diff options
author | Jörg Thalheim <joerg@thalheim.io> | 2017-09-15 16:18:09 +0100 |
---|---|---|
committer | Joerg Thalheim <joerg@thalheim.io> | 2017-09-26 09:08:53 +0100 |
commit | 9164517c18bce89df5ffbfd662b8f7e051de0820 (patch) | |
tree | 1bb10f6c81e1c37cbb4a5da647a554b1d6ae8389 /nixos/modules/tasks/filesystems | |
parent | 95f3e6ca320556e8ced5582fd0ca46d726282ade (diff) | |
download | nixlib-9164517c18bce89df5ffbfd662b8f7e051de0820.tar nixlib-9164517c18bce89df5ffbfd662b8f7e051de0820.tar.gz nixlib-9164517c18bce89df5ffbfd662b8f7e051de0820.tar.bz2 nixlib-9164517c18bce89df5ffbfd662b8f7e051de0820.tar.lz nixlib-9164517c18bce89df5ffbfd662b8f7e051de0820.tar.xz nixlib-9164517c18bce89df5ffbfd662b8f7e051de0820.tar.zst nixlib-9164517c18bce89df5ffbfd662b8f7e051de0820.zip |
nixos/zfs: import encrypted datasets by default for zfsUnstable
Diffstat (limited to 'nixos/modules/tasks/filesystems')
-rw-r--r-- | nixos/modules/tasks/filesystems/zfs.nix | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index 145fae432c65..7fee99115329 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -140,6 +140,17 @@ in this once. ''; }; + + requestEncryptionCredentials = mkOption { + type = types.bool; + default = config.boot.zfs.enableUnstable; + description = '' + Request encryption keys or passwords for all encrypted datasets on import. + + Dataset encryption is only supported in zfsUnstable at the moment. + ''; + }; + }; services.zfs.autoSnapshot = { @@ -263,6 +274,10 @@ in assertion = !cfgZfs.forceImportAll || cfgZfs.forceImportRoot; message = "If you enable boot.zfs.forceImportAll, you must also enable boot.zfs.forceImportRoot"; } + { + assertion = cfgZfs.requestEncryptionCredentials -> cfgZfs.enableUnstable; + message = "This feature is only available for zfs unstable. Set the NixOS option boot.zfs.enableUnstable."; + } ]; boot = { @@ -306,6 +321,9 @@ in done echo if [[ -n "$msg" ]]; then echo "$msg"; fi + ${lib.optionalString cfgZfs.requestEncryptionCredentials '' + zfs load-key -a + ''} '') rootPools)); }; |