kalipso/infrastructure
1
1
Fork 1
Code Issues 42 Pull Requests 2 Actions Projects 2 Releases Wiki Activity

Compare commits

base: kalipso:4d4e9d980b5ac86b104d84ab504e4864f8442c0d
Branches Tags
kalipso:master kalipso:vaultwarden kalipso:staging kalipso:script kalipso:zineshop kalipso:nextcloud_upgrade_31 kalipso:printer-module kalipso:microvm-dirs kalipso:sanoid kalipso:issue77 kalipso:reproducible-deployments kalipso:reproducible-deployments-filestructure kalipso:issue31 kalipso:microvm-module kalipso:issue47 kalipso:hostbuilder kalipso:better-workflows kalipso:issue51 kalipso:local-testing-v2 kalipso:gitea kalipso:fileserver
..
compare: kalipso:script
Branches Tags
kalipso:vaultwarden kalipso:master kalipso:staging kalipso:script kalipso:zineshop kalipso:nextcloud_upgrade_31 kalipso:printer-module kalipso:microvm-dirs kalipso:sanoid kalipso:issue77 kalipso:reproducible-deployments kalipso:reproducible-deployments-filestructure kalipso:issue31 kalipso:microvm-module kalipso:issue47 kalipso:hostbuilder kalipso:better-workflows kalipso:issue51 kalipso:local-testing-v2 kalipso:gitea kalipso:fileserver

1 Commits
4d4e9d980b ... script

Author SHA1 Message Date
ahtlon
ee24f8a4a9 change script to first import storage before unlocking root
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m36s
Details
2025-11-15 15:43:34 +01:00
3 changed files with 6 additions and 12 deletions
Expand all files Collapse all files

1
machines/fanny/configuration.nix
View File

@@ -86,7 +86,6 @@ in
enable = true;
authorizedKeys = sshKeys.admins;
ethernetDrivers = ["r8169"];
zfsExtraPools = [ "storage" ];
};
boot.initrd = {

9
machines/modules/malobeo/initssh.nix
View File

@@ -22,11 +22,6 @@ in
description = "Ethernet drivers to load: run `lspci -k | grep -iA4 ethernet`";
example = "r8169";
};
zfsExtraPools = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = "Name or GUID of extra ZFS pools that you wish to import during boot.";
};
};
config = lib.mkIf (cfg.enable && config.malobeo.disks.encryption) {
@@ -37,12 +32,11 @@ in
zfs = {
forceImportAll = true;
requestEncryptionCredentials = true;
extraPools = cfg.zfsExtraPools;
};
initrd = {
availableKernelModules = cfg.ethernetDrivers;
systemd = {
initrdBin = [ pkgs.busybox pkgs.wireguard-tools pkgs.iproute2 ];
enable = true;
network.enable = true;
};
@@ -62,7 +56,6 @@ in
path = with pkgs; [ zfs ];
serviceConfig.Type = "oneshot";
script = ''
zpool import storage
echo "zfs load-key -a; killall zfs; systemctl default" >> /var/empty/.profile
'';
};

8
scripts/unlock-boot.sh
View File

@@ -24,14 +24,16 @@ diskkey=$(sops -d machines/$hostname/secrets/disk.key)
echo
if [ $# = 1 ]
then
echo "$diskkey" | ssh $sshoptions root@$hostname-initrd "systemd-tty-ask-password-agent" #root
ssh $sshoptions root@$hostname-initrd "zpool import -a"
echo "$diskkey" | ssh $sshoptions root@$hostname-initrd "zfs load-key storage/encrypted" #root
echo "$diskkey" | ssh $sshoptions root@$hostname-initrd "systemd-tty-ask-password-agent" #data
elif [ $# = 2 ]
then
ip=$2
echo "$diskkey" | ssh $sshoptions root@$ip "systemd-tty-ask-password-agent" #root
echo "$diskkey" | ssh $sshoptions root@$ip "systemd-tty-ask-password-agent" #data
ssh $sshoptions root@$ip "zpool import -a"
echo "$diskkey" | ssh $sshoptions root@$ip "zfs load-key storage/encrypted"
echo "$diskkey" | ssh $sshoptions root@$ip "systemd-tty-ask-password-agent"
else
echo