diff options
Diffstat (limited to 'nixpkgs/nixos/modules/tasks')
-rw-r--r-- | nixpkgs/nixos/modules/tasks/encrypted-devices.nix | 7 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/tasks/filesystems/bcachefs.nix | 54 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/tasks/filesystems/zfs.nix | 12 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/tasks/swraid.nix | 4 |
4 files changed, 54 insertions, 23 deletions
diff --git a/nixpkgs/nixos/modules/tasks/encrypted-devices.nix b/nixpkgs/nixos/modules/tasks/encrypted-devices.nix index ab3ccddf682d..da9c83ba339c 100644 --- a/nixpkgs/nixos/modules/tasks/encrypted-devices.nix +++ b/nixpkgs/nixos/modules/tasks/encrypted-devices.nix @@ -110,10 +110,11 @@ in }) earlyEncDevs); forceLuksSupportInInitrd = true; }; - postMountCommands = - concatMapStrings (dev: + # TODO: systemd stage 1 + postMountCommands = lib.mkIf (!config.boot.initrd.systemd.enable) + (concatMapStrings (dev: "cryptsetup luksOpen --key-file ${dev.encrypted.keyFile} ${dev.encrypted.blkDev} ${dev.encrypted.label};\n" - ) lateEncDevs; + ) lateEncDevs); }; }; } diff --git a/nixpkgs/nixos/modules/tasks/filesystems/bcachefs.nix b/nixpkgs/nixos/modules/tasks/filesystems/bcachefs.nix index 19ef188ce783..4eadec239e67 100644 --- a/nixpkgs/nixos/modules/tasks/filesystems/bcachefs.nix +++ b/nixpkgs/nixos/modules/tasks/filesystems/bcachefs.nix @@ -34,17 +34,43 @@ let } ''; - openCommand = name: fs: - let - # we need only unlock one device manually, and cannot pass multiple at once - # remove this adaptation when bcachefs implements mounting by filesystem uuid - # also, implement automatic waiting for the constituent devices when that happens - # bcachefs does not support mounting devices with colons in the path, ergo we don't (see #49671) - firstDevice = head (splitString ":" fs.device); - in - '' - tryUnlock ${name} ${firstDevice} + # we need only unlock one device manually, and cannot pass multiple at once + # remove this adaptation when bcachefs implements mounting by filesystem uuid + # also, implement automatic waiting for the constituent devices when that happens + # bcachefs does not support mounting devices with colons in the path, ergo we don't (see #49671) + firstDevice = fs: head (splitString ":" fs.device); + + openCommand = name: fs: '' + tryUnlock ${name} ${firstDevice fs} + ''; + + mkUnits = prefix: name: fs: let + mountUnit = "${utils.escapeSystemdPath (prefix + (lib.removeSuffix "/" fs.mountPoint))}.mount"; + device = firstDevice fs; + deviceUnit = "${utils.escapeSystemdPath device}.device"; + in { + name = "unlock-bcachefs-${utils.escapeSystemdPath fs.mountPoint}"; + value = { + description = "Unlock bcachefs for ${fs.mountPoint}"; + requiredBy = [ mountUnit ]; + before = [ mountUnit ]; + bindsTo = [ deviceUnit ]; + after = [ deviceUnit ]; + unitConfig.DefaultDependencies = false; + serviceConfig = { + Type = "oneshot"; + ExecCondition = "${pkgs.bcachefs-tools}/bin/bcachefs unlock -c \"${device}\""; + Restart = "on-failure"; + RestartMode = "direct"; + # Ideally, this service would lock the key on stop. + # As is, RemainAfterExit doesn't accomplish anything. + RemainAfterExit = true; + }; + script = '' + ${config.boot.initrd.systemd.package}/bin/systemd-ask-password --timeout=0 "enter passphrase for ${name}" | exec ${pkgs.bcachefs-tools}/bin/bcachefs unlock "${device}" ''; + }; + }; in @@ -59,6 +85,8 @@ in # use kernel package with bcachefs support until it's in mainline boot.kernelPackages = pkgs.linuxPackages_testing_bcachefs; + + systemd.services = lib.mapAttrs' (mkUnits "") (lib.filterAttrs (n: fs: (fs.fsType == "bcachefs") && (!utils.fsNeededForBoot fs)) config.fileSystems); } (mkIf ((elem "bcachefs" config.boot.initrd.supportedFilesystems) || (bootFs != {})) { @@ -74,11 +102,13 @@ in copy_bin_and_libs ${pkgs.bcachefs-tools}/bin/bcachefs copy_bin_and_libs ${mountCommand}/bin/mount.bcachefs ''; - boot.initrd.extraUtilsCommandsTest = '' + boot.initrd.extraUtilsCommandsTest = lib.mkIf (!config.boot.initrd.systemd.enable) '' $out/bin/bcachefs version ''; - boot.initrd.postDeviceCommands = commonFunctions + concatStrings (mapAttrsToList openCommand bootFs); + boot.initrd.postDeviceCommands = lib.mkIf (!config.boot.initrd.systemd.enable) (commonFunctions + concatStrings (mapAttrsToList openCommand bootFs)); + + boot.initrd.systemd.services = lib.mapAttrs' (mkUnits "/sysroot") bootFs; }) ]); } diff --git a/nixpkgs/nixos/modules/tasks/filesystems/zfs.nix b/nixpkgs/nixos/modules/tasks/filesystems/zfs.nix index 082634ec9d01..4b6a5b6c12c1 100644 --- a/nixpkgs/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixpkgs/nixos/modules/tasks/filesystems/zfs.nix @@ -584,17 +584,17 @@ in boot.initrd = mkIf inInitrd { kernelModules = [ "zfs" ] ++ optional (!cfgZfs.enableUnstable) "spl"; extraUtilsCommands = - '' + mkIf (!config.boot.initrd.systemd.enable) '' copy_bin_and_libs ${cfgZfs.package}/sbin/zfs copy_bin_and_libs ${cfgZfs.package}/sbin/zdb copy_bin_and_libs ${cfgZfs.package}/sbin/zpool ''; - extraUtilsCommandsTest = mkIf inInitrd - '' + extraUtilsCommandsTest = + mkIf (!config.boot.initrd.systemd.enable) '' $out/bin/zfs --help >/dev/null 2>&1 $out/bin/zpool --help >/dev/null 2>&1 ''; - postDeviceCommands = concatStringsSep "\n" (['' + postDeviceCommands = mkIf (!config.boot.initrd.systemd.enable) (concatStringsSep "\n" (['' ZFS_FORCE="${optionalString cfgZfs.forceImportRoot "-f"}" ''] ++ [(importLib { # See comments at importLib definition. @@ -623,10 +623,10 @@ in else concatMapStrings (fs: '' zfs load-key -- ${escapeShellArg fs} '') (filter (x: datasetToPool x == pool) cfgZfs.requestEncryptionCredentials)} - '') rootPools)); + '') rootPools))); # Systemd in stage 1 - systemd = { + systemd = mkIf config.boot.initrd.systemd.enable { packages = [cfgZfs.package]; services = listToAttrs (map (pool: createImportService { inherit pool; diff --git a/nixpkgs/nixos/modules/tasks/swraid.nix b/nixpkgs/nixos/modules/tasks/swraid.nix index 61b3682e0f68..249755bc0548 100644 --- a/nixpkgs/nixos/modules/tasks/swraid.nix +++ b/nixpkgs/nixos/modules/tasks/swraid.nix @@ -62,13 +62,13 @@ in { cp -v ${pkgs.mdadm}/lib/udev/rules.d/*.rules $out/ ''; - extraUtilsCommands = '' + extraUtilsCommands = lib.mkIf (!config.boot.initrd.systemd.enable) '' # Add RAID mdadm tool. copy_bin_and_libs ${pkgs.mdadm}/sbin/mdadm copy_bin_and_libs ${pkgs.mdadm}/sbin/mdmon ''; - extraUtilsCommandsTest = '' + extraUtilsCommandsTest = lib.mkIf (!config.boot.initrd.systemd.enable) '' $out/bin/mdadm --version ''; |