From 3cb78c93e6a02f494aaf6aeb37481c27a2e2ee22 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Sun, 12 Nov 2023 10:46:36 +0100
Subject: [PATCH] swap: don't activate random encrypted swap files

This requires more code and is not implemented just now.
---
 example/swap.nix   | 11 ++++++++---
 lib/types/swap.nix |  3 ++-
 tests/swap.nix     | 13 ++++---------
 3 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/example/swap.nix b/example/swap.nix
index 089c004..5d59004 100644
--- a/example/swap.nix
+++ b/example/swap.nix
@@ -24,11 +24,17 @@
                 mountpoint = "/";
               };
             };
-            swap = {
-              size = "100%";
+            encryptedSwap = {
+              size = "10M";
               content = {
                 type = "swap";
                 randomEncryption = true;
+              };
+            };
+            plainSwap = {
+              size = "100%";
+              content = {
+                type = "swap";
                 resumeDevice = true; # resume from hiberation from this device
               };
             };
@@ -38,4 +44,3 @@
     };
   };
 }
-
diff --git a/lib/types/swap.nix b/lib/types/swap.nix
index e5cfbaa..35bec2b 100644
--- a/lib/types/swap.nix
+++ b/lib/types/swap.nix
@@ -47,7 +47,8 @@
     };
     _mount = diskoLib.mkMountOption {
       inherit config options;
-      default = {
+      # TODO: we don't support encrypted swap yet
+      default = lib.optionalAttrs (!config.randomEncryption) {
         fs.${config.device} = ''
           if ! swapon --show | grep -q "^$(readlink -f ${config.device}) "; then
             swapon ${config.device}
diff --git a/tests/swap.nix b/tests/swap.nix
index e7da8c9..57e7eb2 100644
--- a/tests/swap.nix
+++ b/tests/swap.nix
@@ -6,17 +6,12 @@ diskoLib.testLib.makeDiskoTest {
   name = "swap";
   disko-config = ../example/swap.nix;
   extraTestScript = ''
+    import json
     machine.succeed("mountpoint /");
     machine.succeed("swapon --show >&2");
-    machine.succeed("""
-      lsblk --json |
-        jq -e '.blockdevices[] |
-          select(.name == "vda") |
-          .children[] |
-          select(.name == "vda3") |
-          .children[0].mountpoints[0] == "[SWAP]"
-        '
-    """);
+    out = json.loads(machine.succeed("lsblk --json /dev/vda"))
+    mnt_point = out["blockdevices"][0]["children"][1]["children"][0]["mountpoints"][0]
+    assert mnt_point == "[SWAP]"
   '';
   extraSystemConfig = {
     environment.systemPackages = [ pkgs.jq ];