mirror of
https://github.com/nix-community/disko.git
synced 2024-09-19 02:27:27 +03:00
luks: apply flags set in config.settings
This commit is contained in:
parent
ce3b896151
commit
f772d2045e
@ -15,10 +15,17 @@ let
|
|||||||
+ "Use passwordFile instead if you want to use interactive login or settings.keyFile if you want to use key file login")
|
+ "Use passwordFile instead if you want to use interactive login or settings.keyFile if you want to use key file login")
|
||||||
config.keyFile
|
config.keyFile
|
||||||
else null;
|
else null;
|
||||||
keyFileArgs = ''\
|
keyFileArgs = ''
|
||||||
${lib.optionalString (keyFile != null) "--key-file ${keyFile}"} \
|
${lib.optionalString (keyFile != null) "--key-file ${keyFile}"} \
|
||||||
${lib.optionalString (lib.hasAttr "keyFileSize" config.settings) "--keyfile-size ${builtins.toString config.settings.keyFileSize}"} \
|
${lib.optionalString (lib.hasAttr "keyFileSize" config.settings) "--keyfile-size ${builtins.toString config.settings.keyFileSize}"} \
|
||||||
${lib.optionalString (lib.hasAttr "keyFileOffset" config.settings) "--keyfile-offset ${builtins.toString config.settings.keyFileOffset}"}
|
${lib.optionalString (lib.hasAttr "keyFileOffset" config.settings) "--keyfile-offset ${builtins.toString config.settings.keyFileOffset}"} \
|
||||||
|
'';
|
||||||
|
cryptsetupOpen = ''
|
||||||
|
cryptsetup open ${config.device} ${config.name} \
|
||||||
|
${lib.optionalString (config.settings.allowDiscards or false) "--allow-discards"} \
|
||||||
|
${lib.optionalString (config.settings.bypassWorkqueues or false) "--perf-no_read_workqueue --perf-no_write_workqueue"} \
|
||||||
|
${toString config.extraOpenArgs} \
|
||||||
|
${keyFileArgs} \
|
||||||
'';
|
'';
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
@ -120,12 +127,11 @@ in
|
|||||||
done
|
done
|
||||||
set -x
|
set -x
|
||||||
''}
|
''}
|
||||||
cryptsetup -q luksFormat ${config.device} ${toString config.extraFormatArgs} \
|
cryptsetup -q luksFormat ${config.device} ${toString config.extraFormatArgs} ${keyFileArgs}
|
||||||
${keyFileArgs}
|
${cryptsetupOpen} --persistent
|
||||||
cryptsetup open ${config.device} ${config.name} \
|
${toString (lib.forEach config.additionalKeyFiles (keyFile: ''
|
||||||
${toString config.extraOpenArgs} \
|
cryptsetup luksAddKey ${config.device} ${keyFile} ${keyFileArgs}
|
||||||
${keyFileArgs}
|
''))}
|
||||||
${toString (lib.lists.forEach config.additionalKeyFiles (x: "cryptsetup luksAddKey ${config.device} ${x} ${keyFileArgs}"))}
|
|
||||||
${lib.optionalString (config.content != null) config.content._create}
|
${lib.optionalString (config.content != null) config.content._create}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
@ -145,8 +151,7 @@ in
|
|||||||
export password
|
export password
|
||||||
set -x
|
set -x
|
||||||
''}
|
''}
|
||||||
cryptsetup open ${config.device} ${config.name} \
|
${cryptsetupOpen}
|
||||||
${keyFileArgs}
|
|
||||||
fi
|
fi
|
||||||
${lib.optionalString (config.content != null) contentMount.dev or ""}
|
${lib.optionalString (config.content != null) contentMount.dev or ""}
|
||||||
'';
|
'';
|
||||||
|
Loading…
Reference in New Issue
Block a user