Add results from LUKS debugging session

This commit is contained in:
Geoffrey Frogeye 2023-11-29 11:39:58 +01:00
parent 6444f8f517
commit 5e456c54a7
Signed by: geoffrey
GPG key ID: C72403E7F82E6AD8
6 changed files with 142 additions and 104 deletions

View file

@ -7,7 +7,7 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
# Parse arguments # Parse arguments
function help { function help {
echo "Usage: $0 profile [-e]" echo "Usage: $0 [-e] [-h] profile"
echo echo
echo "Arguments:" echo "Arguments:"
echo " file: OS/disk profile to use" echo " file: OS/disk profile to use"

View file

@ -0,0 +1,64 @@
{
disko.devices = {
disk = {
pindakaas_sd = {
type = "disk";
device = "/dev/disk/by-id/mmc-SN32G_0xfb19ae99";
content = {
type = "gpt";
partitions = {
ESP = {
# Needs enough to store multiple kernel generations
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "pindakaas_sd";
#passwordFile = "/tmp/secret.key"; # Commented out so asked interactively
settings = {
# Not having SSDs die fast is more important than crypto
# nerds that could potentially discover which filesystem I
# use from TRIM patterns
allowDiscards = true;
};
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/nixos" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "relatime" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
# Maybe later
# "/swap" = {
# mountpoint = "/.swapvol";
# swap.swapfile.size = "20M";
# };
};
};
};
};
};
};
};
};
}

View file

@ -0,0 +1,38 @@
{
disko.devices = {
disk = {
vdb = {
type = "disk";
device = "/dev/disk/by-id/mmc-SN32G_0xfb19ae99";
content = {
type = "gpt";
partitions = {
ESP = {
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
settings.allowDiscards = true;
passwordFile = "/tmp/secret.key";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
};
}

View file

@ -0,0 +1,32 @@
{
disko.devices = {
disk = {
vdb = {
type = "disk";
device = "/dev/disk/by-id/mmc-SN32G_0xfb19ae99";
content = {
type = "gpt";
partitions = {
ESP = {
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

View file

@ -1,101 +0,0 @@
{
disko.devices = {
disk = {
pindakaas_sd = {
type = "disk";
device = "/dev/disk/by-id/mmc-SN32G_0xfb19ae99";
content = {
type = "gpt";
partitions = {
ESP = {
# Needs enough to store multiple kernel generations
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
root = {
size = "100%";
# content = {
# type = "filesystem";
# format = "ext4";
# mountpoint = "/";
# };
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/nixos" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "relatime" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
# Maybe later
# "/swap" = {
# mountpoint = "/.swapvol";
# swap.swapfile.size = "20M";
# };
};
};
};
# FIXME Hang on Linux boot, for some reason
# luks = {
# size = "100%";
# content = {
# type = "luks";
# name = "pindakaas_sd";
# # disable settings.keyFile if you want to use interactive password entry
# #passwordFile = "/tmp/secret.key"; # Interactive
# settings = {
# # Not having SSDs die fast is more important than crypto
# # nerds that could potentially discover which filesystem I
# # use from TRIM patterns
# allowDiscards = true;
# # keyFile = "/tmp/secret.key";
# fallbackToPassword = true; # TEST
# };
# # additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
# content = {
# type = "btrfs";
# extraArgs = [ "-f" ];
# subvolumes = {
# "/nixos" = {
# mountpoint = "/";
# mountOptions = [ "compress=zstd" "noatime" ];
# };
# "/home" = {
# mountpoint = "/home";
# mountOptions = [ "compress=zstd" "relatime" ];
# };
# "/nix" = {
# mountpoint = "/nix";
# mountOptions = [ "compress=zstd" "noatime" ];
# };
# # Maybe later
# # "/swap" = {
# # mountpoint = "/.swapvol";
# # swap.swapfile.size = "20M";
# # };
# };
# };
# };
# };
};
};
};
};
};
}

1
pindakaas_sd/disko.nix Symbolic link
View file

@ -0,0 +1 @@
disko-hanging.nix

View file

@ -1,11 +1,15 @@
{ pkgs, config, ... }: { pkgs, config, ... }:
{ {
imports = [ imports = [
../os # START DEBUG
# ../os
# ./options.nix
"${builtins.fetchTarball "https://github.com/nix-community/disko/archive/3cb78c93e6a02f494aaf6aeb37481c27a2e2ee22.tar.gz"}/module.nix"
# END DEBUG
../pindakaas/hardware.nix ../pindakaas/hardware.nix
./disko.nix ./disko.nix
./options.nix
]; ];
nixpkgs.config.allowUnfree = true; # DEBUG
networking.hostName = "pindakaas_sd"; networking.hostName = "pindakaas_sd";
} }