fix script

2025-10-17 22:28:02 -04:00 · 2025-10-17 22:28:02 -04:00 · 003cf474ff
commit 003cf474ff
parent f9515dd160
1 changed files with 31 additions and 8 deletions
--- a/usb-secrets.nix
+++ b/usb-secrets.nix
@ -5,13 +5,18 @@
  ...
 }:
 {
+  systemd.services.agenix-install-secrets.after = [ "usb-secrets.service" ];
+
  # Extract USB secrets key in main system before agenix
  systemd.services.usb-secrets = {
    description = "Extract USB secrets key";
    wantedBy = [ "sysinit.target" ];
-    before = [ "agenix.service" ];
+    before = [ "sysinit.target" ];
    wants = [ "local-fs.target" ];
-    after = [ "local-fs.target" ];
+    after = [
+      "local-fs.target"
+      "systemd-udev-settle.service"
+    ];
    unitConfig.DefaultDependencies = false;
    serviceConfig = {
      Type = "oneshot";
@ -27,19 +32,37 @@
      fi

      # Wait for USB devices
+      echo "Waiting for USB device /dev/disk/by-label/SECRETS..."
      for i in {1..30}; do
-        [ -e /dev/disk/by-label/SECRETS ] && break
+        if [ -e /dev/disk/by-label/SECRETS ]; then
+          echo "USB device found after $i seconds"
+          break
+        fi
+        echo "Attempt $i: USB device not found, waiting..."
        sleep 1
      done

+      if [ ! -e /dev/disk/by-label/SECRETS ]; then
+        echo "ERROR: USB device /dev/disk/by-label/SECRETS not found after 30 seconds"
+        echo "Available devices:"
+        ls -la /dev/disk/by-label/ || true
+        exit 1
+      fi
+
+      # Give device a moment to be fully ready for mounting
+      echo "Device found, waiting 2 seconds for device to be ready..."
+      sleep 2
+
      # Mount USB and copy key
-      if mount /dev/disk/by-label/SECRETS /mnt/usb 2>/dev/null; then
+      echo "Attempting to mount /dev/disk/by-label/SECRETS to /mnt/usb..."
+      if ${pkgs.util-linux}/bin/mount /dev/disk/by-label/SECRETS /mnt/usb; then
+        echo "Mount successful"
        if [ -f /mnt/usb/usb-secrets-key ]; then
-          install -m 600 /mnt/usb/usb-secrets-key /run/secrets/usb-secrets-key
-          umount /mnt/usb
+          ${pkgs.coreutils}/bin/install -m 600 /mnt/usb/usb-secrets-key /run/secrets/usb-secrets-key
+          ${pkgs.util-linux}/bin/umount /mnt/usb
          echo "USB secrets key loaded"
        else
-          umount /mnt/usb
+          ${pkgs.util-linux}/bin/umount /mnt/usb
          echo "Key file not found"
          exit 1
        fi