(address . bug-guix@gnu.org)
Hi!
Following the example in 6.2.4 Mapped Devices
(mapped-device
(source "/dev/sda3")
(target "home")
(type luks-device-mapping))
I chose not to use the UUID alternative for encrypted root; I'm terrible
at memorizing and typing UUIDs. So I used this snippet (full
bare-luks.scm below)
(mapped-device
;; This does not work
(source "/dev/nvme0n1p1")
;; This works (output of cryptsetup luksUUID /dev/nvme0n1p1)
;; (source (uuid "50d96f54-1dbb-48f8-bca5-2f1feb5ff144"))
(target "guix")
(type luks-device-mapping))
For disk partitioning, I did
cryptsetup luksFormat /dev/nvme0n1p1
cryptsetup open --type=luks /dev/nvme0n1p1 guix
mkfs.ext4 -L guix /dev/mapper/guix
then install, something like
mount /dev/mapper/guix /mnt
herd start cow-store /mnt
guix system init /mnt/root/bare-luks.scm /mnt
After booting I get
Device /dev/nvme0n1p1 doesn't exist or access denied
Using the luksUUID, it works. Except for this hurdle a pleasant and
straighforward fresh install :-)
Greetings,
janneke
Toggle snippet (10 lines)
;; lsblk.out
;; NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
;; sda 8:0 1 14.5G 0 disk
;; ??sda1 8:1 1 1.4G 0 part
;; ??sda2 8:2 1 40M 0 part
;; nvme0n1 259:0 0 477G 0 disk
;; ??nvme0n1p1 259:1 0 477G 0 part
;; ??guix 253:0 0 477G 0 crypt /mnt
Toggle snippet (55 lines)
;; bare-luks.scm
(use-modules (gnu))
(use-service-modules networking ssh)
(use-package-modules screen ssh)
(define %supplementary-groups '("wheel" "netdev" "audio" "video" "lp" "kvm"))
(operating-system
(host-name "dundal")
(timezone "Europe/Amsterdam")
(locale "en_US.utf8")
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
(target "/dev/nvme0n1")))
(mapped-devices
(list (mapped-device
;; This does not work
(source "/dev/nvme0n1p1")
;; This works (output of cryptsetup luksUUID /dev/nvme0n1p1)
;; (source (uuid "50d96f54-1dbb-48f8-bca5-2f1feb5ff144"))
(target "guix")
(type luks-device-mapping))))
(file-systems
(cons* (file-system (title 'device)
(device "/dev/mapper/guix")
(mount-point "/")
(type "ext4")
(dependencies mapped-devices))
%base-file-systems))
(groups
(cons* (user-group (name "janneke"))
%base-groups))
(users
(cons* (user-account
(name "janneke")
(group "janneke")
(uid 1000)
(supplementary-groups %supplementary-groups)
(home-directory "/home/janneke"))
%base-user-accounts))
(packages (cons* screen openssh wpa-supplicant-minimal %base-packages))
(services (cons* (dhcp-client-service)
(console-keymap-service "dvorak" "ctrl")
(service openssh-service-type
(openssh-configuration
(port-number 2222)
(permit-root-login #t)
(allow-empty-passwords? #f)
(password-authentication? #t)))
%base-services)))
--
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com| Avatar® http://AvatarAcademy.com