[Nix-dev] Help wanted with Nixos on ZFS in an encrypted LUKS volume

Mark Gardner mkg at vt.edu
Mon Apr 3 15:42:02 CEST 2017


On Sun, Apr 2, 2017 at 3:06 PM, <nixos at vince.lol> wrote:

> Could some of you please take a look? I documented most of it in the gist
> here: https://gist.github.com/awesomefireduck/
> ffea6517042af87b8b7ef6ea1c7d50e3 . If you need more information I'd be
> happy to supply it.
>

​I have seen this before when I specified the wrong (non-LUKS) partition
in initrd.luks.devices but I don't see anything obviously wrong with your
configuration. Here is how I typically create a LUKS+ZFS+NixOS
installation. Hopefully this helps you identify what is going wrong.

### Create a LUKS+ZFS+NixOS installation
## I use /dev/sdaX instead of /dev/disk/by-id/xxxxxx-partX for convenience
but you should use by-id as it won't change when disks come and go.
# sgdisk -Z -n1:0:+512M -t1:EF00 -c1:EFI -n2:0:0 -t2:E800 -c2:LUKS -p
/dev/sda
# cryptsetup luksFormat --key-size 512 --hash sha512 --verify-passphrase
/dev/sda2
# cryptsetup open /dev/sda2 cdisk
# zpool create -o ashift=12 -o altroot=/mnt -m none -O atime=off -O
relatime=on -O compression=lz4 rpool /dev/mapper/cdisk  # take note of
hostid
# zfs create -o mountpoint=none rpool/root
# zfs create -o mountpoint=legacy rpool/root/nixos
# zfs create -o mountpoint=legacy rpool/home
# zfs create -o compression=off -V 1G rpool/swap
# mkfs.vfat -F 32 -n EFI /dev/sda1
# mkswap -L SWAP /dev/zvol/rpool/swap
# mount -t zfs rpool/root/nixos /mnt
# mkdir /mnt/boot
# mount /dev/sda1 /mnt/boot
# mkdir /mnt/home
# mount -t zfs rpool/home /mnt/home
# swapon /dev/zvol/rpool/swap
# zpool set bootfs=rpool/root/nixos rpool
# nixos-generate-config --root /mnt
# cd /mnt/etc/nixos
# mv configuration.nix configuration.nix.orig
# cat <<EOF >configuration.nix
{ config, pkgs, ... }:

{
  imports =
    [
      ./hardware-configuration.nix
    ];

  # Use the systemd-boot EFI boot loader.
  boot = {
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };
    supportedFilesystems = [ "zfs" ];
    initrd.luks.devices = [
      { name = "cdisk"; device = "/dev/sda2"; }
    ];
  };

  networking = {
    hostName = "nixos";
    hostId = "05f35ae3";  # use hostid SPL picked above
  };
  system.stateVersion = "16.09";
}
# EOF
# time nixos-install 2>&1 | tee install.log  # 9m0.236s
# reboot

Mark
-- 
Mark Gardner
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20170403/3ddaa6fd/attachment.html>


More information about the nix-dev mailing list