diff options
| author | Will Fancher <elvishjerricco@gmail.com> | 2022-12-29 00:00:29 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-12-29 00:00:29 -0500 |
| commit | 3d7270abd5b28bc8ef6c64a7eb15f41bdc9717f0 (patch) | |
| tree | 1bbf4db316112ef6e28aa2077d260d2a1e70f7f3 /nixos/modules/tasks/filesystems | |
| parent | 61345687940092e1cfda9aae7aec152a5a716063 (diff) | |
| parent | 51809df3028ad65ff81b2badf7fef04bd9ed5921 (diff) | |
| download | nixlib-3d7270abd5b28bc8ef6c64a7eb15f41bdc9717f0.tar nixlib-3d7270abd5b28bc8ef6c64a7eb15f41bdc9717f0.tar.gz nixlib-3d7270abd5b28bc8ef6c64a7eb15f41bdc9717f0.tar.bz2 nixlib-3d7270abd5b28bc8ef6c64a7eb15f41bdc9717f0.tar.lz nixlib-3d7270abd5b28bc8ef6c64a7eb15f41bdc9717f0.tar.xz nixlib-3d7270abd5b28bc8ef6c64a7eb15f41bdc9717f0.tar.zst nixlib-3d7270abd5b28bc8ef6c64a7eb15f41bdc9717f0.zip | |
Merge pull request #203171 from ElvishJerricco/zfs-fix-requested-credentials
nixos/zfs: Ensure pool has datasets to decrypt
Diffstat (limited to 'nixos/modules/tasks/filesystems')
| -rw-r--r-- | nixos/modules/tasks/filesystems/zfs.nix | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index 0f14f2b501c2..6c7759647517 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -97,10 +97,15 @@ let in map (x: "${mountPoint x}.mount") (getPoolFilesystems pool); - getKeyLocations = pool: - if isBool cfgZfs.requestEncryptionCredentials - then "${cfgZfs.package}/sbin/zfs list -rHo name,keylocation,keystatus ${pool}" - else "${cfgZfs.package}/sbin/zfs list -Ho name,keylocation,keystatus ${toString (filter (x: datasetToPool x == pool) cfgZfs.requestEncryptionCredentials)}"; + getKeyLocations = pool: if isBool cfgZfs.requestEncryptionCredentials then { + hasKeys = cfgZfs.requestEncryptionCredentials; + command = "${cfgZfs.package}/sbin/zfs list -rHo name,keylocation,keystatus ${pool}"; + } else let + keys = filter (x: datasetToPool x == pool) cfgZfs.requestEncryptionCredentials; + in { + hasKeys = keys != []; + command = "${cfgZfs.package}/sbin/zfs list -Ho name,keylocation,keystatus ${toString keys}"; + }; createImportService = { pool, systemd, force, prefix ? "" }: nameValuePair "zfs-import-${pool}" { @@ -124,7 +129,9 @@ let RemainAfterExit = true; }; environment.ZFS_FORCE = optionalString force "-f"; - script = (importLib { + script = let + keyLocations = getKeyLocations pool; + in (importLib { # See comments at importLib definition. zpoolCmd = "${cfgZfs.package}/sbin/zpool"; awkCmd = "${pkgs.gawk}/bin/awk"; @@ -139,10 +146,8 @@ let done poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool. if poolImported "${pool}"; then - ${optionalString (if isBool cfgZfs.requestEncryptionCredentials - then cfgZfs.requestEncryptionCredentials - else cfgZfs.requestEncryptionCredentials != []) '' - ${getKeyLocations pool} | while IFS=$'\t' read ds kl ks; do + ${optionalString keyLocations.hasKeys '' + ${keyLocations.command} | while IFS=$'\t' read ds kl ks; do { if [[ "$ks" != unavailable ]]; then continue @@ -565,7 +570,7 @@ in '' else concatMapStrings (fs: '' zfs load-key -- ${escapeShellArg fs} - '') cfgZfs.requestEncryptionCredentials} + '') (filter (x: datasetToPool x == pool) cfgZfs.requestEncryptionCredentials)} '') rootPools)); # Systemd in stage 1 |