I have attached a config I just did `sudo guix system reconfigure`
and confirmed it was missing the `insmod luks` in /boot/grub/grub.cfg
Sorry for the delay,
Tadhg McD-J
On 2024-07-23 2:19 p.m., Tomas Volf wrote:
> On 2024-05-25 10:30:49 -0400, Tadhg McDonald-Jensen wrote:
>> That unfortunately doesn't fix the problem,
>> `luks-device-mapping-with-options` is a routine that returns the
>> `mapped-device-kind` so it won't check by equality.
>>
>> A possible solution is to check whether the `mapped-device-kind-close`
>> routines are the same as these are shared.
>
> What I find interesting is that I too am using
> luks-device-mapping-with-options
> and my system boots just fine. So I wonder what the difference is. Could you
> share your system configuration please? Or at least the relevant parts (I
> assume at least bootloader, file-systems and mapped-devices fields)?
>
> I would like to properly understand the problem here and why it works for me.
>
> Thanks,
> Tomas Volf
>
> --
> There are only two hard things in Computer Science:
> cache invalidation, naming things and off-by-one errors.
(use-modules
(gnu)
((guix packages) #:select (origin base32 modify-inputs package-source package-inputs package))
((guix download) #:select (url-fetch))
((guix gexp) #:select(file-append))
((gnu packages freedesktop) #:select(fprintd))
((gnu packages suckless) #:select(slock))
((gnu packages games) #:select (steam-devices-udev-rules))
((gnu packages linux) #:select (brightnessctl))
((gnu packages wm) #:select (swaylock))
((gnu packages cups) #:select (cups cups-filters epson-inkjet-printer-escpr hplip-minimal))
((gnu services cups) #:select (cups-service-type cups-configuration))
((gnu services nfs) #:select (nfs-service-type nfs-configuration))
((gnu services desktop) #:select (sane-service-type bluetooth-service-type %desktop-services elogind-service-type elogind-configuration))
;;((gnu services docker) #:select(docker-service-type))
((gnu services virtualization) #:select(qemu-binfmt-service-type qemu-binfmt-configuration lookup-qemu-platforms libvirt-service-type))
((gnu services nix) #:select (nix-service-type))
((gnu services networking) #:select (ipfs-service-type ipfs-configuration))
((gnu services syncthing) #:select (syncthing-service-type syncthing-configuration))
((gnu services sound) #:select (pulseaudio-service-type pulseaudio-configuration))
((gnu services audio) #:select (mpd-service-type mpd-configuration))
((gnu services xorg) #:select (xorg-server-service-type gdm-service-type screen-locker-service screen-locker-service-type xorg-configuration set-xorg-configuration))
;;((gnu services authentication) #:select (fprintd-service-type))
((gnu services file-sharing) #:select (transmission-daemon-service-type transmission-daemon-configuration))
((gnu services pm) #:select (tlp-service-type tlp-configuration thermald-service-type))
)
(define username "tadhg")
;; commit 39a9404 in guix broke this, a function in the os checks for equality with luks-device-mapping as the type and only puts the
;; needed commands into grub.cfg if it identifies it that way, so this makes grub just not try to mount the encrypted device which
;; obviously causes it to fail. I will need to submit a bug report and get it properly fixed but for now I will just need to
;; continue to type my decryption password twice.
(define cryptroot-type (luks-device-mapping-with-options
;; NOTE: when specified as a string this is a path relative to the initrd internal filesystem
;; which is populated by the cpio file passed as 'extra-initrd' to grub.
;; if it was (local-file "/crypto_keyfile.bin") it would copy the file on the local filesystem
;; to the initrd, but it would also put a copy of it in the guix store which is globally readable
;; (it'd also be readable from the initrd which is also in the guix store so even if it
;; wasn't copied in there'd be a problem)
;; if this file ever needs to be recaptured use the command `cpio -i /crypto_keyfile.bin < /crypto_keyfile.cpio` run as root and it will restore this file to the root directory.
#:key-file "/crypto_keyfile.bin"))
(operating-system
(locale "en_CA.utf8")
(timezone "America/Toronto")
(keyboard-layout (keyboard-layout "us"))
(host-name "framework")
;; The list of user accounts ('root' is implicit).
(users (cons*
(user-account
(name username)
(comment "Tadhg McDonald-Jensen")
(group "users")
(home-directory "/home/tadhg")
(supplementary-groups '("wheel" ;; for sudo access
"netdev" ;; TODO: what is this for?
"audio" ;; to be able to use alsamixer etc
"video" ;; think this is to control brightness
"scanner" ;; for scanning
"input" ;; to control caps lock light
)))
%base-user-accounts))
(bootloader (bootloader-configuration
(bootloader grub-efi-bootloader)
(targets (list "/boot"))
(keyboard-layout keyboard-layout)
(extra-initrd "/crypto_keyfile.cpio")
))
(mapped-devices (list (mapped-device
(source (uuid
"c0010d06-0bd1-4ae2-93e6-f2f89a3a670b"))
(target "cryptroot")
(type cryptroot-type))))
;;(type luks-device-mapping))))
(swap-devices (list (swap-space
(target "/swapfile")
;; TODO: see example about btrfs mounting in docs about swap, just depending on mapped-devices isn't sufficient to guarentee the root partition is mounted.
(dependencies mapped-devices))))
;; The list of file systems that get "mounted". The unique
;; file system identifiers there ("UUIDs") can be obtained
;; by running 'blkid' in a terminal.
(file-systems (cons* (file-system
(mount-point "/boot")
(device (uuid "5190-E840" 'fat32))
(type "vfat"))
(file-system
(mount-point "/")
(device "/dev/mapper/cryptroot")
(type "btrfs")
(flags '(lazy-time))
(options
(alist->file-system-options
'(("compress" . "lzo"))))
(dependencies mapped-devices))
%base-file-systems))
(packages (append
(list) ;;os-packages
%base-packages))
;; Below is the list of system services. To search for available
;; services, run 'guix system search KEYWORD' in a terminal.
(services
(cons*
(service xorg-server-service-type) ;; needed for display (kind of important)
(modify-services
%desktop-services
;;(guix-service-type config => (tadhg:substitutes config))
(elogind-service-type
config =>
(elogind-configuration
(inherit config)
(handle-power-key 'hibernate)
;;(idle-action 'suspend)
;;(handle-lid-switch 'ignore)
))
(delete gdm-service-type)
)))
;; allow using .local with mdns resolution, used for printer in particular
(name-service-switch %mdns-host-lookup-nss)
)
