numbus/numbus-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

typo on boot*.nix and debugging disk unlocking

Browse Source
This commit is contained in:
Raphaël Numbus
2026-01-02 20:41:37 +01:00
parent 490c4429f0
commit 3418988c83
2 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deploy.sh
+6 -7
View File
@@ -474,7 +474,6 @@ EOF
echo -e "\n\n✅ Generating disko configuration from templates..." echo -e "\n\n✅ Generating disko configuration from templates..."
local TEMPLATE_FILE="templates/nix-config/disks/boot-${#BOOT_DISKS_ID[@]}.nix" local TEMPLATE_FILE="templates/nix-config/disks/boot-${#BOOT_DISKS_ID[@]}.nix"
(envsubst < "$TEMPLATE_FILE") > final-nix-config/etc/nixos/disks/disko.nix (envsubst < "$TEMPLATE_FILE") > final-nix-config/etc/nixos/disks/disko.nix
# Striped configuration # Striped configuration
if [[ "$CONTENT_DISK_NUMBER" -eq 1 && "$PARITY_DISK_NUMBER" -eq 0 ]]; then if [[ "$CONTENT_DISK_NUMBER" -eq 1 && "$PARITY_DISK_NUMBER" -eq 0 ]]; then
export j="1" export j="1"
@@ -536,28 +535,28 @@ EOF
### --> Generate unlock keys ### --> Generate unlock keys
for i in $(seq 1 "${#BOOT_DISKS_ID[@]}"); do for i in $(seq 1 "${#BOOT_DISKS_ID[@]}"); do
PASS="$(xkcdpass -d "-")" PASS="$(xkcdpass -n 1)"
echo -n "$PASS" > "final-nix-config/etc/secrets/disks/boot-disk-${i}" echo -n "$PASS" > "final-nix-config/etc/secrets/disks/boot-disk-${i}"
chmod 600 "final-nix-config/etc/secrets/disks/boot-disk-${i}" chmod 600 "final-nix-config/etc/secrets/disks/boot-disk-${i}"
ssh_to_host 'bash -s' << EOF ssh_to_host 'bash -s' << EOF
echo "$REMOTE_PASS" | sudo -S mkdir -p /etc/secrets/disks/ echo "$REMOTE_PASS" | sudo -S mkdir -p /etc/secrets/disks/
echo "$REMOTE_PASS" | sudo -S bash -c "echo '$PASS' > /etc/secrets/disks/boot-disk-${i}" echo "$REMOTE_PASS" | sudo -S bash -c "printf '%s' '$PASS' > /etc/secrets/disks/boot-disk-${i}"
EOF EOF
done done
for i in $(seq 1 "$CONTENT_DISK_NUMBER"); do for i in $(seq 1 "$CONTENT_DISK_NUMBER"); do
PASS="$(xkcdpass -d "-")" PASS="$(xkcdpass -n 1)"
echo -n "$PASS" > "final-nix-config/etc/secrets/disks/content-disk-${i}" echo -n "$PASS" > "final-nix-config/etc/secrets/disks/content-disk-${i}"
chmod 600 "final-nix-config/etc/secrets/disks/content-disk-${i}" chmod 600 "final-nix-config/etc/secrets/disks/content-disk-${i}"
ssh_to_host 'bash -s' << EOF ssh_to_host 'bash -s' << EOF
echo "$REMOTE_PASS" | sudo -S bash -c "echo '$PASS' > /etc/secrets/disks/content-disk-${i}" echo "$REMOTE_PASS" | sudo -S bash -c "printf '%s' '$PASS' > /etc/secrets/disks/content-disk-${i}"
EOF EOF
done done
for i in $(seq 1 "$PARITY_DISK_NUMBER"); do for i in $(seq 1 "$PARITY_DISK_NUMBER"); do
PASS="$(xkcdpass -d "-")" PASS="$(xkcdpass -n 1)"
echo -n "$PASS" > "final-nix-config/etc/secrets/disks/parity-disk-${i}" echo -n "$PASS" > "final-nix-config/etc/secrets/disks/parity-disk-${i}"
chmod 600 "final-nix-config/etc/secrets/disks/parity-disk-${i}" chmod 600 "final-nix-config/etc/secrets/disks/parity-disk-${i}"
ssh_to_host 'bash -s' << EOF ssh_to_host 'bash -s' << EOF
echo "$REMOTE_PASS" | sudo -S bash -c "echo '$PASS' > /etc/secrets/disks/parity-disk-${i}" echo "$REMOTE_PASS" | sudo -S bash -c "printf '%s' '$PASS' > /etc/secrets/disks/parity-disk-${i}"
EOF EOF
done done
templates/nix-config/disks/boot-2.nix
+2 -1
View File
@@ -24,7 +24,7 @@
type = "luks"; type = "luks";
name = "crypted-boot-1"; name = "crypted-boot-1";
settings = { settings = {
keyFile = "/etc/secrets/disks/boot-disk-2"; keyFile = "/etc/secrets/disks/boot-disk-1";
allowDiscards = true; allowDiscards = true;
}; };
}; };
@@ -44,6 +44,7 @@
type = "luks"; type = "luks";
name = "crypted-boot-2"; name = "crypted-boot-2";
settings = { settings = {
keyFile = "/etc/secrets/disks/boot-disk-2";
allowDiscards = true; allowDiscards = true;
}; };
content = { content = {