New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
swapDevices.*.encrypted doesn't work #66406
Comments
Hmm, I'm not sure it's possible that way. If you do, you cannot use Summary: |
Our script that swapons the device doesn't seem to care about |
Yes, suspend to disk was what I was aiming for! There was a stackexchange answer which said it could/ should be done with a separate partition and I think this was also the idea behind the options given by To tell the truth I find the current |
@luis-hebendanz, I'm fairly certain you have blkDevice and device reversed. If I'm understanding the documentation correctly (and that's how I have mine setup), then device is supposed to be the unencrypted block device (e.g. |
@gcoakes |
@luis-hebendanz, not with |
Hello, I'm a bot and I thank you in the name of the community for opening this issue. To help our human contributors focus on the most-relevant reports, I check up on old issues to see if they're still relevant. This issue has had no activity for 180 days, and so I marked it as stale, but you can rest assured it will never be closed by a non-human. The community would appreciate your effort in checking if the issue is still valid. If it isn't, please close it. If the issue persists, and you'd like to remove the stale label, you simply need to leave a comment. Your comment can be as simple as "still important to me". If you'd like it to get more attention, you can ask for help by searching for maintainers and people that previously touched related code and @ mention them in a comment. You can use Git blame or GitHub's web interface on the relevant files to find them. Lastly, you can always ask for help at our Discourse Forum or at #nixos' IRC channel. |
Why is this closed? Has anyone confirmed that {
swapDevices = [ {
device = "/dev/disk/by-uuid/...ad"; # unlocked device
encrypted = {
enable = true;
blkDev = "/dev/disk/by-uuid/...a2"; # encrypted partition
keyFile = "/keyfile-swap.bin";
label = "swap";
};
} ];
} |
Can confirm it still doesn't work. My setup's essentially the same. {
swapDevices = lib.mkForce [
{
device = "/dev/disk/by-uuid/31183799-..."; # my decrypted partition in /dev/mapper
encrypted = {
enable = true;
keyFile = "/mnt-root/persist/swap.key";
label = "swap";
blkDev = "/dev/disk/by-uuid/b63bf5df-..."; # my encrypted LUKS partition
};
}
];
} However, mine fails for another reason. It doesn't even seem to mount and open up the encrypted partition. Instead it waits for the |
For me, unlocking the swap device works (supposedly even in stage 1, at least no error is reported), and it also ends up activated, but resume does not work. I have the following config: {
swapDevices = [{
device = "/dev/mapper/cryptswap";
encrypted = {
enable = true;
keyFile = "/mnt-root/root/swap.key"; #Yes, /mnt-root is correct.
label = "cryptswap";
blkDev = "/dev/disk/by-uuid/...";
};
}];
} Maybe there is a logical error in the lines following https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/system/boot/stage-1-init.sh#L465 ? Edit: Indeed |
@wucke13 what would be a way to fix it ? PR and fixing https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/system/boot/stage-1-init.sh#L465 ? Could you open a PR for this issue ? Or should I give a try at fixing it ? Just changing |
I have the same problem as the original issue. (using nixos-unstable) it seems that the luks device is not getting unlocked automatically at boot. So in stage 2 nixos is waiting for the swap device to get online and it will eventually boot without the swap partition. |
I'm having the same issue as well. I just disabled my swap until I figure out how to fix it. |
FYI I found one hibernation/resume success on encrypted swap partition in 2022 https://discourse.nixos.org/t/unable-hibernate-with-encrypted-swap/23418/4 Otherwise there seems to be another way through a swap file, on a partition system encrypted with LUKS. And another success here too. |
Describe the bug
The
swapDevices.*.encrypted
does not work. It tries to swapon the partition containing the luks container instead of the luks container itself.To Reproduce
$ fdisk -l
$ lsblk -o name,uuid
$ nixos-rebuild switch
I tried switching the uuids around or having the same uuids in blkDev as in device but with no success.
Metadata
The text was updated successfully, but these errors were encountered: