mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-09-17 10:37:45 +03:00
Merge pull request #295736 from mjm/bcachefs-clevis-systemd
This commit is contained in:
commit
668834f72c
@ -57,7 +57,9 @@ let
|
|||||||
# bcachefs does not support mounting devices with colons in the path, ergo we don't (see #49671)
|
# bcachefs does not support mounting devices with colons in the path, ergo we don't (see #49671)
|
||||||
firstDevice = fs: lib.head (lib.splitString ":" fs.device);
|
firstDevice = fs: lib.head (lib.splitString ":" fs.device);
|
||||||
|
|
||||||
openCommand = name: fs: if config.boot.initrd.clevis.enable && (lib.hasAttr (firstDevice fs) config.boot.initrd.clevis.devices) then ''
|
useClevis = fs: config.boot.initrd.clevis.enable && (lib.hasAttr (firstDevice fs) config.boot.initrd.clevis.devices);
|
||||||
|
|
||||||
|
openCommand = name: fs: if useClevis fs then ''
|
||||||
if clevis decrypt < /etc/clevis/${firstDevice fs}.jwe | bcachefs unlock ${firstDevice fs}
|
if clevis decrypt < /etc/clevis/${firstDevice fs}.jwe | bcachefs unlock ${firstDevice fs}
|
||||||
then
|
then
|
||||||
printf "unlocked ${name} using clevis\n"
|
printf "unlocked ${name} using clevis\n"
|
||||||
@ -92,8 +94,19 @@ let
|
|||||||
# As is, RemainAfterExit doesn't accomplish anything.
|
# As is, RemainAfterExit doesn't accomplish anything.
|
||||||
RemainAfterExit = true;
|
RemainAfterExit = true;
|
||||||
};
|
};
|
||||||
script = ''
|
script = let
|
||||||
${config.boot.initrd.systemd.package}/bin/systemd-ask-password --timeout=0 "enter passphrase for ${name}" | exec ${pkgs.bcachefs-tools}/bin/bcachefs unlock "${device}"
|
unlock = ''${pkgs.bcachefs-tools}/bin/bcachefs unlock "${device}"'';
|
||||||
|
unlockInteractively = ''${config.boot.initrd.systemd.package}/bin/systemd-ask-password --timeout=0 "enter passphrase for ${name}" | exec ${unlock}'';
|
||||||
|
in if useClevis fs then ''
|
||||||
|
if ${config.boot.initrd.clevis.package}/bin/clevis decrypt < "/etc/clevis/${device}.jwe" | ${unlock}
|
||||||
|
then
|
||||||
|
printf "unlocked ${name} using clevis\n"
|
||||||
|
else
|
||||||
|
printf "falling back to interactive unlocking...\n"
|
||||||
|
${unlockInteractively}
|
||||||
|
fi
|
||||||
|
'' else ''
|
||||||
|
${unlockInteractively}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -38,6 +38,8 @@
|
|||||||
clevisZfs
|
clevisZfs
|
||||||
clevisZfsFallback
|
clevisZfsFallback
|
||||||
gptAutoRoot
|
gptAutoRoot
|
||||||
|
clevisBcachefs
|
||||||
|
clevisBcachefsFallback
|
||||||
;
|
;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user