jan 2026
@grand_master_programmer:matrix.orgjimmie joined the room.08:07:46
@grand_master_programmer:matrix.orgjimmie changed their display name from zigzen to jimmie.08:12:36
@jappie:jappie.devjappie joined the room.17:28:38
13 Jan 2026
@netpleb:matrix.orgnetpleb

does enabling boot.initrd.systemd.network somehow change where the authorized_keys file is stored when doing remote luks unlocking?
For example, the following config gives me the ssh error "Permission denied (publickey)":

  boot.initrd = {
  # Include necessary modules for networking and VLAN in initrd
    availableKernelModules = [
      "r8169"    # NIC driver
      "8021q"    # For VLAN support
    ];

    # Enable networking in initrd
    network.enable = true;

    # SSH for remote unlock
    # enable ssh during boot so we can decrypt disks
    # see https://nixos.wiki/wiki/Remote_disk_unlocking
    # NOTE: the ssh host keys during boot are different! We can ignore that temporarily as follows
    #   ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root@<target_ip>
    #   cryptsetup-askpass          # will prompt to unlock disks
    # the intrd ssh then exits
    network.ssh = {
      enable = true;
      port = 22;
      authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
      hostKeys = [ "/etc/secrets/initrd/ssh_host_ecdsa_key" ];
    };

    # Use systemd in initrd (enabled by default when network.enable = true)
    systemd.enable = true;

    # Configure systemd-networkd in initrd for VLAN 51 and DHCP
    systemd.network = {
      enable = true;

      netdevs = {
        "10-vlan51" = {
          netdevConfig = {
            Kind = "vlan";
            Name = "vlan51";
          };
          vlanConfig.Id = 51;
        };
      };

      networks = {
        # Physical interface in initrd (replace enp1s0 if needed)
        "10-phy" = {
          matchConfig.Name = "enp*s*";  # Match your interface pattern (e.g., enp1s0)
          networkConfig = {
            LinkLocalAddressing = "no";
            VLAN = [ "vlan51" ];
          };
        };

        # DHCP on VLAN 51
        "20-vlan51" = {
          matchConfig.Name = "vlan51";
          networkConfig = {
            DHCP = "yes";
          };
        };
      };
    };

    # Set shell for remote unlock
    systemd.users.root.shell = "/bin/cryptsetup-askpass";

  };

but I have confirmed with the nix repl that boot.initrd.network.ssh.authorizedKeys does in fact contain my public key.

17:33:27
@netpleb:matrix.orgnetplebI do not know which command to run to build just the stuff that initrd.systemd sees so that I can inspect the actual authorized_keys file that was generated.17:46:02
@netpleb:matrix.orgnetplebactually, sorry for the (false?) alarm. Looks like I got nabbed by this: https://github.com/NixOS/nixpkgs/issues/294032 and commenting out that root shell line lets me in17:54:04
14 Jan 2026
@k900:0upti.meK900 Did this room split 16:24:24
@k900:0upti.meK900 Doesn't have a name anymore for me 16:24:34
16 Jan 2026
@keiwop:matrix.orgkeiwop joined the room.12:44:18
19 Jan 2026
@emma:rory.gay@emma:rory.gay does for me, its #systems-programming:nixos.org (Systems Programming) 00:20:22
20 Jan 2026
@innocentzer0:matrix.orginnocentzer0 joined the room.14:41:06
21 Jan 2026
@netpleb:matrix.orgnetpleb I have a luks encrypted nbd which needs to be connected to with nbd-client before it can be unlocked, and I need to do it during boot.initrd. Anyone know a good trick for how to do that? 19:20:25
@netpleb:matrix.orgnetpleb(also, is this question better asked in the general Nix / NixOS channel?)19:21:14
@netpleb:matrix.orgnetpleb I notice that there is both boot.initrd.preLVMCommands and boot.initrd.preDeviceCommands -- is that where I should add something like nbd-client 192.168.x.x 10809 /dev/nbd0? 19:25:55
@netpleb:matrix.orgnetpleb * I notice that there is both boot.initrd.preLVMCommands and boot.initrd.{pre,post}DeviceCommands -- is that where I should add something like nbd-client 192.168.x.x 10809 /dev/nbd0? 19:30:54
@bezz:matrix.org@bezz:matrix.org joined the room.23:01:23
22 Jan 2026
@mrdev023:matrix.orgmrdev023Hi, i write this issue https://github.com/NixOS/nixpkgs/issues/386164 When i want build rust-analyzer json file. It failed because Makefile is missing from source/rust/Makefile folder. Maybe, i can open PR about that ?19:22:05
@mrdev023:matrix.orgmrdev023Maybe missing line here https://github.com/NixOS/nixpkgs/blob/88d3861acdd3d2f0e361767018218e51810df8a1/pkgs/os-specific/linux/kernel/build.nix#L37419:31:02
@mrdev023:matrix.orgmrdev023?19:31:07
@kloenk:kloenk.eukloenkcould you do it with an english make? much easier to read for me :)19:32:18
@kloenk:kloenk.eukloenk right now wondering if I/we ever impelemnted that (upstream/kernel), not sure right now how the $LINUX_MODULES_FOLDER/build looks and if that has the required files for the python script generating the rust-project.json 19:33:23

Show newer messages

Back to Room ListRoom Version: 6