EOF in backquote substitution error - Unlock encrypted zfs via ssh on boot

Help
1

I tried setting up “Unlock encrypted zfs via ssh on boot” following the manual.

My configuration.nix looks like this:

#Decrypt ZFS on boot throug SSH
    boot = {
      initrd.kernelModules = [ "igb" ];
      initrd.network = {
        enable = true;
        ssh = {
            enable = true;
            port = 2222;
            hostKeys = [ /data/ssh/initrd_host_ed_25519_key ];
            authorizedKeys = [
                "ssh-ed25519 KEY_PLACEHOLDER PCNAME_PLACEHOLDER"
            ];
        };
 postCommands = ''
       cat <<EOF > /root/.profile
       if pgrep -x "zfs" > /dev/null
       then
         zfs load-key -a
         killall zfs
       else
         echo "zfs not running -- maybe the pool is taking some time to load for some unforseen reason."
       fi
       EOF
     '';
   };
};

However when i nixos-rebuild switch, I get the following error:

building Nix...
building the system configuration...
these derivations will be built:
  /nix/store/00w8i0zd1hs01kzjw2r3fq5b7rsb7x3l-stage-1-init.sh.drv
  /nix/store/3ia6q2kq9vdi0a7lg9w940sy5ngsslyf-initrd-linux-5.10.93.drv
  /nix/store/zs44l1dk6sfxa87lm2b39nzmcg9gvy3i-nixos-system-vpn-21.11.335443.e84444b14cc.drv
building '/nix/store/00w8i0zd1hs01kzjw2r3fq5b7rsb7x3l-stage-1-init.sh.drv'...
checking syntax
/nix/store/fy20skrlfy2m4xka1rhyxax5n6lnrg32-stage-1-init.sh: line 776: warning: here-document at line 266 delimited by end-of-file (wanted `EOF')
/nix/store/fy20skrlfy2m4xka1rhyxax5n6lnrg32-stage-1-init.sh: line 269: syntax error: EOF in backquote substitution
builder for '/nix/store/00w8i0zd1hs01kzjw2r3fq5b7rsb7x3l-stage-1-init.sh.drv' failed with exit code 2
cannot build derivation '/nix/store/3ia6q2kq9vdi0a7lg9w940sy5ngsslyf-initrd-linux-5.10.93.drv': 1 dependencies couldn't be built
cannot build derivation '/nix/store/zs44l1dk6sfxa87lm2b39nzmcg9gvy3i-nixos-system-vpn-21.11.335443.e84444b14cc.drv': 1 dependencies couldn't be built
error: build of '/nix/store/zs44l1dk6sfxa87lm2b39nzmcg9gvy3i-nixos-system-vpn-21.11.335443.e84444b14cc.drv' failed

With --showtrace

building Nix...
building the system configuration...
these derivations will be built:
  /nix/store/52mgwnyglilyliy52j879bfi8b8sx8b9-nginx.conf.drv
  /nix/store/7vn8njsma07bdlir254lwwyyayldsx2i-stage-1-init.sh.drv
  /nix/store/mm25hkb1mjna48s13vwzczwsc51nfl50-unit-script-nginx-pre-start.drv
  /nix/store/q80dmqifiski4xbb4cs8nfv3z9738y2v-unit-nginx.service.drv
  /nix/store/myy18wn5nha53av1z50wnjhj5ibk1s07-system-units.drv
  /nix/store/9f7wwr4232kw2ymhx5irzdawbj5hqj5m-etc.drv
  /nix/store/v4ldcmmafkkrdqd8b5y99lgl4gn6c0xm-initrd-linux-5.10.93.drv
  /nix/store/va33lpmlx8g9idpcwvnhaf7h7nzh59bz-nixos-system-vpn-21.11.335443.e84444b14cc.drv
building '/nix/store/52mgwnyglilyliy52j879bfi8b8sx8b9-nginx.conf.drv'...
building '/nix/store/7vn8njsma07bdlir254lwwyyayldsx2i-stage-1-init.sh.drv'...
checking syntax
/nix/store/kisin7dwys3lg4bf0lcnv7ih50gxj40c-stage-1-init.sh: line 776: warning: here-document at line 266 delimited by end-of-file (wanted `EOF')
/nix/store/kisin7dwys3lg4bf0lcnv7ih50gxj40c-stage-1-init.sh: line 269: syntax error: EOF in backquote substitution
builder for '/nix/store/7vn8njsma07bdlir254lwwyyayldsx2i-stage-1-init.sh.drv' failed with exit code 2
cannot build derivation '/nix/store/v4ldcmmafkkrdqd8b5y99lgl4gn6c0xm-initrd-linux-5.10.93.drv': 1 dependencies couldn't be built
cannot build derivation '/nix/store/va33lpmlx8g9idpcwvnhaf7h7nzh59bz-nixos-system-vpn-21.11.335443.e84444b14cc.drv': 1 dependencies couldn't be built
error: build of '/nix/store/va33lpmlx8g9idpcwvnhaf7h7nzh59bz-nixos-system-vpn-21.11.335443.e84444b14cc.drv' failed

I’ve uncommented the post commands and tried rebuilding which works. However, when I connect through ssh in this state, it just takes me to an empty ash connection. Trying zfs load-key from here works but that doesn’t dismiss the password prompt on my server.

I’ve seen a bunch of posts talking about formatting issues (This for example) but I couldn’t find any extra characters or spacing issues with my code.

I also tried upgrading nixos from 21.5 to 21.11 which didn’t change anything.

I also tried using an this as postcommands:

echo "zfs load-key -a; killall zfs" >> /root/.profile

However, then I get the issue that the pool isn’t found (line 265 is the location of my postcommands in the built files) because it’s loaded after the post commands. I assume that this is why the code i’m trying to use above is better, because it checks for this.

image
image1920×1440 237 KB

Thank you in advance for your help! And please let me know if you require any additional info!

2

I’ve had this issue just now. For me specifically it was because I had an extra space at the end of each line in the postCommands snippet.
I imagine the space after the ending EOF was the one that mattered but I
made sure to delete each extra space at the end of every line just in case.
And it worked.

3

Thanks for your feedback!

I grabbed a fresh copy of the code from the wiki and removed only the space after the 2nd EOF to test your theory. No luck.

Then I tried removing all the space behind every line of the post commands, but I am still stuck with the same error.

Any chance you could send me the exact code snippet you are using?