geoffrey/dotfiles
geoffrey/dotfiles
1
0
Fork 0
Code Issues 7 Pull requests Releases Activity

Fix LUKS on pindakaas

Browse source 
It took 3 days to investigate by myself and only get a partial idea of
the issue, but 5 minutes to ask for support and another 5 to get a
working solution.
Hopefully lesson learned.
This commit is contained in:
Geoffrey Frogeye 2023-11-29 23:00:46 +01:00
parent 29504dab6c
commit 36608fa9e4
Signed by: geoffrey
GPG key ID: C72403E7F82E6AD8
8 changed files with 71 additions and 147 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
pindakaas/hardware.nix
View file

@ -9,6 +9,9 @@
# nixos-hardware use latest kernel by default. It has been set a while ago, we maybe don't need it anymore? # nixos-hardware use latest kernel by default. It has been set a while ago, we maybe don't need it anymore?
kernelPackages = pkgs.linuxPackages; kernelPackages = pkgs.linuxPackages;
# Otherwise it will not show stage1 echo and prompt
kernelParams = ["console=tty0"];
# Pinebook supports UEFI, at least when tow-boot is installed on the SPI # Pinebook supports UEFI, at least when tow-boot is installed on the SPI
loader = { loader = {
# EFI Variables don't work (no generation appears in systemd-boot) # EFI Variables don't work (no generation appears in systemd-boot)

64
pindakaas_sd/disko-desired.nix
View file

@ -1,64 +0,0 @@
{
disko.devices = {
disk = {
pindakaas_sd = {
type = "disk";
device = "/dev/disk/by-id/mmc-SN32G_0xfb19ae99";
content = {
type = "gpt";
partitions = {
ESP = {
# Needs enough to store multiple kernel generations
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "pindakaas_sd";
#passwordFile = "/tmp/secret.key"; # Commented out so asked interactively
settings = {
# Not having SSDs die fast is more important than crypto
# nerds that could potentially discover which filesystem I
# use from TRIM patterns
allowDiscards = true;
};
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/nixos" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "relatime" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
# Maybe later
# "/swap" = {
# mountpoint = "/.swapvol";
# swap.swapfile.size = "20M";
# };
};
};
};
};
};
};
};
};
}

38
pindakaas_sd/disko-hanging.nix
View file

@ -1,38 +0,0 @@
{
disko.devices = {
disk = {
vdb = {
type = "disk";
device = "/dev/disk/by-id/mmc-SN32G_0xfb19ae99";
content = {
type = "gpt";
partitions = {
ESP = {
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
settings.allowDiscards = true;
passwordFile = "/tmp/secret.key";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
};
}

32
pindakaas_sd/disko-working.nix
View file

@ -1,32 +0,0 @@
{
disko.devices = {
disk = {
vdb = {
type = "disk";
device = "/dev/disk/by-id/mmc-SN32G_0xfb19ae99";
content = {
type = "gpt";
partitions = {
ESP = {
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

1
pindakaas_sd/disko.nix
View file

@ -1 +0,0 @@
disko-hanging.nix

65
pindakaas_sd/disko.nix Normal file
View file

@ -0,0 +1,65 @@
{
disko.devices = {
disk = {
pindakaas_sd = {
type = "disk";
device = "/dev/disk/by-id/mmc-SN32G_0xfb19ae99";
content = {
type = "gpt";
partitions = {
ESP = {
# Needs enough to store multiple kernel generations
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "pindakaas_sd";
passwordFile = "/tmp/secret.key"; # TODO Generate this somehow
settings = {
# Not having SSDs die fast is more important than crypto
# nerds that could potentially discover which filesystem I
# use from TRIM patterns
allowDiscards = true;
};
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/nixos" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "relatime" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
# Maybe later
# "/swap" = {
# mountpoint = "/.swapvol";
# swap.swapfile.size = "20M";
# };
};
};
};
};
};
};
};
};
};
}

1
pindakaas_sd/hybrid Symbolic link
View file

@ -0,0 +1 @@
/nix/store/bz6nqy0ky5l33rfrkb6k66bzkgw18k90-nixos-system-pindakaas_sd-23.05.4981.5b528f99f73c

6
pindakaas_sd/options.nix
View file

@ -1,6 +0,0 @@
{ ... }:
{
# Barebones is faster to test partition schemes
frogeye.dev.ansible = false;
frogeye.dev.python = false;
}

8
pindakaas_sd/os.nix
View file

@ -1,15 +1,11 @@
{ pkgs, config, ... }: { pkgs, config, ... }:
{ {
imports = [ imports = [
# START DEBUG ../os
# ../os ../pindakaas/options.nix
# ./options.nix
"${builtins.fetchTarball "https://github.com/nix-community/disko/archive/3cb78c93e6a02f494aaf6aeb37481c27a2e2ee22.tar.gz"}/module.nix"
# END DEBUG
../pindakaas/hardware.nix ../pindakaas/hardware.nix
./disko.nix ./disko.nix
]; ];
nixpkgs.config.allowUnfree = true; # DEBUG
networking.hostName = "pindakaas_sd"; networking.hostName = "pindakaas_sd";
} }