diff options
| author | Graham Christensen <graham@grahamc.com> | 2020-07-02 14:15:18 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-07-02 14:15:18 -0400 |
| commit | 105e63469d8fee6e1d6e749a68874744e6d347da (patch) | |
| tree | 94e8d9dc7cd3cdac78c2dffb3e81975002c8ba68 /nixos/modules/tasks | |
| parent | 83ec61c486bd219e9941046557d4cfa7a2de3065 (diff) | |
| parent | e2f1594695c3795c09f40ed7556af2bbc49b8fdc (diff) | |
| download | nixpkgs-105e63469d8fee6e1d6e749a68874744e6d347da.tar nixpkgs-105e63469d8fee6e1d6e749a68874744e6d347da.tar.gz nixpkgs-105e63469d8fee6e1d6e749a68874744e6d347da.tar.bz2 nixpkgs-105e63469d8fee6e1d6e749a68874744e6d347da.tar.lz nixpkgs-105e63469d8fee6e1d6e749a68874744e6d347da.tar.xz nixpkgs-105e63469d8fee6e1d6e749a68874744e6d347da.tar.zst nixpkgs-105e63469d8fee6e1d6e749a68874744e6d347da.zip | |
Merge pull request #91344 from ElvishJerricco/zfs-encryption-systemd-ask-password
ZFS: Ask for stage 2 encryption passwords using systemd-ask-password
Diffstat (limited to 'nixos/modules/tasks')
| -rw-r--r-- | nixos/modules/tasks/filesystems/zfs.nix | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index 71eed4d6f1a..cb8947fd986 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -490,7 +490,11 @@ in description = "Import ZFS pool \"${pool}\""; # we need systemd-udev-settle until https://github.com/zfsonlinux/zfs/pull/4943 is merged requires = [ "systemd-udev-settle.service" ]; - after = [ "systemd-udev-settle.service" "systemd-modules-load.service" ]; + after = [ + "systemd-udev-settle.service" + "systemd-modules-load.service" + "systemd-ask-password-console.service" + ]; wantedBy = (getPoolMounts pool) ++ [ "local-fs.target" ]; before = (getPoolMounts pool) ++ [ "local-fs.target" ]; unitConfig = { @@ -515,7 +519,20 @@ in done poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool. if poolImported "${pool}"; then - ${optionalString cfgZfs.requestEncryptionCredentials "\"${packages.zfsUser}/sbin/zfs\" load-key -r \"${pool}\""} + ${optionalString cfgZfs.requestEncryptionCredentials '' + ${packages.zfsUser}/sbin/zfs list -rHo name,keylocation ${pool} | while IFS=$'\t' read ds kl; do + (case "$kl" in + none ) + ;; + prompt ) + ${config.systemd.package}/bin/systemd-ask-password "Enter key for $ds:" | ${packages.zfsUser}/sbin/zfs load-key "$ds" + ;; + * ) + ${packages.zfsUser}/sbin/zfs load-key "$ds" + ;; + esac) < /dev/null # To protect while read ds kl in case anything reads stdin + done + ''} echo "Successfully imported ${pool}" else exit 1 |