Config and mount a second LUKS encrypted device /dev/sdb

Help
1

Hi there,

I’m using unstable.

I have a first device /dev/sda with LUKS on LVM installed on /dev/sda2, containing all /boot , /home, /nix :

UUID of sda2 is : /dev/disk/by-uuid/f61551a2-96dc-4f50-8083-2b9a1edabef8;
UUID of root is : /dev/disk/by-uuid/e6e192ac-73e5-4a4c-976c-89ad69df553a

boot.initrd.luks.devices = [ {
                    name = "enc-pv";
                    preLVM = true;
                    device = "/dev/disk/by-uuid/f61551a2-96dc-4f50-8083-2b9a1edabef8";
                    allowDiscards = true;
                  }
                ];

Corresponding to this into hardware-configuration.nix :

  fileSystems."/" =
    { device = "/dev/disk/by-uuid/e6e192ac-73e5-4a4c-976c-89ad69df553a";
      fsType = "ext4";
    };

Everything works fine at this stage, boot and starting nix is ok.

Now, i want to extend my VPS storage by adding a second volume, /dev/sdb, also encrypted using LUKS.

Is there a way to config this into hardware-config.nix, without automount, and manually asking passphrase when i try to mount this vol ?

How i define this in hardware-config.nix ? I try to add something like that, but that don’t work at startup :

UUID returned by blkid /dev/sdb is 4de8a74e-d45c-4d1f-8b9f-d38bc91f7bba, but perhaps this is the other UUID after mounting crypted vol ?

 fileSystems."/data" =
    { device = "/dev/disk/by-uuid/4de8a74e-d45c-4d1f-8b9f-d38bc91f7bba";
      fsType = "ext4";
    };

Here the list of uuid :

Capture d’écran du 2020-08-31 22-46-21
Capture d’écran du 2020-08-31 22-46-21960×228 27.4 KB

2

Not sure I quite understand what you want to achieve, if you don’t want it to automount, you probably don’t need to put it in hardware-config.nix at all?

Just create a script to mount it manually? The script will automatically prompt for a password, and it could probably be added to configuration.nix.

Maybe this setting could be used for something like this as well?

fileSystems.<name>.encrypted.enable

The way I’ve found this to work with multiple disks, is to add this to configuration.nix:

 boot.initrd.luks.devices = { 
    "disk1" = {
      device = "/dev/disk/by-uuid/<uuid of the physical drive>";
      preLVM = true; # Do the luks thing before lvm
      allowDiscards = true;
    };
    
    "disk2" = {
      device = "/dev/disk/by-uuid/<physical uuid of disk2>";
      preLVM = true;
      allowDiscards = true;
    };
  };

If those disks have the same password, you only need to add the password once, because NixOS will try to automount the second disk using the same password (I think according to this, but haven’t looked deeply into it):

The disks are then available to mount to a folder in NixOS, typically using hardware-configuration.nix as this:

  fileSystems."/" =
    { device = "/dev/disk/by-uuid/<uuid of lvm group1>";
      fsType = "ext4";
    };

 fileSystems."/disk2folder" = {
    device = "/dev/disk/by-uuid/<uuid of lvm group2>";
    fsType = "ext4";
  };

I have not found a way to disable this mounting, unless the fileSystems.<name>.encrypted.enable works somehow. :slight_smile:

1 Like
3

Thanks for this answer,
Finally i remove the disk from automount, because like you said, i don’t found any option to automount after startup.