JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #93395 from hmenke/zfs

Browse Source 
ZFS: Request credentials only for selected pools
This commit is contained in:
Jörg Thalheim 2020-08-15 09:19:49 +01:00 committed by GitHub
commit 7acb961c67
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 22 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
nixos/modules/tasks/filesystems/zfs.nix
View File

@ -191,13 +191,14 @@ in
}; };
requestEncryptionCredentials = mkOption { requestEncryptionCredentials = mkOption {
type = types.bool; type = types.either types.bool (types.listOf types.str);
default = true; default = true;
example = [ "tank" "data" ];
description = '' description = ''
Request encryption keys or passwords for all encrypted datasets on import. If true on import encryption keys or passwords for all encrypted datasets
For root pools the encryption key can be supplied via both an are requested. To only decrypt selected datasets supply a list of dataset
interactive prompt (keylocation=prompt) and from a file names instead. For root pools the encryption key can be supplied via both
(keylocation=file://). an interactive prompt (keylocation=prompt) and from a file (keylocation=file://).
''; '';
}; };
@ -419,9 +420,13 @@ in
fi fi
poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool. poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool.
fi fi
${lib.optionalString cfgZfs.requestEncryptionCredentials '' ${if isBool cfgZfs.requestEncryptionCredentials
zfs load-key -a then optionalString cfgZfs.requestEncryptionCredentials ''
''} zfs load-key -a
''
else concatMapStrings (fs: ''
zfs load-key ${fs}
'') cfgZfs.requestEncryptionCredentials}
'') rootPools)); '') rootPools));
}; };
@ -517,9 +522,16 @@ in
done done
poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool. poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool.
if poolImported "${pool}"; then if poolImported "${pool}"; then
${optionalString cfgZfs.requestEncryptionCredentials '' ${optionalString (if isBool cfgZfs.requestEncryptionCredentials
then cfgZfs.requestEncryptionCredentials
else cfgZfs.requestEncryptionCredentials != []) ''
${packages.zfsUser}/sbin/zfs list -rHo name,keylocation ${pool} | while IFS=$'\t' read ds kl; do ${packages.zfsUser}/sbin/zfs list -rHo name,keylocation ${pool} | while IFS=$'\t' read ds kl; do
(case "$kl" in (${optionalString (!isBool cfgZfs.requestEncryptionCredentials) ''
if ! echo '${concatStringsSep "\n" cfgZfs.requestEncryptionCredentials}' | grep -qFx "$ds"; then
continue
fi
''}
case "$kl" in
none ) none )
;; ;;
prompt ) prompt )