fix(image): finally have working mount of encrypted volumes!
This commit is contained in:
parent
adb2e90c13
commit
10090a75b0
3 changed files with 30 additions and 23 deletions
pkgs/rootfs
|
|
@ -53,13 +53,6 @@ cat <<EOF > $out/etc/repart.d/22-root.conf
|
|||
Type=root
|
||||
EOF
|
||||
|
||||
mkdir $out/usr/lib/systemd/system/systemd-repart.service.d
|
||||
cat <<EOF > $out/usr/lib/systemd/system/systemd-repart.service.d/override.conf
|
||||
[Service]
|
||||
ExecStart=
|
||||
ExecStart=systemd-repart --dry-run=no --generate-crypttab=/etc/crypttab
|
||||
EOF
|
||||
|
||||
cat <<EOF > $out/etc/repart.d/40-var.conf
|
||||
[Partition]
|
||||
Type=var
|
||||
|
|
@ -69,26 +62,18 @@ Label=patos-state
|
|||
Minimize=off
|
||||
Encrypt=tpm2
|
||||
EncryptedVolume=patos-state:none:tpm2-device=auto,luks,discard
|
||||
MountPoint=/var
|
||||
FactoryReset=yes
|
||||
SizeMinBytes=1G
|
||||
SplitName=-
|
||||
EOF
|
||||
|
||||
# cat <<EOF > $out/usr/lib/systemd/system/var.mount
|
||||
# [Unit]
|
||||
# Description=Mount for /var
|
||||
# Before=local-fs.target
|
||||
# After=systemd-repart.service
|
||||
#
|
||||
# [Mount]
|
||||
# What=/dev/mapper/patos-state
|
||||
# Where=/var
|
||||
# Type=btrfs
|
||||
# Options=defaults
|
||||
#
|
||||
# [Install]
|
||||
# WantedBy=multi-user.target
|
||||
# EOF
|
||||
rm -f $out/etc/systemd/system.conf
|
||||
cat <<EOF > $out/etc/systemd/system.conf
|
||||
[Manager]
|
||||
DefaultEnvironment=PATH=/bin:/sbin:/usr/bin
|
||||
ManagerEnvironment=PATH=/bin:/sbin:/usr/bin SYSTEMD_CRYPTTAB=/run/crypttab SYSTEMD_SYSROOT_FSTAB=/run/fstab SYSTEMD_FSTAB=/run/fstab
|
||||
EOF
|
||||
|
||||
cat <<EOF > $out/usr/lib/systemd/system/etc.mount
|
||||
[Unit]
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue