Missing token file can lead to unbootable system

[graham33]

The NixOS module uses system.activationScripts to retrieve the secret, which is run on every boot. It's considered an error if the token file is missing, and that fails the boot at stage 2. Is there a way we can make this less invasive? I experienced this when activating a shared NixOS config on a new machine that didn't have the secret file yet.

For example, perhaps failing to retrieve the secret could not be considered a hard error, or perhaps better we could model this step as its own systemd service that can report success or failure more gracefully?

As it stands, i guess that failure to run the retrieval tool would also fail the boot? Thanks!