diff options
Diffstat (limited to 'nixos/modules/tasks/filesystems')
-rw-r--r-- | nixos/modules/tasks/filesystems/zfs.nix | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index 145fae432c65..7fee99115329 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -140,6 +140,17 @@ in this once. ''; }; + + requestEncryptionCredentials = mkOption { + type = types.bool; + default = config.boot.zfs.enableUnstable; + description = '' + Request encryption keys or passwords for all encrypted datasets on import. + + Dataset encryption is only supported in zfsUnstable at the moment. + ''; + }; + }; services.zfs.autoSnapshot = { @@ -263,6 +274,10 @@ in assertion = !cfgZfs.forceImportAll || cfgZfs.forceImportRoot; message = "If you enable boot.zfs.forceImportAll, you must also enable boot.zfs.forceImportRoot"; } + { + assertion = cfgZfs.requestEncryptionCredentials -> cfgZfs.enableUnstable; + message = "This feature is only available for zfs unstable. Set the NixOS option boot.zfs.enableUnstable."; + } ]; boot = { @@ -306,6 +321,9 @@ in done echo if [[ -n "$msg" ]]; then echo "$msg"; fi + ${lib.optionalString cfgZfs.requestEncryptionCredentials '' + zfs load-key -a + ''} '') rootPools)); }; |