movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-12 04:35:41 +03:00
Code Issues Projects Releases Packages Wiki Activity

zfs: add option to use kernel keyring for encryption credentials

Browse source
This commit is contained in:
Shawn8901 2024-07-01 21:10:03 +02:00
parent f90d0a338d
commit 9a1d8f09cf
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
nixos/modules/tasks/filesystems/zfs.nix
View file

@ -233,7 +233,7 @@ let
tries=3 tries=3
success=false success=false
while [[ $success != true ]] && [[ $tries -gt 0 ]]; do while [[ $success != true ]] && [[ $tries -gt 0 ]]; do
${systemd}/bin/systemd-ask-password --timeout=${toString cfgZfs.passwordTimeout} "Enter key for $ds:" | ${cfgZfs.package}/sbin/zfs load-key "$ds" \ ${systemd}/bin/systemd-ask-password ${lib.optionalString cfgZfs.useKeyringForCredentials ("--keyname=zfs-$ds")} --timeout=${toString cfgZfs.passwordTimeout} "Enter key for $ds:" | ${cfgZfs.package}/sbin/zfs load-key "$ds" \
&& success=true \ && success=true \
|| tries=$((tries - 1)) || tries=$((tries - 1))
done done
@ -403,6 +403,8 @@ in
''; '';
}; };
useKeyringForCredentials = lib.mkEnableOption "Uses the kernel keyring for encryption credentials with keyname=zfs-<poolname>";
passwordTimeout = lib.mkOption { passwordTimeout = lib.mkOption {
type = lib.types.int; type = lib.types.int;
default = 0; default = 0;