Adding an option to luksroot, so it allows to define whether to launch cryptsetup after or before LVM.

To allow dmcrypt over lvm and lvm over dmcrypt. svn path=/nixos/trunk/; revision=32784
2025-01-07 14:00:59 +03:00 · 2012-03-04 21:00:35 +00:00 · 2012-03-04 21:00:35 +00:00 · 1adaabef58
commit 1adaabef58
parent 0d4eb37e16
1 changed files with 39 additions and 4 deletions
--- a/modules/system/boot/luksroot.nix
+++ b/modules/system/boot/luksroot.nix
@ -5,7 +5,7 @@ with pkgs.lib;
 let
  luks = config.boot.initrd.luks;

-  openCommand = { name, device }: ''
+  openCommand = { name, device, ... }: ''
    # Wait for luksRoot to appear, e.g. if on a usb drive.
    # XXX: copied and adapted from stage-1-init.sh - should be
    # available as a function.
@ -14,7 +14,7 @@ let
        for ((try = 0; try < 10; try++)); do
            sleep 1
            if test -e ${device}; then break; fi
-            echo -n "OK"
+            echo -n .
        done
        echo "ok"
    fi
@ -23,6 +23,10 @@ let
    cryptsetup luksOpen ${device} ${name}
  '';

+  isPreLVM = f: f.preLVM;
+  preLVM = filter isPreLVM luks.devices;
+  postLVM = filter (f: !(isPreLVM f)) luks.devices;
+
 in
 {

@ -36,7 +40,7 @@ in

    boot.initrd.luks.devices = mkOption {
      default = [ ];
-      example = [ { name = "luksroot"; device = "/dev/sda3"; } ];
+      example = [ { name = "luksroot"; device = "/dev/sda3"; preLVM = true; } ];
      description = '';
        The list of devices that should be decrypted using LUKS before trying to mount the
        root partition. This works for both LVM-over-LUKS and LUKS-over-LVM setups.
@ -45,6 +49,36 @@ in

        Make sure that initrd has the crypto modules needed for decryption.
      '';
+
+      type = types.list types.optionSet;
+
+      options = {
+
+        name = mkOption {
+          example = "luksroot";
+          type = types.string;
+          description = ''
+            Name of the interface.
+          '';
+        };
+
+        device = mkOption {
+          example = "/dev/sda2";
+          type = types.string;
+          description = ''
+            IP address of the interface.  Leave empty to configure the
+            interface using DHCP.
+          '';
+        };
+
+        preLVM = mkOption {
+          default = true;
+          type = types.bool;
+          description = ''
+            Whether the luksOpen will be attempted before LVM scan or after it.
+          '';
+        };
+      };
    };
  };

@ -68,6 +102,7 @@ in
      $out/bin/cryptsetup --version
    '';

-    boot.initrd.preLVMCommands = concatMapStrings openCommand luks.devices;
+    boot.initrd.preLVMCommands = concatMapStrings openCommand preLVM;
+    boot.initrd.postDeviceCommands = concatMapStrings openCommand postLVM;
  };
 }