[Nix-dev] systemd in initrd

Tue Oct 21 23:53:29 CEST 2014

Some more update about systemd in initrd and luks.
I've managed to use systemd-cryptsetup and not only use a keyfile, but also
ask for the password.

Additionally, in the nixos test I've added an argument "interactive", so
that one can manually test the password prompt:

nix-build nixos/tests/luks.nix -A driver --arg interactive true
result/bin/nixos-run-vms

Branch: https://github.com/lethalman/nixpkgs/tree/systemd

Will come back later to luks (missing yubikey support). Next step is lvm.

On Tue, Oct 21, 2014 at 12:52 AM, Luca Bruno <lethalman88 at gmail.com> wrote:

> Update on systemd-initrd: basic luks support.
>
> I've been able to create a very basic nixos test for luks with keyfile [1]
> (ignore the overrides needed for the test, and the vda disk setup).
> Not yet asking for a password, it's a simple script and it's not using
> cryptsetup from systemd.
> The preLVM is not needed anymore. Whether you want to run luksOpen before
> or after a service (lvm being such a service) is about writing systemd
> dependences.
>
> E.g. for emulating the old preLVM = false:
>
> boot.initrd.systemd.services.cryptsetup-luksroot = {
>   requires = [ "lvm-foo.service" ];
>   after = [ "lvm-foo.service" ];
> };
>
> Note there's still no lvm service in my branch.
>
> What we gain:
> - Currently the luks script waits in a loop sleep 1 second until both the
> device and the keyfile appear. With systemd, this is immediate using udev
> (.device) and inotify (.path).
> - Being able to move every single cryptsetup wherever you want during the
> boot process.
>
> Thanks to shlevy for helping with the test overrides ;)
>
> [1] https://github.com/lethalman/nixpkgs/blob/systemd/nixos/tests/luks.nix
>
>

-- 
www.debian.org - The Universal Operating System
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20141021/2f7aa64b/attachment.html 