Skip to content

Commit 5c71d5b

Browse files
committed
fix(postboot): prompt for password in release installer
List of changes: - Use systemd-ask-password for passphrase prompting - Retry LUKS resize until successful - Run post-boot script via boot.postBootCommands - Update extendbtrfs service dependencies - Fix screen text wrapping issue. Signed-off-by: Vunny Sodhi <vunny.sodhi@unikie.com>
1 parent df394b5 commit 5c71d5b

File tree

2 files changed

+19
-19
lines changed

2 files changed

+19
-19
lines changed

modules/partitioning/btrfs-postboot.nix

Lines changed: 15 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ let
2020
parted
2121
lvm2
2222
coreutils
23+
systemd
2324
]
2425
++ lib.optionals config.ghaf.storage.encryption.enable [
2526
cryptsetup
@@ -93,11 +94,16 @@ let
9394
''
9495
# Release mode: prompt user for password
9596
echo "LUKS container needs to be resized to use full disk space."
96-
echo "Please enter your disk encryption password:"
97-
cryptsetup resize -v crypted 2>&1 || {
98-
echo "WARNING: LUKS resize failed. You may need to resize manually later."
99-
echo "Run: cryptsetup resize crypted && pvresize /dev/mapper/crypted && lvextend -l +100%FREE /dev/pool/persist"
100-
}
97+
while true; do
98+
PASSPHRASE=$(systemd-ask-password --timeout=0 "Enter encryption PIN / password:");
99+
100+
if printf '%s' "$PASSPHRASE" | cryptsetup resize -v crypted 2>&1; then
101+
echo "LUKS resize successful"
102+
break
103+
fi
104+
echo "Resize failed. Retrying in 2 seconds..."
105+
sleep 2
106+
done
101107
''
102108
}
103109
fi
@@ -124,19 +130,9 @@ in
124130
config = lib.mkIf enable {
125131

126132
# To debug postBootCommands, one may run
127-
# journalctl -u resize-partitions.service
133+
# journalctl -u initrd-nixos-activation.service
128134
# inside the running Ghaf host.
129-
systemd.services.resize-partitions = {
130-
description = "Resize partitions and filesystems on first boot";
131-
wantedBy = [ "multi-user.target" ];
132-
after = [ "local-fs.target" ];
133-
requires = [ "local-fs.target" ];
134-
serviceConfig = {
135-
Type = "oneshot";
136-
RemainAfterExit = true;
137-
ExecStart = "${postBootCmds}/bin/postBootScript";
138-
};
139-
};
135+
boot.postBootCommands = "${postBootCmds}/bin/postBootScript";
140136

141137
systemd.services.extendbtrfs =
142138
let
@@ -153,8 +149,8 @@ in
153149
enable = true;
154150
description = "Extend the btrfs filesystem";
155151
wantedBy = [ "multi-user.target" ];
156-
after = [ "resize-partitions.service" ];
157-
requires = [ "resize-partitions.service" ];
152+
after = [ "persist.mount" ];
153+
requires = [ "persist.mount" ];
158154
serviceConfig = {
159155
Type = "oneshot";
160156
RemainAfterExit = true;

modules/partitioning/deferred-disk-encryption.nix

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -137,6 +137,10 @@ let
137137
sleep 2
138138
fi
139139
140+
# Ensure terminal is correctly configured for interaction
141+
export TERM=linux
142+
stty cols 256 2>/dev/null || true
143+
140144
echo "+--------------------------------------------------------+"
141145
echo "| First Boot - Disk Encryption Setup |"
142146
echo "+--------------------------------------------------------+"

0 commit comments

Comments
 (0)