boot.initrd.postDeviceCommands waiting for device

I currently have this in my configuration.nix and my /dev/nvme0n1p1 device encrypted by LUKS.
(Just to test) I added this small command to boot.initrd.postDeviceCommands.
But when starting the computer, after executing the command it waits for the device infinitely.
Do you have an idea why ?

boot.initrd.extraUtilsCommands = ''
    copy_bin_and_libs ${pkgs.cryptsetup}/bin/cryptsetup

  boot.initrd.kernelModules = ["vfat" "nls_cp437" "nls_iso8859-1" "usbhid" "alx"];

  boot.initrd.postDeviceCommands = ''
    echo -n "dummy" | cryptsetup luksOpen /dev/nvme0n1p1 nixos-luks

I have a very similar setup, and my cryptsetup luksOpen commands are issued in the boot.initrd.preLVMCommands hook, although I don’t use LVM at all. Maybe try to move it there?

Also (I think with 5.8) there was a change that required cryptsetup to work with the encrypted-key feature. I had to add the following to my kernel modules:

  boot.initrd.availableKernelModules = [ "sha256-ssse3" "aesni_intel" "xts" "cbc" "gf128mul" "gcm" ];

Could you give me more details about your setup because it does not seem to work for me?

My setup is almost exactly like yours, except that my key material isn’t “echo dummy”, and that I am using the preLVMCommand hook for my cryptsetup.

Try to change:

  boot.initrd.postDeviceCommands = ''
    echo -n "dummy" | cryptsetup luksOpen /dev/nvme0n1p1 nixos-luks
    ls -l /dev/mapper/nixos-luks || sh

If your cryptsetup command is successful, you should see a /dev/mapper/nixos-luks device. Otherwise, you get dropped into a shell to fix it. You could also read your /init script to see if that script is looking for “nixos-luks” or is blocked by something else.

1 Like