0084c41abf
/etc/crypttab can contain the _netdev option, which adds crypto devices to the remote-cryptsetup.target. remote-cryptsetup.target has a dependency on cryptsetup-pre.target. So let's add both of them. Currently, one needs to manually ssh in and invoke `systemctl start systemd-cryptsetup@<name>.service` to unlock volumes. After this change, systemd will properly add it to the target, and assuming remote-cryptsetup.target is pulled in somewhere, you can simply pass the passphrase by invoking `systemd-tty-ask-password-agent` after ssh-ing in, without having to manually start these services. Whether remote-cryptsetup.target should be added to multi-user.target (as it is on other distros) is part of another discussion - right now the following snippet will do: ``` systemd.targets.multi-user.wants = [ "remote-cryptsetup.target" ]; ``` |
||
|---|---|---|
| .. | ||
| loader | ||
| binfmt.nix | ||
| emergency-mode.nix | ||
| grow-partition.nix | ||
| initrd-network.nix | ||
| initrd-openvpn.nix | ||
| initrd-ssh.nix | ||
| kernel.nix | ||
| kernel_config.nix | ||
| kexec.nix | ||
| luksroot.nix | ||
| modprobe.nix | ||
| networkd.nix | ||
| pbkdf2-sha512.c | ||
| plymouth.nix | ||
| resolved.nix | ||
| shutdown.nix | ||
| stage-1-init.sh | ||
| stage-1.nix | ||
| stage-2-init.sh | ||
| stage-2.nix | ||
| systemd-lib.nix | ||
| systemd-nspawn.nix | ||
| systemd-unit-options.nix | ||
| systemd.nix | ||
| timesyncd.nix | ||
| tmp.nix | ||