tootbrutehmm nixos on root failed.
error: Path "/tmp" is world-writable or a symlink. That's not allowed for security.
let's try again.
hmm need to find a NixOS zfs on root with native encryption tutorial.
don't want unencrypted, and don't want LUKS
openzfs only gives those options
https://openzfs.github.io/openzfs-docs/Getting%20Started/NixOS/Root%20on%20ZFS.html
ok got further but...still error using the nixos.org/wiki stuff
Mount point '/boot' which backs the random seed file is world accessible, which is a security hole! ⚠️
⚠️ Random seed file '/boot/loader/random-seed' is world accessible, which is a security hole! ⚠️
Random seed file /boot/loader/random-seed successfully refreshed (32 bytes).
Created EFI boot entry "Linux Boot Manager".
Traceback (most recent call last):
File "/nix/store/jzs1byj1ss0h3y76n23q1cxggi4rv13w-systemd-boot/bin/systemd-boot", line 452, in <module>
main()
~~~~^^
File "/nix/store/jzs1byj1ss0h3y76n23q1cxggi4rv13w-systemd-boot/bin/systemd-boot", line 435, in main
install_bootloader(args)
~~~~~~~~~~~~~~~~~~^^^^^^
File "/nix/store/jzs1byj1ss0h3y76n23q1cxggi4rv13w-systemd-boot/bin/systemd-boot", line 329, in install_bootloader
run(
~~~^
[f"{SYSTEMD}/bin/bootctl", f"--esp-path={EFI_SYS_MOUNT_POINT}"]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+ bootctl_flags
^^^^^^^^^^^^^^^
+ ["install"]
^^^^^^^^^^^^^
)
^
File "/nix/store/jzs1byj1ss0h3y76n23q1cxggi4rv13w-systemd-boot/bin/systemd-boot", line 58, in run
return subprocess.run(cmd, check=True, text=True, stdout=stdout)
~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/nix/store/qwb5ygz9k8gs5ql9bpxbrsrv12r1icgm-python3-3.13.12/lib/python3.13/subprocess.py", line 577, in run
raise CalledProcessError(retcode, process.args,
output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['/nix/store/y2rzx7s3kr3v95rsrl2141s8vaa4mkjf-systemd-258.5/bin/bootctl', '--esp-path=/boot', 'install']' returned non-zero exit status 1.
Failed to install bootloader
ok. i got the furthest using the unofficial wiki
https://nixos.wiki/wiki/ZFS
but....on reboot, it can't mount the ZFS pool which seems less than ideal.
enter passphrase for 'zpool':
1 / 1 keys succesfully loaded
mounting zpool/root cannot be mounted using mount
use zfs set mountpoint=legacy or zfs mount zpool/root
see zfs(8) for more information
retrying...
ok this looks good (5 years old though...hmm)
Kaybee's toots@tootbrute
Check my Config:
https://git.kb-one.de/Serverraum-mit-Matratze/infra/src/branch/main/systems/x86_64-linux/mow0m/hardware.nix
The Mirrored Boot works, but I couldn't figure out, how to setup Remote-Unlock via SSH, before the system boots... It's something with networking I didn't get arround fixing
