public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adding an option to luksroot, so it allows to define whether to launch cryptsetup after or before LVM.

Browse Source 
To allow dmcrypt over lvm and lvm over dmcrypt.


svn path=/nixos/trunk/; revision=32784
This commit is contained in:
Lluís Batlle i Rossell 2012-03-04 21:00:35 +00:00
parent 0d4eb37e16
commit 1adaabef58
1 changed files with 39 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
modules/system/boot/luksroot.nix
View File

@ -5,7 +5,7 @@ with pkgs.lib;
let let
luks = config.boot.initrd.luks; luks = config.boot.initrd.luks;
openCommand = { name, device }: '' openCommand = { name, device, ... }: ''
# Wait for luksRoot to appear, e.g. if on a usb drive. # Wait for luksRoot to appear, e.g. if on a usb drive.
# XXX: copied and adapted from stage-1-init.sh - should be # XXX: copied and adapted from stage-1-init.sh - should be
# available as a function. # available as a function.
@ -14,7 +14,7 @@ let
for ((try = 0; try < 10; try++)); do for ((try = 0; try < 10; try++)); do
sleep 1 sleep 1
if test -e ${device}; then break; fi if test -e ${device}; then break; fi
echo -n "OK" echo -n .
done done
echo "ok" echo "ok"
fi fi
@ -23,6 +23,10 @@ let
cryptsetup luksOpen ${device} ${name} cryptsetup luksOpen ${device} ${name}
''; '';
isPreLVM = f: f.preLVM;
preLVM = filter isPreLVM luks.devices;
postLVM = filter (f: !(isPreLVM f)) luks.devices;
in in
{ {
@ -36,7 +40,7 @@ in
boot.initrd.luks.devices = mkOption { boot.initrd.luks.devices = mkOption {
default = [ ]; default = [ ];
example = [ { name = "luksroot"; device = "/dev/sda3"; } ]; example = [ { name = "luksroot"; device = "/dev/sda3"; preLVM = true; } ];
description = ''; description = '';
The list of devices that should be decrypted using LUKS before trying to mount the The list of devices that should be decrypted using LUKS before trying to mount the
root partition. This works for both LVM-over-LUKS and LUKS-over-LVM setups. root partition. This works for both LVM-over-LUKS and LUKS-over-LVM setups.
@ -45,6 +49,36 @@ in
Make sure that initrd has the crypto modules needed for decryption. Make sure that initrd has the crypto modules needed for decryption.
''; '';
type = types.list types.optionSet;
options = {
name = mkOption {
example = "luksroot";
type = types.string;
description = ''
Name of the interface.
'';
};
device = mkOption {
example = "/dev/sda2";
type = types.string;
description = ''
IP address of the interface. Leave empty to configure the
interface using DHCP.
'';
};
preLVM = mkOption {
default = true;
type = types.bool;
description = ''
Whether the luksOpen will be attempted before LVM scan or after it.
'';
};
};
}; };
}; };
@ -68,6 +102,7 @@ in
$out/bin/cryptsetup --version $out/bin/cryptsetup --version
''; '';
boot.initrd.preLVMCommands = concatMapStrings openCommand luks.devices; boot.initrd.preLVMCommands = concatMapStrings openCommand preLVM;
boot.initrd.postDeviceCommands = concatMapStrings openCommand postLVM;
}; };
} }