From 86e90d0fdbf62120fefa1e41bdc6f92e329c064e Mon Sep 17 00:00:00 2001
From: lassulus <git@lassul.us>
Date: Mon, 10 Jul 2023 18:59:25 +0200
Subject: [PATCH 1/4] types luks: pass keyFile to nixos config

---
 lib/types/luks.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/types/luks.nix b/lib/types/luks.nix
index 786de43..e834684 100644
--- a/lib/types/luks.nix
+++ b/lib/types/luks.nix
@@ -81,7 +81,11 @@
       readOnly = true;
       default = [ ]
         # If initrdUnlock is true, then add a device entry to the initrd.luks.devices config.
-        ++ (lib.optional config.initrdUnlock [{ boot.initrd.luks.devices.${config.name}.device = config.device; }])
+        ++ (lib.optional config.initrdUnlock [{
+          boot.initrd.luks.devices.${config.name} = {
+            inherit (config) device keyFile;
+          };
+        }])
         ++ (lib.optional (config.content != null) config.content._config);
       description = "NixOS configuration";
     };

From b22ebd5ecd5129308d32b80bd118f0b5510bb30e Mon Sep 17 00:00:00 2001
From: lassulus <git@lassul.us>
Date: Tue, 11 Jul 2023 09:11:06 +0200
Subject: [PATCH 2/4] tests: get rid of OCR, generate keyFile in preDevice

---
 tests/cli.nix      | 4 ----
 tests/complex.nix  | 4 ----
 tests/lib.nix      | 6 +++---
 tests/luks-lvm.nix | 5 +----
 tests/module.nix   | 4 ----
 tests/zfs.nix      | 5 -----
 6 files changed, 4 insertions(+), 24 deletions(-)

diff --git a/tests/cli.nix b/tests/cli.nix
index e73ebe1..a75b934 100644
--- a/tests/cli.nix
+++ b/tests/cli.nix
@@ -18,10 +18,6 @@ makeDiskoTest {
     machine.succeed("mountpoint /ext4onzfs");
     machine.succeed("mountpoint /ext4_on_lvm");
   '';
-  bootCommands = ''
-    machine.wait_for_console_text("vda")
-    machine.send_console("secretsecret\n")
-  '';
   extraConfig = {
     boot.kernelModules = [ "dm-raid" "dm-mirror" ];
   };
diff --git a/tests/complex.nix b/tests/complex.nix
index df111a6..2ab9994 100644
--- a/tests/complex.nix
+++ b/tests/complex.nix
@@ -17,10 +17,6 @@ makeDiskoTest {
     machine.succeed("mountpoint /ext4onzfs");
     machine.succeed("mountpoint /ext4_on_lvm");
   '';
-  bootCommands = ''
-    machine.wait_for_console_text("vda")
-    machine.send_console("secretsecret\n")
-  '';
   extraConfig = {
     boot.kernelModules = [ "dm-raid" "dm-mirror" ];
   };
diff --git a/tests/lib.nix b/tests/lib.nix
index 98d43ce..05985ca 100644
--- a/tests/lib.nix
+++ b/tests/lib.nix
@@ -12,7 +12,6 @@
     , extraConfig ? { }
     , grub-devices ? [ "nodev" ]
     , efi ? true
-    , enableOCR ? false
     , postDisko ? ""
     , testMode ? "module" # can be one of direct module cli
     , testBoot ? true # if we actually want to test booting or just create/mount
@@ -55,8 +54,10 @@
         documentation.enable = false;
         hardware.enableAllFirmware = lib.mkForce false;
         networking.hostId = "8425e349"; # from profiles/base.nix, needed for zfs
-        boot.kernelParams = lib.mkIf enableOCR [ "console=tty0" ]; # needed for OCR
         boot.zfs.devNodes = "/dev/disk/by-uuid"; # needed because /dev/disk/by-id is empty in qemu-vms
+        boot.initrd.preDeviceCommands = ''
+          echo -n 'secretsecret' > /tmp/secret.key
+        '';
 
         boot.consoleLogLevel = lib.mkForce 100;
         boot.loader.grub = {
@@ -75,7 +76,6 @@
     makeTest' {
       name = "disko-${name}";
 
