nixos/zfs: load encryption keys for all pools (#41846)

fixes #41838 At the moment it works fine for "file://" keys, but does not work for dataPools with "prompt" keys, because the passphrase cannot be entered (yet).
2018-06-28 12:04:30 +02:00 · 2018-06-28 12:04:30 +02:00 · c5da007af5
commit c5da007af5
parent ba15c00e98
1 changed files with 6 additions and 1 deletions
--- a/nixos/modules/tasks/filesystems/zfs.nix
+++ b/nixos/modules/tasks/filesystems/zfs.nix
@ -171,8 +171,12 @@ in
        default = config.boot.zfs.enableUnstable;
        description = ''
          Request encryption keys or passwords for all encrypted datasets on import.
-
          Dataset encryption is only supported in zfsUnstable at the moment.
+          For root pools the encryption key can be supplied via both an
+          interactive prompt (keylocation=prompt) and from a file
+          (keylocation=file://). Note that for data pools the encryption key can
+          be only loaded from a file and not via interactive prompt since the
+          import is processed in a background systemd service.
        '';
      };

@ -394,6 +398,7 @@ in
            script = ''
              zpool_cmd="${packages.zfsUser}/sbin/zpool"
              ("$zpool_cmd" list "${pool}" >/dev/null) || "$zpool_cmd" import -d ${cfgZfs.devNodes} -N ${optionalString cfgZfs.forceImportAll "-f"} "${pool}"
+              ${optionalString cfgZfs.requestEncryptionCredentials "\"${packages.zfsUser}/sbin/zfs\" load-key -r \"${pool}\""}
            '';
          };