I have a system with / on one zpool and /home on another. I named them rpool (root) and dpool (data). dpool is LUKS underneath ZFS (left over from the original installation in 2019) while rpool is native ZFS encryption (set up later). LUKS is configured to decrypt dpool by password and by using a file which is accessible after rpool has been unlocked. Issue: the unlock order appears to be alphabetical because dpool is attempted first and rpool thereafter resulting in the need to type two passphrases rather than one. Solution: rename rpool to pool0 and dpool to pool1 so alphabetical order is the correct order.
Since dpool isn’t needed to boot, I was able to login as root on console, rename the pool, update the hardware-configuration.nix, rebuild, and successfully reboot.
For rpool, I booted the NixOS 24.05 installer and the boot froze with “Initramfs unpacking failed: ZSTD-compressed data is corrupt”. I suspect that this is a bug in the installer. I found a post giving a work around of using the 23.05 installer. So I booted 23.05, unlocked the LUKS partitions, rename rpool to pool0 when importing, mount everything (including /boot), and updated hardware-configuration.nix. The rebuild resulted in an error: efiSysMountPoint = '/boot' is not a mounted partition. Is the path configured correctly?
.
For the time being, I’ve reverted everything back to using rpool and it boots fine. But I’d like to clean up this loose end someday. Any suggestions?
One additional wrinkle that may have bearing: the machine has two SSDs I intended to mirror /boot for resiliency. That was before I found out that UEFI doesn’t support mirroring. :frown: (I vastly prefer the simplisity of systemd-boot to grub so I gave up on mirroring.) I don’t think the second SSD would cause the problem I’m seeing because it isn’t used and because the configuration works fine as long as the root pool is named rpool. I just can’t boot an installer, rename, and rebuild successfully.
Here are the relevant parts of configuration.nix:
boot.loader.systemd-boot.enable = true;
boot.supportedFilesystems = [ "zfs" ]; # needed?
boot.zfs.requestEncryptionCredentials = true; # unlook rpool
boot.kernelPackages = pkgs.zfs.latestCompatibleLinuxPackages; # make sure kernel supports ZFS
boot.initrd.luks.devices."cdisk0".device = "/dev/disk/by-partuuid/<part1>";
boot.initrd.luks.devices."cdisk0".keyFile = "/mnt-root/etc/nixos/poolkey";
boot.initrd.luks.devices."cdisk0".fallbackToPassword = true;
boot.initrd.luks.devices."cdisk1".device = "/dev/disk/by-partuuid/<part2>";
boot.initrd.luks.devices."cdisk1".keyFile = "/mnt-root/etc/nixos/poolkey";
boot.initrd.luks.devices."cdisk1".fallbackToPassword = true;
And hardware-configuraion.nix:
fileSystems."/" =
{ device = "rpool/root/nixos";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/<label>";
fsType = "vfat";
};
fileSystems."/home" =
{ device = "pool1/home";
fsType = "zfs";
};