nix/os: more work on partition handling

nix/os/devices/default.nix

@@ -31,12 +31,12 @@ in {
     ID=${diskId}
     echo Mounting $ID
     set -xe
-    cryptsetup luksOpen /dev/disk/by-partlabel/$ID-part3 $ID-part3
+    cryptsetup luksOpen /dev/disk/by-id/$ID-part3 $ID-part3
     vgchange -ay $ID
     mkdir -p /mnt/$ID-root
     mount /dev/$ID/root /mnt/$ID-root -o subvol=nixos
     mount /dev/$ID/root /mnt/$ID-root/home -o subvol=home
-    mount /dev/disk/by-partlabel/$ID-part2 /mnt/$ID-root/boot
+    mount /dev/disk/by-id/$ID-part2 /mnt/$ID-root/boot
   '';
 
   diskUmount = pkgs.writeScript "script" ''

nix/os/modules/encryptedDisk.nix

@@ -6,13 +6,23 @@ with lib;
 let
   cfg = config.hardware.encryptedDisk;
 
+
   volumeGroup = cfg.diskId;
+
+  # This is important at install-time
   bootGrubDevice = lib.concatStrings [ "/dev/disk/by-id/" cfg.diskId ];
-  bootFsDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" cfg.diskId "-part2" ];
-  bootLuksDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" cfg.diskId "-part3" ];
+
+  # These are guaranteed by LVM
   rootFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/root" ];
   swapFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/swap" ];
 
+  # TODO: verify the GPT PARTLABEL cap at 36 chars
+  shortenPartlabel = name: (builtins.substring 0 36 name);
+  # Cannot use the disk ID here because might be different at install vs. runtime.
+  # Example: MMC card which is used in the internal reader vs. USB reader
+  bootFsDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" (shortenPartlabel ("2-"+cfg.diskId))];
+  bootLuksDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" (shortenPartlabel ("3-"+cfg.diskId))];
+
 in {
   options.hardware.encryptedDisk = {
     enable = mkEnableOption "Enable encrypted filesystem layout";