diff options
author | Frank Doepper <github@woffs.de> | 2018-06-28 12:04:30 +0200 |
---|---|---|
committer | Jörg Thalheim <Mic92@users.noreply.github.com> | 2018-06-28 11:04:30 +0100 |
commit | c5da007af5a33cbed927d3aff5553c82b6de0a08 (patch) | |
tree | e56c47abad798b8272d6147028baabe6217241ca /nixos/modules/tasks | |
parent | ba15c00e9869f2734ad9c8456f4ed778e69acf54 (diff) | |
download | nixlib-c5da007af5a33cbed927d3aff5553c82b6de0a08.tar nixlib-c5da007af5a33cbed927d3aff5553c82b6de0a08.tar.gz nixlib-c5da007af5a33cbed927d3aff5553c82b6de0a08.tar.bz2 nixlib-c5da007af5a33cbed927d3aff5553c82b6de0a08.tar.lz nixlib-c5da007af5a33cbed927d3aff5553c82b6de0a08.tar.xz nixlib-c5da007af5a33cbed927d3aff5553c82b6de0a08.tar.zst nixlib-c5da007af5a33cbed927d3aff5553c82b6de0a08.zip |
nixos/zfs: load encryption keys for all pools (#41846)
fixes #41838 At the moment it works fine for "file://" keys, but does not work for dataPools with "prompt" keys, because the passphrase cannot be entered (yet).
Diffstat (limited to 'nixos/modules/tasks')
-rw-r--r-- | nixos/modules/tasks/filesystems/zfs.nix | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index b8a420b7d745..bfcd81d62159 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -171,8 +171,12 @@ in default = config.boot.zfs.enableUnstable; description = '' Request encryption keys or passwords for all encrypted datasets on import. - Dataset encryption is only supported in zfsUnstable at the moment. + For root pools the encryption key can be supplied via both an + interactive prompt (keylocation=prompt) and from a file + (keylocation=file://). Note that for data pools the encryption key can + be only loaded from a file and not via interactive prompt since the + import is processed in a background systemd service. ''; }; @@ -394,6 +398,7 @@ in script = '' zpool_cmd="${packages.zfsUser}/sbin/zpool" ("$zpool_cmd" list "${pool}" >/dev/null) || "$zpool_cmd" import -d ${cfgZfs.devNodes} -N ${optionalString cfgZfs.forceImportAll "-f"} "${pool}" + ${optionalString cfgZfs.requestEncryptionCredentials "\"${packages.zfsUser}/sbin/zfs\" load-key -r \"${pool}\""} ''; }; |