-      inherit enableOCR;
       nodes.machine = { pkgs, modulesPath, ... }: {
         imports = [
           (lib.optionalAttrs (testMode == "module") {
diff --git a/tests/luks-lvm.nix b/tests/luks-lvm.nix
index 04c5668..5ac82b1 100644
--- a/tests/luks-lvm.nix
+++ b/tests/luks-lvm.nix
@@ -4,12 +4,9 @@
 makeDiskoTest {
   name = "luks-lvm";
   disko-config = ../example/luks-lvm.nix;
+  extraConfig.boot.initrd.luks.devices.crypted.preLVM = false;
   extraTestScript = ''
     machine.succeed("cryptsetup isLuks /dev/vda2");
     machine.succeed("mountpoint /home");
   '';
-  bootCommands = ''
-    machine.wait_for_console_text("vda")
-    machine.send_console("secretsecret\n")
-  '';
 }
diff --git a/tests/module.nix b/tests/module.nix
index 39d96f0..6a4298b 100644
--- a/tests/module.nix
+++ b/tests/module.nix
@@ -18,10 +18,6 @@ makeDiskoTest {
     machine.succeed("mountpoint /ext4onzfs");
     machine.succeed("mountpoint /ext4_on_lvm");
   '';
-  bootCommands = ''
-    machine.wait_for_console_text("vda")
-    machine.send_console("secretsecret\n")
-  '';
   extraConfig = {
     boot.kernelModules = [ "dm-raid" "dm-mirror" ];
   };
diff --git a/tests/zfs.nix b/tests/zfs.nix
index 39c2ebe..04eee4b 100644
--- a/tests/zfs.nix
+++ b/tests/zfs.nix
@@ -8,11 +8,6 @@ makeDiskoTest {
     fileSystems."/zfs_legacy_fs".options = [ "nofail" ]; # TODO find out why we need this!
     boot.zfs.requestEncryptionCredentials = true;
   };
-  enableOCR = true;
-  bootCommands = ''
-    machine.wait_for_text("passphrase for")
-    machine.send_chars("secretsecret\n")
-  '';
   extraTestScript = ''
     machine.succeed("test -b /dev/zvol/zroot/zfs_testvolume");
 

From c5a31c351ed87fa2ff83ce7416c02a798b9ae1cd Mon Sep 17 00:00:00 2001
From: lassulus <git@lassul.us>
Date: Tue, 11 Jul 2023 09:29:28 +0200
Subject: [PATCH 3/4] tests zfs: don't read key from prompt

---
 example/zfs.nix | 7 ++++---
 tests/zfs.nix   | 1 -
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/example/zfs.nix b/example/zfs.nix
index f5db396..d1189f5 100644
--- a/example/zfs.nix
+++ b/example/zfs.nix
@@ -95,9 +95,10 @@
               keyformat = "passphrase";
               keylocation = "file:///tmp/secret.key";
             };
-            postCreateHook = ''
-              zfs set keylocation="prompt" "zroot/$name";
-            '';
+            # use this to read the key during boot
+            # postCreateHook = ''
+            #   zfs set keylocation="prompt" "zroot/$name";
+            # '';
           };
           "encrypted/test" = {
             type = "zfs_fs";
diff --git a/tests/zfs.nix b/tests/zfs.nix
index 04eee4b..5b6d7a9 100644
--- a/tests/zfs.nix
+++ b/tests/zfs.nix
@@ -24,7 +24,6 @@ makeDiskoTest {
     assert_property("zroot/zfs_testvolume", "volsize", "10M")
     assert_property("zroot/zfs_unmounted_fs", "mountpoint", "none")
 
-    assert_property("zroot/encrypted", "keylocation", "prompt")
     machine.succeed("zfs get name zroot@blank")
 
     machine.succeed("mountpoint /zfs_fs");

From b6840cdf557f6fad59c4493aedeacb22fb119d8d Mon Sep 17 00:00:00 2001
From: lassulus <git@lassul.us>
Date: Wed, 12 Jul 2023 11:01:51 +0200
Subject: [PATCH 4/4] mergify: remove deprecated bcachefs package

---
 .mergify.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.mergify.yml b/.mergify.yml
index b08e465..3b15555 100644
--- a/.mergify.yml
+++ b/.mergify.yml
@@ -28,7 +28,6 @@ queue_rules:
       - check-success=package default [x86_64-linux]
       - check-success=package disko [x86_64-linux]
       - check-success=package disko-doc [x86_64-linux]
-      - check-success=package linux-bcachefs [x86_64-linux]
 defaults:
   actions:
     queue: