diff options
Diffstat (limited to 'nixos/modules/tasks')
-rw-r--r-- | nixos/modules/tasks/filesystems/zfs.nix | 18 | ||||
-rw-r--r-- | nixos/modules/tasks/network-interfaces-scripted.nix | 27 |
2 files changed, 38 insertions, 7 deletions
diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index 145fae432c65..7fee99115329 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -140,6 +140,17 @@ in this once. ''; }; + + requestEncryptionCredentials = mkOption { + type = types.bool; + default = config.boot.zfs.enableUnstable; + description = '' + Request encryption keys or passwords for all encrypted datasets on import. + + Dataset encryption is only supported in zfsUnstable at the moment. + ''; + }; + }; services.zfs.autoSnapshot = { @@ -263,6 +274,10 @@ in assertion = !cfgZfs.forceImportAll || cfgZfs.forceImportRoot; message = "If you enable boot.zfs.forceImportAll, you must also enable boot.zfs.forceImportRoot"; } + { + assertion = cfgZfs.requestEncryptionCredentials -> cfgZfs.enableUnstable; + message = "This feature is only available for zfs unstable. Set the NixOS option boot.zfs.enableUnstable."; + } ]; boot = { @@ -306,6 +321,9 @@ in done echo if [[ -n "$msg" ]]; then echo "$msg"; fi + ${lib.optionalString cfgZfs.requestEncryptionCredentials '' + zfs load-key -a + ''} '') rootPools)); }; diff --git a/nixos/modules/tasks/network-interfaces-scripted.nix b/nixos/modules/tasks/network-interfaces-scripted.nix index 7ede8752bcc3..3512296dff4a 100644 --- a/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixos/modules/tasks/network-interfaces-scripted.nix @@ -9,6 +9,12 @@ let interfaces = attrValues cfg.interfaces; hasVirtuals = any (i: i.virtual) interfaces; + slaves = concatMap (i: i.interfaces) (attrValues cfg.bonds) + ++ concatMap (i: i.interfaces) (attrValues cfg.bridges) + ++ concatMap (i: i.interfaces) (attrValues cfg.vswitches) + ++ concatMap (i: [i.interface]) (attrValues cfg.macvlans) + ++ concatMap (i: [i.interface]) (attrValues cfg.vlans); + # We must escape interfaces due to the systemd interpretation subsystemDevice = interface: "sys-subsystem-net-devices-${escapeSystemdPath interface}.device"; @@ -152,7 +158,11 @@ let in nameValuePair "network-addresses-${i.name}" { description = "Address configuration of ${i.name}"; - wantedBy = [ "network-setup.service" ]; + wantedBy = [ + "network-setup.service" + "network-link-${i.name}.service" + "network.target" + ]; # propagate stop and reload from network-setup partOf = [ "network-setup.service" ]; # order before network-setup because the routes that are configured @@ -206,7 +216,7 @@ let after = [ "dev-net-tun.device" "network-pre.target" ]; wantedBy = [ "network-setup.service" (subsystemDevice i.name) ]; partOf = [ "network-setup.service" ]; - before = [ "network-setup.service" (subsystemDevice i.name) ]; + before = [ "network-setup.service" ]; path = [ pkgs.iproute ]; serviceConfig = { Type = "oneshot"; @@ -232,7 +242,7 @@ let partOf = [ "network-setup.service" ] ++ optional v.rstp "mstpd.service"; after = [ "network-pre.target" ] ++ deps ++ optional v.rstp "mstpd.service" ++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces; - before = [ "network-setup.service" (subsystemDevice n) ]; + before = [ "network-setup.service" ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; path = [ pkgs.iproute ]; @@ -331,7 +341,7 @@ let partOf = [ "network-setup.service" ]; after = [ "network-pre.target" ] ++ deps ++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces; - before = [ "network-setup.service" (subsystemDevice n) ]; + before = [ "network-setup.service" ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; path = [ pkgs.iproute pkgs.gawk ]; @@ -369,7 +379,7 @@ let bindsTo = deps; partOf = [ "network-setup.service" ]; after = [ "network-pre.target" ] ++ deps; - before = [ "network-setup.service" (subsystemDevice n) ]; + before = [ "network-setup.service" ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; path = [ pkgs.iproute ]; @@ -394,7 +404,7 @@ let bindsTo = deps; partOf = [ "network-setup.service" ]; after = [ "network-pre.target" ] ++ deps; - before = [ "network-setup.service" (subsystemDevice n) ]; + before = [ "network-setup.service" ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; path = [ pkgs.iproute ]; @@ -422,7 +432,7 @@ let bindsTo = deps; partOf = [ "network-setup.service" ]; after = [ "network-pre.target" ] ++ deps; - before = [ "network-setup.service" (subsystemDevice n) ]; + before = [ "network-setup.service" ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; path = [ pkgs.iproute ]; @@ -465,5 +475,8 @@ in config = mkMerge [ bondWarnings (mkIf (!cfg.useNetworkd) normalConfig) + { # Ensure slave interfaces are brought up + networking.interfaces = genAttrs slaves (i: {}); + } ]; } |