diff options
author | Jörg Thalheim <Mic92@users.noreply.github.com> | 2017-09-26 09:10:44 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-09-26 09:10:44 +0100 |
commit | c74418a4e67ba242fc416b699ec8825291aa6889 (patch) | |
tree | 3e60cb168fe88d06f456ecc7eb5abc6b72f6705a /nixos | |
parent | b303aa0155af78753ae2e285868788bb6c55c22c (diff) | |
parent | 8fcf95f102f6ff58a7363eb18a7aed4a3b1c54b5 (diff) | |
download | nixlib-c74418a4e67ba242fc416b699ec8825291aa6889.tar nixlib-c74418a4e67ba242fc416b699ec8825291aa6889.tar.gz nixlib-c74418a4e67ba242fc416b699ec8825291aa6889.tar.bz2 nixlib-c74418a4e67ba242fc416b699ec8825291aa6889.tar.lz nixlib-c74418a4e67ba242fc416b699ec8825291aa6889.tar.xz nixlib-c74418a4e67ba242fc416b699ec8825291aa6889.tar.zst nixlib-c74418a4e67ba242fc416b699ec8825291aa6889.zip |
Merge pull request #29426 from Mic92/zfsUnstable
nixos/zfs: import encrypted datasets by default for zfsUnstable
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/tasks/filesystems/zfs.nix | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index 145fae432c65..7fee99115329 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -140,6 +140,17 @@ in this once. ''; }; + + requestEncryptionCredentials = mkOption { + type = types.bool; + default = config.boot.zfs.enableUnstable; + description = '' + Request encryption keys or passwords for all encrypted datasets on import. + + Dataset encryption is only supported in zfsUnstable at the moment. + ''; + }; + }; services.zfs.autoSnapshot = { @@ -263,6 +274,10 @@ in assertion = !cfgZfs.forceImportAll || cfgZfs.forceImportRoot; message = "If you enable boot.zfs.forceImportAll, you must also enable boot.zfs.forceImportRoot"; } + { + assertion = cfgZfs.requestEncryptionCredentials -> cfgZfs.enableUnstable; + message = "This feature is only available for zfs unstable. Set the NixOS option boot.zfs.enableUnstable."; + } ]; boot = { @@ -306,6 +321,9 @@ in done echo if [[ -n "$msg" ]]; then echo "$msg"; fi + ${lib.optionalString cfgZfs.requestEncryptionCredentials '' + zfs load-key -a + ''} '') rootPools)); }; |