ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

retry auto unlock

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-12-13 17:09:23 -06:00
parent ae8971ccf9
commit 8c53121532
1 changed files with 47 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

74
hosts/i001/hardware-mounts.nix
View file

@ -28,6 +28,7 @@ in
device = PRIMARY; device = PRIMARY;
fsType = "bcachefs"; fsType = "bcachefs";
options = [ options = [
"X-mount.mkdir"
"X-mount.subdir=@nix" "X-mount.subdir=@nix"
"relatime" "relatime"
]; ];
@ -36,6 +37,7 @@ in
device = PRIMARY; device = PRIMARY;
fsType = "bcachefs"; fsType = "bcachefs";
options = [ options = [
"X-mount.mkdir"
"X-mount.subdir=@root" "X-mount.subdir=@root"
"relatime" "relatime"
]; ];
@ -44,6 +46,7 @@ in
device = PRIMARY; device = PRIMARY;
fsType = "bcachefs"; fsType = "bcachefs";
options = [ options = [
"X-mount.mkdir"
"X-mount.subdir=@swap" "X-mount.subdir=@swap"
"noatime" "noatime"
]; ];
@ -53,16 +56,17 @@ in
device = PRIMARY; device = PRIMARY;
fsType = "bcachefs"; fsType = "bcachefs";
options = [ options = [
"X-mount.mkdir"
"X-mount.subdir=@persist" "X-mount.subdir=@persist"
]; ];
}; };
# SWAP # SWAP
swapDevices = [ swapDevices = [
{ # {
device = "/.swap/swapfile"; # device = "/.swap/swapfile";
size = 8 * 1024; # Creates an 8GB swap file # size = 8 * 1024; # Creates an 8GB swap file
} # }
]; ];
# PRIMARY unencrypt # PRIMARY unencrypt
@ -98,6 +102,10 @@ in
"bcachefs" "bcachefs"
"vfat" "vfat"
]; ];
boot.initrd.extraUtilsCommands = ''
copy_bin_and_libs ${pkgs.bcachefs-tools}/bin/bcachefs
copy_bin_and_libs ${pkgs.keyutils}/bin/keyctl
'';
boot.initrd.systemd.services.unlock-primary = { boot.initrd.systemd.services.unlock-primary = {
description = "Unlock bcachefs root with key"; description = "Unlock bcachefs root with key";
wantedBy = [ "initrd-root-device.target" ]; wantedBy = [ "initrd-root-device.target" ];
@ -108,34 +116,46 @@ in
# Wait for USB disk; you can refine this with udev-based Wants=/Requires= # Wait for USB disk; you can refine this with udev-based Wants=/Requires=
ExecStart = pkgs.writeShellScript "bcachefs-unlock-initrd" '' ExecStart = pkgs.writeShellScript "bcachefs-unlock-initrd" ''
set -eu set -eu
${pkgs.keyutils}/bin/keyctl link @u @s
echo "test" | ${pkgs.bcachefs-tools}/bin/bcachefs unlock ${PRIMARY} echo "test" | ${pkgs.bcachefs-tools}/bin/bcachefs unlock ${PRIMARY}
exit 0 exit 0
# echo "Waiting for USB key with label SECRETKEY..."
# for i in $(seq 1 20); do
# if [ -e /dev/disk/by-label/SECRETKEY ]; then
# break
# fi
# sleep 0.5
# done
#
# if [ ! -e /dev/disk/by-label/SECRETKEY ]; then
# echo "USB key not found; failing."
# exit 1
# fi
#
# mkdir -p /mnt-key
# mount -t vfat /dev/disk/by-label/SECRETKEY /mnt-key
#
# echo "Unlocking bcachefs..."
# ${pkgs.bcachefs-tools}/bin/bcachefs unlock \
# --keyfile /mnt-key/bcachefs.key \
# /dev/disk/by-uuid/YOUR_BCACHEFS_UUID
#
# umount /mnt-key
''; '';
}; };
}; };
# boot.initrd.systemd.services.unlock-primary = {
# description = "Unlock bcachefs root with key";
# wantedBy = [ "initrd-root-device.target" ];
# before = [ "initrd-root-device.target" ];
# unitConfig.DefaultDependencies = "no";
# serviceConfig = {
# Type = "oneshot";
# # Wait for USB disk; you can refine this with udev-based Wants=/Requires=
# ExecStart = pkgs.writeShellScript "bcachefs-unlock-initrd" ''
# echo "Waiting for USB key with label SECRETKEY..."
# for i in $(seq 1 20); do
# if [ -e /dev/disk/by-label/SECRETKEY ]; then
# break
# fi
# sleep 0.5
# done
#
# if [ ! -e /dev/disk/by-label/SECRETKEY ]; then
# echo "USB key not found; failing."
# exit 1
# fi
#
# mkdir -p /mnt-key
# mount -t vfat /dev/disk/by-label/SECRETKEY /mnt-key
#
# echo "Unlocking bcachefs..."
# ${pkgs.bcachefs-tools}/bin/bcachefs unlock \
# --keyfile /mnt-key/bcachefs.key \
# /dev/disk/by-uuid/YOUR_BCACHEFS_UUID
#
# umount /mnt-key
# '';
# };
# };
# Reset root # Reset root
# TODO # TODO