I am trying to get NixOS to prompt me for the ZFS password to decrypt and mount a non-boot vdev. I have followed the following two tutorials but am not getting anywhere:
https://nixos.wiki/wiki/ZFS
https://nixos.wiki/wiki/Remote_disk_unlocking
When I reboot after successfully rebuilding my configuration, the system seems to ignore the boot.initrd section. Rather than seeing any pause for password, it goes straight to the regular login prompt. I have tried multiple permutations and combinations, but am getting nowhere. Would appreciate any pointers.
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.supportedFilesystems = [ "zfs" ];
boot.zfs.forceImportRoot = false;
boot.kernelParams = [ "ip=dhcp" ];
boot.initrd.availableKernelModules = [ "r8169" ];
boot.initrd.network = {
enable = true;
ssh = {
enable = true; # Use a different port than your usual SSH port!
port = 2222;
hostKeys = [ /var/ssh/ssh_host_rsa_key ];
authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users);
};
postCommands = ''
echo "zfs load-key -a; killall zfs >> /root/.profile"
'';
};
networking = {
hostId = "8425e349";
hostName = "NixOS";
interfaces.enp1s0.ipv4.addresses = [{
address = "192.168.2.11";
prefixLength = 24;
}];
defaultGateway = "192.168.2.1";
nameservers = [ "192.168.100.100" "192.168.100.101" ];
firewall.enable = false;
};
time.timeZone = "America/Toronto";
users.users.MYUSER = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [ "AUTHORIZED KEYS GO HERE" ];
};
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
};
environment.systemPackages = with pkgs; [
vim
];
system.stateVersion = "23.11"; # Did you read the comment?
}