I’ve installed NixOS using the graphical installer where I enabled disk encryption. I am using a systemd boot.
When the computer starts, after the systemd menu, on stage 1 of NixOS boot process, I’m asked to enter the passphrase to decrypt the disk. As the characters, that I type, are invisible, I cannot tell how many I already typed. I want it to display * characters for each symbol.
I want this to be reproducible, so I am ideally looking for a fix inside the configuration.nix file.
You could enable systemd-initrd (note, this is different from systemd-boot).
boot.initrd.systemd.enable = true;
This is intended to be mostly compatible with the scripted initrd, and its password prompt does echo * characters by default.
This works as expected, thanks! However, I had this little script inside my configuration.nix file:
#Enable num lock early on boot
boot.initrd.extraUtilsCommands = ‘’
copy_bin_and_libs ${pkgs.kbd}/bin/setleds
‘’;
boot.initrd.preDeviceCommands = ‘’
INITTY=/dev/tty[1-6]
for tty in $INITTY; do
/bin/setleds -D +num < $tty
done
‘’;
which enabled numlock when typing the password by default. This is incompatible(?) with the solution you got, as I got error when doing nixos-rebuilt switch. Could I somehow restore this functionality?
Yea, the boot.initrd.*Commands options are not supported in systemd initrd, as they would be fairly counterproductive to its intended purpose of making initrd declarative. Instead, you can make systemd services. The api under boot.initrd.systemd.services is essentially the same as the api under systemd.services. So you have to make a systemd service that is properly ordered before and after the other units you care about, and boot.initrd.extraUtilsCommands is largely replaced with boot.initrd.systemd.initrdBin and boot.initrd.systemd.extraBin (see the man configuration.nix descriptions, or those at the options search).
It is more complicated, but it’s also drastically more useful. I think what your config would translate to would be something like this:
boot.initrd.systemd = {
enable = true;
extraBin.setleds = "${pkgs.kbd}/bin/setleds";
services.initty = {
wantedBy = ["initrd.target"];
before = ["systemd-udevd.service"]; # Should be equivalent to `preDeviceCommands`
serviceConfig.Type = "oneshot";
unitConfig.DefaultDependencies = false; # This is unfortunately common in systemd initrd because the dependencies are weirder.
script = ''
INITTY=/dev/tty[1-6]
for tty in $INITTY; do
/bin/setleds -D +num < $tty
done
'';
};
};
I know this is more complicated, but it’s much more useful. We could have provided compatibility layers for the boot.initrd.*Commands options, but opted not to because once you do that you might as well just be using scripted initrd with its imperative design; the declarative benefits would be reduced a lot.
Works as expected, thank you so much!
Happy to help 
/* here’s extra characters because my favorite catchphrase is too short for discourse */