Remote disk unlocking: Difference between revisions
imported>Fadenb m Fix & html |
imported>Onny Add bcachefs remote unlocking |
||
Line 49: | Line 49: | ||
== Tips and tricks == | == Tips and tricks == | ||
=== Bcachefs unlocking === | |||
Unlocking encrypted Bcachefs root filesystems is [https://github.com/NixOS/nixpkgs/issues/291529 not yet supported]. As a workaround, following script can be used as SSH shell, to unlock the disk <code>/dev/vda2</code>. | |||
{{file|/etc/nixos/configuration.nix|nix|<nowiki> | |||
boot.initrd.systemd = let | |||
askPass = pkgs.writeScriptBin "bcachefs-askpass" '' | |||
#!/bin/sh | |||
keyctl link @u @s | |||
mkdir /sysroot | |||
until bcachefs mount /dev/vda2 /sysroot | |||
do | |||
sleep 1 | |||
done | |||
''; | |||
in { | |||
enable = true; | |||
initrdBin = with pkgs; [ keyutils ]; | |||
storePaths = ["${askPass}/bin/bcachefs-askpass"]; | |||
users.root.shell = "${askPass}/bin/bcachefs-askpass"; | |||
}; | |||
}; | |||
</nowiki>}} | |||
Using systemd in initrd automatically continues the boot process after the target <code>/sysroot</code> is mounted. | |||
=== Tor in initrd === | === Tor in initrd === |