https://github.com/NixOS/nixpkgs/issues/65680#issuecomment-864289312
It’s quite old but I’m using it on my system without problems
https://github.com/NixOS/nixpkgs/pull/126289
It’s basically ready, but it needs some discussion about what to do with modules creating unsafe (permission-wise) wrappers.
https://github.com/NixOS/nixpkgs/pull/129279
Would much appreciate a swift review if possible, I’ve got about a dozen more PRs that I’m gonna open after this, they all depend on this though since it adds me as a maintainer
https://github.com/NixOS/nixpkgs/pull/129387
https://github.com/NixOS/nixpkgs/pull/129388
https://github.com/NixOS/nixpkgs/pull/129389
https://github.com/NixOS/nixpkgs/pull/129390
https://github.com/NixOS/nixpkgs/pull/129423
https://github.com/NixOS/nixpkgs/pull/129426
I think this small PR would be a useful change in default behavior for boot.initrd.secrets
to allow secrets with paths within /run/keys
to avoid extra copies onto disk-backed filesystems. This also makes them easier to use them for ZFS native encryption key file arguments and recreating the initrd from the secrets already in /run/keys
.
PTAL, thank you!
Please help test the Pantheon 6 upgrade (detailed instructions provided) if you are interested in that.