From 9b6b934949a02ef19868f76df0f5dbcef67a8278 Mon Sep 17 00:00:00 2001
From: Julien Malka <julien@malka.sh>
Date: Mon, 4 Dec 2023 15:09:49 +0000
Subject: nixos/clevis: guard zfs code behind config.clevis.boot.initrd.enable

---
 nixos/modules/tasks/filesystems/zfs.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'nixos')

diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix
index fd92a0014002..1879d76f1347 100644
--- a/nixos/modules/tasks/filesystems/zfs.nix
+++ b/nixos/modules/tasks/filesystems/zfs.nix
@@ -157,7 +157,7 @@ let
           poolImported "${pool}" || poolImport "${pool}"  # Try one last time, e.g. to import a degraded pool.
         fi
         if poolImported "${pool}"; then
-        ${concatMapStringsSep "\n" (elem: "clevis decrypt < /etc/clevis/${elem}.jwe | zfs load-key ${elem} || true ") (filter (p: (elemAt (splitString "/" p) 0) == pool) clevisDatasets)}
+        ${optionalString config.boot.initrd.clevis.enable (concatMapStringsSep "\n" (elem: "clevis decrypt < /etc/clevis/${elem}.jwe | zfs load-key ${elem} || true ") (filter (p: (elemAt (splitString "/" p) 0) == pool) clevisDatasets))}
 
 
           ${optionalString keyLocations.hasKeys ''
@@ -630,7 +630,7 @@ in
               poolImported "${pool}" || poolImport "${pool}"  # Try one last time, e.g. to import a degraded pool.
             fi
 
-            ${concatMapStringsSep "\n" (elem: "clevis decrypt < /etc/clevis/${elem}.jwe | zfs load-key ${elem}") (filter (p: (elemAt (splitString "/" p) 0) == pool) clevisDatasets)}
+            ${optionalString config.boot.initrd.clevis.enable (concatMapStringsSep "\n" (elem: "clevis decrypt < /etc/clevis/${elem}.jwe | zfs load-key ${elem}") (filter (p: (elemAt (splitString "/" p) 0) == pool) clevisDatasets))}
 
             ${if isBool cfgZfs.requestEncryptionCredentials
               then optionalString cfgZfs.requestEncryptionCredentials ''
-- 
cgit 1.4.1


From 28608b04486f5c9218ba6b74f347456253ea9f4f Mon Sep 17 00:00:00 2001
From: Julien Malka <julien@malka.sh>
Date: Mon, 4 Dec 2023 15:21:16 +0000
Subject: nixos/clevis: skip filesystem with null devices

---
 nixos/modules/tasks/filesystems/zfs.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'nixos')

diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix
index 1879d76f1347..784040f0ce9e 100644
--- a/nixos/modules/tasks/filesystems/zfs.nix
+++ b/nixos/modules/tasks/filesystems/zfs.nix
@@ -17,7 +17,7 @@ let
   cfgZED = config.services.zfs.zed;
 
   selectModulePackage = package: config.boot.kernelPackages.${package.kernelModuleAttribute};
-  clevisDatasets = map (e: e.device) (filter (e: (hasAttr e.device config.boot.initrd.clevis.devices) && e.fsType == "zfs" && (fsNeededForBoot e)) config.system.build.fileSystems);
+  clevisDatasets = map (e: e.device) (filter (e: e.device != null && (hasAttr e.device config.boot.initrd.clevis.devices) && e.fsType == "zfs" && (fsNeededForBoot e)) config.system.build.fileSystems);
 
 
   inInitrd = any (fs: fs == "zfs") config.boot.initrd.supportedFilesystems;
-- 
cgit 1.4.1