kalipso/infrastructure
1
1
Fork 1
Code Issues 43 Pull Requests 3 Actions Projects 2 Releases Wiki Activity

Revert "[disko] Bit of a hack but the storage partition now gets mounted after zroot using a file on the disk."

Browse Source 
This reverts commit 4a67683462.
This commit is contained in:
ahtlon
2025-03-04 17:53:34 +01:00
parent c409c5d53b
commit 7c300eb385
4 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
machines/modules/disko/default.nix
View File

@@ -187,7 +187,6 @@ in
postCreateHook = lib.mkIf cfg.encryption '' postCreateHook = lib.mkIf cfg.encryption ''
zfs set keylocation="prompt" zroot/encrypted; zfs set keylocation="prompt" zroot/encrypted;
''; '';
}; };
"encrypted/root" = { "encrypted/root" = {
type = "zfs_fs"; type = "zfs_fs";
@@ -245,12 +244,13 @@ in
}; };
# use this to read the key during boot # use this to read the key during boot
postCreateHook = lib.mkIf cfg.encryption '' postCreateHook = lib.mkIf cfg.encryption ''
zfs set keylocation="file:///root/secret.key" storage/encrypted; zfs set keylocation="prompt" storage/encrypted;
''; '';
}; };
"encrypted/data" = { "encrypted/data" = {
type = "zfs_fs"; type = "zfs_fs";
mountpoint = "/data"; mountpoint = "/data";
options.mountpoint = "legacy";
}; };
"encrypted/data/microvms" = { "encrypted/data/microvms" = {
type = "zfs_fs"; type = "zfs_fs";
@@ -271,7 +271,7 @@ in
}; };
boot.zfs.devNodes = lib.mkDefault cfg.devNodes; boot.zfs.devNodes = lib.mkDefault cfg.devNodes;
boot.zfs.extraPools = lib.mkIf cfg.storage.enable [ "storage" ];
fileSystems."/".neededForBoot = true; fileSystems."/".neededForBoot = true;
fileSystems."/etc".neededForBoot = true; fileSystems."/etc".neededForBoot = true;
fileSystems."/boot".neededForBoot = true; fileSystems."/boot".neededForBoot = true;

2
machines/modules/malobeo/initssh.nix
View File

@@ -30,7 +30,9 @@ in
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = true;
supportedFilesystems = [ "vfat" "zfs" ]; supportedFilesystems = [ "vfat" "zfs" ];
zfs = { zfs = {
forceImportAll = true;
requestEncryptionCredentials = true; requestEncryptionCredentials = true;
}; };
initrd = { initrd = {
availableKernelModules = cfg.ethernetDrivers; availableKernelModules = cfg.ethernetDrivers;

2
machines/testvm/configuration.nix
View File

@@ -24,7 +24,7 @@ in
malobeo.disks = { malobeo.disks = {
enable = true; enable = true;
encryption = true; encryption = false;
hostId = "83abc8cb"; hostId = "83abc8cb";
devNodes = "/dev/disk/by-path/"; devNodes = "/dev/disk/by-path/";
root = { root = {

2
scripts/remote-install-encrypt.sh
View File

@@ -40,11 +40,9 @@ trap cleanup EXIT
# Create the directory where sshd expects to find the host keys # Create the directory where sshd expects to find the host keys
install -d -m755 "$temp/etc/ssh/" install -d -m755 "$temp/etc/ssh/"
install -d -m755 "$temp/root/"
diskKey=$(sops -d $pwpath/disk.key) diskKey=$(sops -d $pwpath/disk.key)
echo "$diskKey" > /tmp/secret.key echo "$diskKey" > /tmp/secret.key
echo "$diskKey" > $temp/root/secret.key
sops -d "$pwpath/$hostkey" > "$temp/etc/ssh/$hostname" sops -d "$pwpath/$hostkey" > "$temp/etc/ssh/$hostname"