diff --git a/example/zfs.nix b/example/zfs.nix index 59c3f24..0db9ee7 100644 --- a/example/zfs.nix +++ b/example/zfs.nix @@ -88,6 +88,21 @@ mountpoint = "/ext4onzfs"; }; }; + encrypted = { + zfs_type = "filesystem"; + size = "20M"; + options = { + mountpoint = "none"; + encryption = "aes-256-gcm"; + keyformat = "passphrase"; + keylocation = "file:///tmp/secret.key"; + }; + }; + "encrypted/test" = { + zfs_type = "filesystem"; + size = "2M"; + mountpoint = "/zfs_crypted"; + }; }; }; }; diff --git a/tests/lib.nix b/tests/lib.nix index 6f4015a..1ab8934 100644 --- a/tests/lib.nix +++ b/tests/lib.nix @@ -12,6 +12,7 @@ , grub-devices ? [ "nodev" ] , efi ? true , enableOCR ? false + , postDisko ? "" , testMode ? "direct" # can be one of direct module cli , testBoot ? true # if we actually want to test booting or just create/mount }: @@ -148,6 +149,8 @@ machine.succeed("${tsp-disko}") # verify that we can destroy and recreate ''} + ${postDisko} + ${lib.optionalString testBoot '' # mount nix-store in /mnt machine.succeed("mkdir -p /mnt/nix/store") diff --git a/tests/zfs.nix b/tests/zfs.nix index d88070e..ce60789 100644 --- a/tests/zfs.nix +++ b/tests/zfs.nix @@ -5,7 +5,16 @@ makeDiskoTest { disko-config = ../example/zfs.nix; extraConfig = { fileSystems."/zfs_legacy_fs".options = [ "nofail" ]; # TODO find out why we need this! + boot.zfs.requestEncryptionCredentials = true; }; + postDisko = '' + machine.succeed("zfs set keylocation=prompt zroot/encrypted") + ''; + enableOCR = true; + bootCommands = '' + machine.wait_for_text("passphrase for") + machine.send_chars("secretsecret\n") + ''; extraTestScript = '' machine.succeed("test -b /dev/zvol/zroot/zfs_testvolume"); @@ -25,5 +34,8 @@ makeDiskoTest { machine.succeed("mountpoint /zfs_fs"); machine.succeed("mountpoint /zfs_legacy_fs"); machine.succeed("mountpoint /ext4onzfs"); + machine.succeed("mountpoint /zfs_crypted"); + machine.succeed("zfs get keystatus zroot/encrypted"); + machine.succeed("zfs get keystatus zroot/encrypted/test"); ''; }