From 7c3a79e6e9a8a1ef9126fcd9a76d023cb47b0ce9 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Fri, 5 Jun 2026 12:07:53 +0900 Subject: [PATCH] tsuki/initrd: rewrite disk unlocking mechanism to use systemd --- hosts/tsuki/configuration.nix | 33 ++++++++++++++++++++++++--------- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/hosts/tsuki/configuration.nix b/hosts/tsuki/configuration.nix index 2b516ed..ec07866 100644 --- a/hosts/tsuki/configuration.nix +++ b/hosts/tsuki/configuration.nix @@ -96,9 +96,9 @@ # its path before rebuilding once again. "/secrets/boot/ntfy_key" = config.sops.secrets."boot/ntfy_key".path; }; + network = { enable = true; - udhcpc.enable = true; flushBeforeStage2 = true; ssh = { enable = true; @@ -108,17 +108,32 @@ ]; hostKeys = [ "/etc/ssh/ssh_host_ed25519_key" ]; }; - postCommands = '' - export NIX_SSL_CERT_FILE='${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt' - export NTFY_KEY="$('${lib.getExe' pkgs.coreutils "cat"}' '/secrets/boot/ntfy_key')" + }; - '${lib.getExe pkgs.curl}' \ - -H "Title: tsuki reached ZFS unlocking stage" \ - -d "Please log in and fix :)" \ - "https://ntfy.sh/$NTFY_KEY" + systemd = { + enable = true; - echo 'zfs load-key -a; killall zfs; exit' >> /root/.profile + contents."/etc/profile".text = '' + zfs load-key -a + killall zfs + exit ''; + + services.notify-remote-disk-unlock = { + description = "Remote Disk Unlocking Notifier"; + wantedBy = [ "initrd.target" ]; + after = [ "systemd-networkd.service" ]; + serviceConfig.Type = "oneshot"; + environment.NIX_SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + script = '' + export NTFY_KEY="$('${lib.getExe' pkgs.coreutils "cat"}' '/secrets/boot/ntfy_key')" + + '${lib.getExe pkgs.curl}' \ + -H "Title: tsuki reached ZFS unlocking stage" \ + -d "Please log in and fix :)" \ + "https://ntfy.sh/$NTFY_KEY" + ''; + }; }; };