public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/zfs: import encrypted datasets by default for zfsUnstable

Browse Source
This commit is contained in:
Jörg Thalheim 2017-09-15 16:18:09 +01:00 committed by Joerg Thalheim
parent 95f3e6ca32
commit 9164517c18
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
nixos/modules/tasks/filesystems/zfs.nix
View File

@ -140,6 +140,17 @@ in
this once. this once.
''; '';
}; };
requestEncryptionCredentials = mkOption {
type = types.bool;
default = config.boot.zfs.enableUnstable;
description = ''
Request encryption keys or passwords for all encrypted datasets on import.
Dataset encryption is only supported in zfsUnstable at the moment.
'';
};
}; };
services.zfs.autoSnapshot = { services.zfs.autoSnapshot = {
@ -263,6 +274,10 @@ in
assertion = !cfgZfs.forceImportAll || cfgZfs.forceImportRoot; assertion = !cfgZfs.forceImportAll || cfgZfs.forceImportRoot;
message = "If you enable boot.zfs.forceImportAll, you must also enable boot.zfs.forceImportRoot"; message = "If you enable boot.zfs.forceImportAll, you must also enable boot.zfs.forceImportRoot";
} }
{
assertion = cfgZfs.requestEncryptionCredentials -> cfgZfs.enableUnstable;
message = "This feature is only available for zfs unstable. Set the NixOS option boot.zfs.enableUnstable.";
}
]; ];
boot = { boot = {
@ -306,6 +321,9 @@ in
done done
echo echo
if [[ -n "$msg" ]]; then echo "$msg"; fi if [[ -n "$msg" ]]; then echo "$msg"; fi
${lib.optionalString cfgZfs.requestEncryptionCredentials ''
zfs load-key -a
''}
'') rootPools)); '') rootPools));
}; };