nixpkgs/nixos/modules/tasks/filesystems/bcachefs.nix

{ config, lib, pkgs, utils, ... }:

with lib;

let

  bootFs = filterAttrs (n: fs: (fs.fsType == "bcachefs") && (utils.fsNeededForBoot fs)) config.fileSystems;

  commonFunctions = ''
    prompt() {
        local name="$1"
        printf "enter passphrase for $name: "
    }
    tryUnlock() {
        local name="$1"
        local path="$2"
        if bcachefs unlock -c $path > /dev/null 2> /dev/null; then    # test for encryption
            prompt $name
            until bcachefs unlock $path 2> /dev/null; do              # repeat until sucessfully unlocked
                printf "unlocking failed!\n"
                prompt $name
            done
            printf "unlocking successful.\n"
        fi
    }
  '';

  openCommand = name: fs:
    let
      # we need only unlock one device manually, and cannot pass multiple at once
      # remove this adaptation when bcachefs implements mounting by filesystem uuid
      # also, implement automatic waiting for the constituent devices when that happens
      # bcachefs does not support mounting devices with colons in the path, ergo we don't (see #49671)
      firstDevice = head (splitString ":" fs.device);
    in
      ''
        tryUnlock ${name} ${firstDevice}
      '';

in

{
  config = mkIf (elem "bcachefs" config.boot.supportedFilesystems) (mkMerge [
    {
      system.fsPackages = [ pkgs.bcachefs-tools ];

      # use kernel package with bcachefs support until it's in mainline
      boot.kernelPackages = pkgs.linuxPackages_testing_bcachefs;
    }

    (mkIf ((elem "bcachefs" config.boot.initrd.supportedFilesystems) || (bootFs != {})) {
      # the cryptographic modules are required only for decryption attempts
      boot.initrd.availableKernelModules = [ "bcachefs" "chacha20" "poly1305" ];

      boot.initrd.extraUtilsCommands = ''
        copy_bin_and_libs ${pkgs.bcachefs-tools}/bin/bcachefs
      '';
      boot.initrd.extraUtilsCommandsTest = ''
        $out/bin/bcachefs version
      '';

      boot.initrd.postDeviceCommands = commonFunctions + concatStrings (mapAttrsToList openCommand bootFs);
    })
  ]);
}
nixos/bcachefs: enable encrypted root Enables automatic decryption for bcachefs-formatted filesystems needed during boot. 2018-11-03 02:07:36 +00:00			`{ config, lib, pkgs, utils, ... }:`
nixos/bcachefs: init module 2017-08-31 05:24:48 -05:00
			`with lib;`

			`let`

nixos/bcachefs: enable encrypted root Enables automatic decryption for bcachefs-formatted filesystems needed during boot. 2018-11-03 02:07:36 +00:00			`bootFs = filterAttrs (n: fs: (fs.fsType == "bcachefs") && (utils.fsNeededForBoot fs)) config.fileSystems;`

			`commonFunctions = ''`
			`prompt() {`
			`local name="$1"`
			`printf "enter passphrase for $name: "`
			`}`
			`tryUnlock() {`
			`local name="$1"`
			`local path="$2"`
			`if bcachefs unlock -c $path > /dev/null 2> /dev/null; then # test for encryption`
			`prompt $name`
			`until bcachefs unlock $path 2> /dev/null; do # repeat until sucessfully unlocked`
			`printf "unlocking failed!\n"`
			`prompt $name`
			`done`
			`printf "unlocking successful.\n"`
			`fi`
			`}`
			`'';`

			`openCommand = name: fs:`
			`let`
			`# we need only unlock one device manually, and cannot pass multiple at once`
			`# remove this adaptation when bcachefs implements mounting by filesystem uuid`
			`# also, implement automatic waiting for the constituent devices when that happens`
			`# bcachefs does not support mounting devices with colons in the path, ergo we don't (see #49671)`
			`firstDevice = head (splitString ":" fs.device);`
			`in`
			`''`
			`tryUnlock ${name} ${firstDevice}`
			`'';`
nixos/bcachefs: init module 2017-08-31 05:24:48 -05:00
			`in`

			`{`
nixos/bcachefs: enable encrypted root Enables automatic decryption for bcachefs-formatted filesystems needed during boot. 2018-11-03 02:07:36 +00:00			`config = mkIf (elem "bcachefs" config.boot.supportedFilesystems) (mkMerge [`
			`{`
			`system.fsPackages = [ pkgs.bcachefs-tools ];`

			`# use kernel package with bcachefs support until it's in mainline`
			`boot.kernelPackages = pkgs.linuxPackages_testing_bcachefs;`
			`}`
nixos/bcachefs: init module 2017-08-31 05:24:48 -05:00
nixos/bcachefs: enable encrypted root Enables automatic decryption for bcachefs-formatted filesystems needed during boot. 2018-11-03 02:07:36 +00:00			`(mkIf ((elem "bcachefs" config.boot.initrd.supportedFilesystems) \|\| (bootFs != {})) {`
			`# the cryptographic modules are required only for decryption attempts`
			`boot.initrd.availableKernelModules = [ "bcachefs" "chacha20" "poly1305" ];`
nixos/bcachefs: init module 2017-08-31 05:24:48 -05:00
nixos/bcachefs: enable encrypted root Enables automatic decryption for bcachefs-formatted filesystems needed during boot. 2018-11-03 02:07:36 +00:00			`boot.initrd.extraUtilsCommands = ''`
			`copy_bin_and_libs ${pkgs.bcachefs-tools}/bin/bcachefs`
			`'';`
			`boot.initrd.extraUtilsCommandsTest = ''`
			`$out/bin/bcachefs version`
			`'';`
nixos/bcachefs: init module 2017-08-31 05:24:48 -05:00
nixos/bcachefs: enable encrypted root Enables automatic decryption for bcachefs-formatted filesystems needed during boot. 2018-11-03 02:07:36 +00:00			`boot.initrd.postDeviceCommands = commonFunctions + concatStrings (mapAttrsToList openCommand bootFs);`
			`})`
			`]);`
nixos/bcachefs: init module 2017-08-31 05:24:48 -05:00			`}`