fix manual decrypt

2024-10-23 06:18:52 +08:00 · 2023-08-02 14:24:25 +08:00 · 2023-08-02 14:24:25 +08:00 · b20aecca1f
commit b20aecca1f
parent af1a9c5a0a
2 changed files with 21 additions and 6 deletions
--- a/flake.nix
+++ b/flake.nix
@ -299,7 +299,8 @@
 								decrypt.manual =
 								{
 									enable = true;
-									devices = { "/dev/disk/by-uuid/cc0c27bb-15b3-4932-98a9-583b426002be" = "root"; };
+									devices."/dev/disk/by-uuid/cc0c27bb-15b3-4932-98a9-583b426002be" = { mapper = "root"; ssd = true; };
+									delayedMount = [ "/" ];
 								};
 								rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
 							};
@ -318,7 +319,7 @@
 							{
 								grub.installDevice = "/dev/disk/by-path/pci-0000:05:00.0";
 								network.enable = true;
-								sshd.enable = true;
+								sshd = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
 							};
 							system.hostname = "vps6";
 						};})
--- a/modules/fileSystems/default.nix
+++ b/modules/fileSystems/default.nix
@ -27,7 +27,19 @@ inputs:
 			manual =
 			{
 				enable = mkOption { type = types.bool; default = false; };
-				devices = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
+				devices = mkOption
+				{
+					type = types.attrsOf (types.submodule
+					{
+						options =
+						{
+							mapper = mkOption { type = types.nonEmptyStr; };
+							ssd = mkOption { type = types.bool; default = false; };
+						};
+					});
+					default = {};
+				};
+				delayedMount = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
 			};
 		};
 		mdadm = mkOption { type = types.nullOr types.str; default = null; };
@ -145,7 +157,9 @@ inputs:
 									modprobe vhci-hcd
 									busid=$(usbip list -r 127.0.0.1 | head -n4 | tail -n1 | awk '{print $1}' | sed 's/://')
 									usbip attach -r 127.0.0.1 -b $busid
-									${concatStringsSep "; " (map (device: "systemd-cryptsetup attach ${device.value} ${device.name}")
+									${concatStringsSep "\n" (map
+										(device: "systemd-cryptsetup attach ${device.value.mapper} ${device.name}"
+											+ ''${if device.value.ssd then "discards" else ""}'')
 										(attrsToList fileSystems.decrypt.manual.devices))}
 								");
 							};
@ -162,8 +176,8 @@ inputs:
 						};
 					};
 					fileSystems = listToAttrs (map
-						(device: { name = device; value.options = [ "x-systemd.device-timeout=10min" ]; })
-						fileSystems.decrypt.manual.devices);
+						(mount: { name = mount; value.options = [ "x-systemd.device-timeout=15min" ]; })
+						fileSystems.decrypt.manual.delayedMount);
 				}
 			)
 			# mdadm