add remote zfs unlock
This commit is contained in:
parent
7347183da7
commit
5c9d04d69b
2 changed files with 31 additions and 13 deletions
|
|
@ -51,7 +51,7 @@
|
||||||
|
|
||||||
swapDevices =
|
swapDevices =
|
||||||
[ {
|
[ {
|
||||||
device = "/dev/disk/by-partuuid/5c3e37ec-c277-4487-8169-813446a5f723";
|
device = "/dev/disk/by-partuuid/7e7d0e0b-90b7-465c-a022-089b38e0f16d";
|
||||||
randomEncryption = true;
|
randomEncryption = true;
|
||||||
} ];
|
} ];
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -11,21 +11,39 @@
|
||||||
networking.hostId = "41ba28ff";
|
networking.hostId = "41ba28ff";
|
||||||
boot = {
|
boot = {
|
||||||
kernelPackages = let
|
kernelPackages = let
|
||||||
zfsCompatibleKernelPackages = lib.filterAttrs (
|
zfsCompatibleKernelPackages = lib.filterAttrs (
|
||||||
name: kernelPackages:
|
name: kernelPackages:
|
||||||
(builtins.match "linux_[0-9]+_[0-9]+" name) != null
|
(builtins.match "linux_[0-9]+_[0-9]+" name) != null
|
||||||
&& (builtins.tryEval kernelPackages).success
|
&& (builtins.tryEval kernelPackages).success
|
||||||
&& (!kernelPackages.${config.boot.zfs.package.kernelModuleAttribute}.meta.broken)
|
&& (!kernelPackages.${config.boot.zfs.package.kernelModuleAttribute}.meta.broken)
|
||||||
) pkgs.linuxKernel.packages;
|
) pkgs.linuxKernel.packages;
|
||||||
latestKernelPackage = lib.last (
|
latestKernelPackage = lib.last (
|
||||||
lib.sort (a: b: (lib.versionOlder a.kernel.version b.kernel.version)) (
|
lib.sort (a: b: (lib.versionOlder a.kernel.version b.kernel.version)) (
|
||||||
builtins.attrValues zfsCompatibleKernelPackages
|
builtins.attrValues zfsCompatibleKernelPackages
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
in latestKernelPackage;
|
in latestKernelPackage;
|
||||||
supportedFilesystems = [ "zfs" ];
|
supportedFilesystems = [ "zfs" ];
|
||||||
kernelParams = [ "nohibernate" ];
|
kernelParams = [ "nohibernate" ];
|
||||||
plymouth.enable = false;
|
plymouth.enable = false;
|
||||||
tmp.useTmpfs = true;
|
tmp.useTmpfs = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# unlock over ssh
|
||||||
|
boot.initrd.network = {
|
||||||
|
enable = true;
|
||||||
|
ssh = {
|
||||||
|
enable = true;
|
||||||
|
port = 2222;
|
||||||
|
hostKeys = [ /etc/secrets/initrd/ssh_host_rsa_key ];
|
||||||
|
authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJl9iYG5oHBq/poBn7Jf1/FGWWbAnbx+NKjs7qtT3uAK 0xa@toaster 2024-12-31" ];
|
||||||
|
};
|
||||||
|
postCommands = ''
|
||||||
|
zpool import -a
|
||||||
|
echo "zfs load-key -a; killall zfs" >> /root/.profile
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
# support for network
|
||||||
|
boot.initrd.kernelModules = [ "igc" "i40e" "mt7921e" ];
|
||||||
|
boot.kernelModules = [ "igc" "i40e" "mt7921e" ];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue