diff options
Diffstat (limited to 'nixos/modules/tasks/filesystems/zfs.nix')
-rw-r--r-- | nixos/modules/tasks/filesystems/zfs.nix | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index 0f14f2b501c..6c775964751 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -97,10 +97,15 @@ let in map (x: "${mountPoint x}.mount") (getPoolFilesystems pool); - getKeyLocations = pool: - if isBool cfgZfs.requestEncryptionCredentials - then "${cfgZfs.package}/sbin/zfs list -rHo name,keylocation,keystatus ${pool}" - else "${cfgZfs.package}/sbin/zfs list -Ho name,keylocation,keystatus ${toString (filter (x: datasetToPool x == pool) cfgZfs.requestEncryptionCredentials)}"; + getKeyLocations = pool: if isBool cfgZfs.requestEncryptionCredentials then { + hasKeys = cfgZfs.requestEncryptionCredentials; + command = "${cfgZfs.package}/sbin/zfs list -rHo name,keylocation,keystatus ${pool}"; + } else let + keys = filter (x: datasetToPool x == pool) cfgZfs.requestEncryptionCredentials; + in { + hasKeys = keys != []; + command = "${cfgZfs.package}/sbin/zfs list -Ho name,keylocation,keystatus ${toString keys}"; + }; createImportService = { pool, systemd, force, prefix ? "" }: nameValuePair "zfs-import-${pool}" { @@ -124,7 +129,9 @@ let RemainAfterExit = true; }; environment.ZFS_FORCE = optionalString force "-f"; - script = (importLib { + script = let + keyLocations = getKeyLocations pool; + in (importLib { # See comments at importLib definition. zpoolCmd = "${cfgZfs.package}/sbin/zpool"; awkCmd = "${pkgs.gawk}/bin/awk"; @@ -139,10 +146,8 @@ let done poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool. if poolImported "${pool}"; then - ${optionalString (if isBool cfgZfs.requestEncryptionCredentials - then cfgZfs.requestEncryptionCredentials - else cfgZfs.requestEncryptionCredentials != []) '' - ${getKeyLocations pool} | while IFS=$'\t' read ds kl ks; do + ${optionalString keyLocations.hasKeys '' + ${keyLocations.command} | while IFS=$'\t' read ds kl ks; do { if [[ "$ks" != unavailable ]]; then continue @@ -565,7 +570,7 @@ in '' else concatMapStrings (fs: '' zfs load-key -- ${escapeShellArg fs} - '') cfgZfs.requestEncryptionCredentials} + '') (filter (x: datasetToPool x == pool) cfgZfs.requestEncryptionCredentials)} '') rootPools)); # Systemd in stage 1 |