I have a working configuration with a Luks-encrypted root filesystem on two devices (btrfs). I do not use postBootCommands (except to set up encrypted swap). I set
boot.initrd.luks.devices = [{ device = "/dev/..."; name = (pick any name);} {device = ...; name = ...;}]; boot.initrd.supportedFilesystems = [ "btrfs" ]; I don't know if there's anything similar if you're not using Luks. Let me know if this helps. James On 29 August 2015 at 10:23, Bryan Gardiner <b...@khumba.net> wrote: > On Sat, 29 Aug 2015 16:59:00 +0100 > Tomasz Czyż <tomasz.c...@gmail.com> wrote: > >> Hi, >> >> Yesterday I've set up nix for the first time. Awesome project! >> >> I was struggling with ubuntu/debian to set up encrypted boot >> partition, but here worked with first boot! Nice stuff! >> >> But I've problem with mounting root partition at this stage. >> >> My setup >> >> -------------------------------------------- >> | BOOT | ROOT | >> -------------------------------------------- >> | ext4 | zfs | >> -------------------------------------------- >> | enc_boot | enc_root1, enc_root2, ... | >> -------------------------------------------- >> | md_boot | sda3, sdb3, sdc3, sdd3 | >> -------------------------------------------- >> | sda2, sdb2...| >> ---------------- >> >> So, boot is on encrypted partition on top of RAID1 (mdadm). There is >> a file root.key to unlock 4 root partitions. >> >> Root is a ZFS system, on top of 4 encrypted volumes, crypted with >> root.key (which is on boot partition). >> >> Working part: >> During the boot, I'm asked about the password to boot partition, and >> boot partition is unlocked. >> >> Not working part: >> After unlocking boot and loading initrd there is a problem, zfs >> defined in config (with UUID) cannot be found or mounted – because 4 >> root partitions are not unlocked. >> >> In configuration.nix I've added bootloader directive >> >> boot.initrd.postMountCommands = "cryptsetup luksOpen --key-file >> /mnt-root/boot/root.key /dev/sda3 root1; cryptsetup luksOpen >> --key-file /mnt/root/boot/root.key /dev/sdb3 root2......."; >> >> but this part is not working. I cannot access root.key, probably boot >> partition is not mounted there. I don't know how to activate shell >> there to investigate stuff. > > Guessing here, but try calling > > /nix/store/*-extra-utils/bin/busybox sh > > from postMountCommands? You could also try finding the path to > busybox within your initrd and filling in the full path: > > $ nix-store -qR /run/current-system | grep 'initrd$' > /nix/store/ig0y1a7d5153rb61m4hyfgzflqkx6kbj-initrd > > $ gunzip -ck /nix/store/ig0y1a7d5153rb61m4hyfgzflqkx6kbj-initrd/initrd | cpio > -it | grep 'extra-utils/bin/busybox$' > nix/store/hyjs4vanbas2z1lh6gawyrb3ngznw2v6-extra-utils/bin/busybox > 39975 blocks > > Hope that helps, > Bryan > >> Do you know by any chance how I can automatically unlock other >> partitions from boot partitions and mount zfs after that? >> >> Cheers, >> Tomasz Czyż > > _______________________________________________ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev > _______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev