Skip to content

vm test not respecting disko.tests.extraConfig disko overwrites #1185

New issue
New issue
Open
Open
vm test not respecting disko.tests.extraConfig disko overwrites#1185
@BerriJ

Description

@BerriJ
BerriJ
opened on Jan 2, 2026

@Lassulus @Enzime as discussed at 39C3:

I created this simple flake to demonstrate the problem.

To reproduce

  1. Clone flake
  2. Run:
❯ nix run github:nix-community/nixos-anywhere -- \
  --flake .#test \
  --vm-test

The disko config has a luks partition and usually it uses passwordFile to provide a password that must be provided during boot to unlock.

For the VM-Test, we need non-interactive unlocking. So I:

  • Wrote a systemd service that writes /tmp/secret.key during boot (I need that since I use systemd in stage 1).
  • Set disko.devices.disk.main.content.partitions.main.content.settings.keyFile = "/tmp/secret.key"; in disko.tests.extraConfig

Like this (see here:

disko.tests.extraConfig = {

  # This does not work
  disko.devices.disk.main.content.partitions.main.content.settings.keyFile = "/tmp/secret.key";

  boot.initrd = {
    systemd = {
      services = {
        createLuksKeyFileFile = {
          enable = lib.mkDefault true;
          description = "Create LUKS password file for Disko";
          wantedBy = [ "sysinit.target" ];
          before = [
            "sysinit.target"
            "systemd-cryptsetup.service"
          ];
          path = [ pkgs.coreutils ]; # Makes echo, tee, etc. available
          script = "umask 077; echo -n 'secretsecret' > /tmp/secret.key;";
          unitConfig = {
            DefaultDependencies = "no";
          };
          serviceConfig = {
            Type = "oneshot";
          };
        };
      };
    };
    luks.devices = {
      main = {
        # Works if I do the overwrite here
        # keyFile = "/tmp/secret.key";
      };
    };
  };
};

But it turns out, this does not work. A workaround is to set the keyFile path directly in boot.initrd.luks.devices but if we want to overwrite other disko options (like a partition size for example) we do not have that workaround available.

Interestingly nix repl shows the correct value in both cases (disko overwrite vs. boot overwrite):

nix repl .
Nix 2.31.2+1
Type :? for help.
warning: Git tree '/home/jonathan/git/DSEE/NIXOS/disko-reprex' is dirty
Loading installable 'git+file:///home/jonathan/git/DSEE/NIXOS/disko-reprex#'...
Added 1 variables.
nixosConfigurations
nix-repl> nixosConfigurations.test.config.virtualisation.vmVariantWithDisko.boot.initrd.luks.devices.main.keyFile
"/tmp/secret.key"

When you use the disko overwrite, it will simply ask for a password during boot of the VM. So it seems the keyFile option is not properly propagated although nix repl shows it correctly.

With the help of Claude Opus 4.5 I was able to craft a PR to fix this: #1184 but honestly I do not understand it fully so I'd be thankful for a review on that.

If you want to try my PR, just use my disko as input of the flake config:

    disko = {
      url = "github:berrij/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions