After installing Fedora CoreOS on a mirrored RAID1 LUKS drive automatically decrypted by TPM in this previous forum post, I am now trying to further setup my machine.
I’m trying to move the /var
partition to a LUKS-encrypted partition (automatically decrypted by TPM on boot) formatted in ZFS, located on a separate high-endurance NVMe SSD. The goal is to have all of my Podman containers and other critical data on the fast, high-endurance NVMe drive.
I’ve already set up the NVMe drive with LUKS encryption, and the TPM automatically decrypts it on boot. I successfully created a ZFS partition on it.
However, when I copy the contents of /var
to the new partition, remount /var
as the ZFS pool, and reboot, I can no longer SSH into the machine.
I get an error saying
too many attempts
which is certainly not the case.
Additionally, when I log in physically, the login message shows:
“/var/home/user: change directory failed: No such file or directory.”
It also doesn’t have /var
mounted properly where I needed it when I use lsblk
and it shows /var
as mounted under the root drive again.
So I assume that I didn’t copy something over properly and I likely need to reinstall, which is fine, but I still needed to be able to mount /var
on my NVME SSD and I wanted to do so without errors. I assume that CoreOS does something different with /var
and I can’t just copy over the contains of /var/
to my pool-zfs
and remount as /var
.
Anyone have any ideas on how I can fix this issue?
Also, when I make the LUKS encrypted drives I need decrypted by TPM, I use systemd-cryptenroll which needs to regenerate the initramfs to work properly. Is there a better way to do this on ostree based distros than run rpm-ostree initramfs --enable
because I can seemingly only run that command once?
Thanks again for the assistance.