diff options
| author | Julien Malka <julien@malka.sh> | 2023-12-04 15:09:49 +0000 |
|---|---|---|
| committer | Julien Malka <julien@malka.sh> | 2023-12-04 15:09:49 +0000 |
| commit | 9b6b934949a02ef19868f76df0f5dbcef67a8278 (patch) | |
| tree | a60f183121b1fd162a57e10c30f9745b03ee86bc /nixos/modules/tasks/filesystems | |
| parent | c0443ea94c9a7c05278fa9b134c5a8e61c84a0f0 (diff) | |
| download | nixlib-9b6b934949a02ef19868f76df0f5dbcef67a8278.tar nixlib-9b6b934949a02ef19868f76df0f5dbcef67a8278.tar.gz nixlib-9b6b934949a02ef19868f76df0f5dbcef67a8278.tar.bz2 nixlib-9b6b934949a02ef19868f76df0f5dbcef67a8278.tar.lz nixlib-9b6b934949a02ef19868f76df0f5dbcef67a8278.tar.xz nixlib-9b6b934949a02ef19868f76df0f5dbcef67a8278.tar.zst nixlib-9b6b934949a02ef19868f76df0f5dbcef67a8278.zip | |
nixos/clevis: guard zfs code behind config.clevis.boot.initrd.enable
Diffstat (limited to 'nixos/modules/tasks/filesystems')
| -rw-r--r-- | nixos/modules/tasks/filesystems/zfs.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index fd92a0014002..1879d76f1347 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -157,7 +157,7 @@ let poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool. fi if poolImported "${pool}"; then - ${concatMapStringsSep "\n" (elem: "clevis decrypt < /etc/clevis/${elem}.jwe | zfs load-key ${elem} || true ") (filter (p: (elemAt (splitString "/" p) 0) == pool) clevisDatasets)} + ${optionalString config.boot.initrd.clevis.enable (concatMapStringsSep "\n" (elem: "clevis decrypt < /etc/clevis/${elem}.jwe | zfs load-key ${elem} || true ") (filter (p: (elemAt (splitString "/" p) 0) == pool) clevisDatasets))} ${optionalString keyLocations.hasKeys '' @@ -630,7 +630,7 @@ in poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool. fi - ${concatMapStringsSep "\n" (elem: "clevis decrypt < /etc/clevis/${elem}.jwe | zfs load-key ${elem}") (filter (p: (elemAt (splitString "/" p) 0) == pool) clevisDatasets)} + ${optionalString config.boot.initrd.clevis.enable (concatMapStringsSep "\n" (elem: "clevis decrypt < /etc/clevis/${elem}.jwe | zfs load-key ${elem}") (filter (p: (elemAt (splitString "/" p) 0) == pool) clevisDatasets))} ${if isBool cfgZfs.requestEncryptionCredentials then optionalString cfgZfs.requestEncryptionCredentials '' |