nix-community/disko
1
1
Fork 0
mirror of https://github.com/nix-community/disko.git synced 2024-09-19 18:47:16 +03:00
Code Issues Packages Projects Releases Wiki Activity

luks: apply flags set in config.settings

Browse Source
This commit is contained in:
0xadk 2023-12-30 22:43:53 -08:00 committed by mergify[bot]
parent ce3b896151
commit f772d2045e
1 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
lib/types/luks.nix
View File

@ -15,10 +15,17 @@ let
+ "Use passwordFile instead if you want to use interactive login or settings.keyFile if you want to use key file login") + "Use passwordFile instead if you want to use interactive login or settings.keyFile if you want to use key file login")
config.keyFile config.keyFile
else null; else null;
keyFileArgs = ''\ keyFileArgs = ''
${lib.optionalString (keyFile != null) "--key-file ${keyFile}"} \ ${lib.optionalString (keyFile != null) "--key-file ${keyFile}"} \
${lib.optionalString (lib.hasAttr "keyFileSize" config.settings) "--keyfile-size ${builtins.toString config.settings.keyFileSize}"} \ ${lib.optionalString (lib.hasAttr "keyFileSize" config.settings) "--keyfile-size ${builtins.toString config.settings.keyFileSize}"} \
${lib.optionalString (lib.hasAttr "keyFileOffset" config.settings) "--keyfile-offset ${builtins.toString config.settings.keyFileOffset}"} ${lib.optionalString (lib.hasAttr "keyFileOffset" config.settings) "--keyfile-offset ${builtins.toString config.settings.keyFileOffset}"} \
'';
cryptsetupOpen = ''
cryptsetup open ${config.device} ${config.name} \
${lib.optionalString (config.settings.allowDiscards or false) "--allow-discards"} \
${lib.optionalString (config.settings.bypassWorkqueues or false) "--perf-no_read_workqueue --perf-no_write_workqueue"} \
${toString config.extraOpenArgs} \
${keyFileArgs} \
''; '';
in in
{ {
@ -120,12 +127,11 @@ in
done done
set -x set -x
''} ''}
cryptsetup -q luksFormat ${config.device} ${toString config.extraFormatArgs} \ cryptsetup -q luksFormat ${config.device} ${toString config.extraFormatArgs} ${keyFileArgs}
${keyFileArgs} ${cryptsetupOpen} --persistent
cryptsetup open ${config.device} ${config.name} \ ${toString (lib.forEach config.additionalKeyFiles (keyFile: ''
${toString config.extraOpenArgs} \ cryptsetup luksAddKey ${config.device} ${keyFile} ${keyFileArgs}
${keyFileArgs} ''))}
${toString (lib.lists.forEach config.additionalKeyFiles (x: "cryptsetup luksAddKey ${config.device} ${x} ${keyFileArgs}"))}
${lib.optionalString (config.content != null) config.content._create} ${lib.optionalString (config.content != null) config.content._create}
''; '';
}; };
@ -145,8 +151,7 @@ in
export password export password
set -x set -x
''} ''}
cryptsetup open ${config.device} ${config.name} \ ${cryptsetupOpen}
${keyFileArgs}
fi fi
${lib.optionalString (config.content != null) contentMount.dev or ""} ${lib.optionalString (config.content != null) contentMount.dev or ""}
''; '';