diff options
author | Will Fancher <elvishjerricco@gmail.com> | 2022-05-03 13:39:54 -0400 |
---|---|---|
committer | Will Fancher <elvishjerricco@gmail.com> | 2022-05-03 14:56:50 -0400 |
commit | e0b5ba54798162d18ce2dbc42911f18facae1707 (patch) | |
tree | ac0e1f9fd05206ab4801c8a61d2747869db0b054 /nixos/modules/tasks/filesystems | |
parent | 3a71b113299c409c0961af6295bb9f496268f25b (diff) | |
download | nixlib-e0b5ba54798162d18ce2dbc42911f18facae1707.tar nixlib-e0b5ba54798162d18ce2dbc42911f18facae1707.tar.gz nixlib-e0b5ba54798162d18ce2dbc42911f18facae1707.tar.bz2 nixlib-e0b5ba54798162d18ce2dbc42911f18facae1707.tar.lz nixlib-e0b5ba54798162d18ce2dbc42911f18facae1707.tar.xz nixlib-e0b5ba54798162d18ce2dbc42911f18facae1707.tar.zst nixlib-e0b5ba54798162d18ce2dbc42911f18facae1707.zip |
nixos: Don't use grep to request ZFS credentials, and consider keystatus
Diffstat (limited to 'nixos/modules/tasks/filesystems')
-rw-r--r-- | nixos/modules/tasks/filesystems/zfs.nix | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index 4675c06cfdec..3bc05f56dc36 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -97,6 +97,11 @@ let in map (x: "${mountPoint x}.mount") (getPoolFilesystems pool); + getKeyLocations = pool: + if isBool cfgZfs.requestEncryptionCredentials + then "${cfgZfs.package}/sbin/zfs list -rHo name,keylocation,keystatus ${pool}" + else "${cfgZfs.package}/sbin/zfs list -Ho name,keylocation,keystatus ${toString (filter (x: datasetToPool x == pool) cfgZfs.requestEncryptionCredentials)}"; + createImportService = { pool, systemd, force, prefix ? "" }: nameValuePair "zfs-import-${pool}" { description = "Import ZFS pool \"${pool}\""; @@ -137,13 +142,11 @@ let ${optionalString (if isBool cfgZfs.requestEncryptionCredentials then cfgZfs.requestEncryptionCredentials else cfgZfs.requestEncryptionCredentials != []) '' - ${cfgZfs.package}/sbin/zfs list -rHo name,keylocation ${pool} | while IFS=$'\t' read ds kl; do + ${getKeyLocations pool} | while IFS=$'\t' read ds kl ks; do { - ${optionalString (!isBool cfgZfs.requestEncryptionCredentials) '' - if ! echo '${concatStringsSep "\n" cfgZfs.requestEncryptionCredentials}' | grep -qFx "$ds"; then - continue - fi - ''} + if [[ "$ks" != unavailable ]]; then + continue + fi case "$kl" in none ) ;; |