On Sat, 29 Aug 2015 16:59:00 +0100 Tomasz Czyż <[email protected]> wrote:
> Hi,
>
> Yesterday I've set up nix for the first time. Awesome project!
>
> I was struggling with ubuntu/debian to set up encrypted boot
> partition, but here worked with first boot! Nice stuff!
>
> But I've problem with mounting root partition at this stage.
>
> My setup
>
> --------------------------------------------
> | BOOT | ROOT |
> --------------------------------------------
> | ext4 | zfs |
> --------------------------------------------
> | enc_boot | enc_root1, enc_root2, ... |
> --------------------------------------------
> | md_boot | sda3, sdb3, sdc3, sdd3 |
> --------------------------------------------
> | sda2, sdb2...|
> ----------------
>
> So, boot is on encrypted partition on top of RAID1 (mdadm). There is
> a file root.key to unlock 4 root partitions.
>
> Root is a ZFS system, on top of 4 encrypted volumes, crypted with
> root.key (which is on boot partition).
>
> Working part:
> During the boot, I'm asked about the password to boot partition, and
> boot partition is unlocked.
>
> Not working part:
> After unlocking boot and loading initrd there is a problem, zfs
> defined in config (with UUID) cannot be found or mounted – because 4
> root partitions are not unlocked.
>
> In configuration.nix I've added bootloader directive
>
> boot.initrd.postMountCommands = "cryptsetup luksOpen --key-file
> /mnt-root/boot/root.key /dev/sda3 root1; cryptsetup luksOpen
> --key-file /mnt/root/boot/root.key /dev/sdb3 root2.......";
>
> but this part is not working. I cannot access root.key, probably boot
> partition is not mounted there. I don't know how to activate shell
> there to investigate stuff.
Guessing here, but try calling
/nix/store/*-extra-utils/bin/busybox sh
from postMountCommands? You could also try finding the path to
busybox within your initrd and filling in the full path:
$ nix-store -qR /run/current-system | grep 'initrd$'
/nix/store/ig0y1a7d5153rb61m4hyfgzflqkx6kbj-initrd
$ gunzip -ck /nix/store/ig0y1a7d5153rb61m4hyfgzflqkx6kbj-initrd/initrd | cpio
-it | grep 'extra-utils/bin/busybox$'
nix/store/hyjs4vanbas2z1lh6gawyrb3ngznw2v6-extra-utils/bin/busybox
39975 blocks
Hope that helps,
Bryan
> Do you know by any chance how I can automatically unlock other
> partitions from boot partitions and mount zfs after that?
>
> Cheers,
> Tomasz Czyż
pgpxBQzW5G2xs.pgp
Description: OpenPGP digital signature
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
