pyrox.dev
1{ config, lib, pkgs, utils, ... }:
2
3with lib;
4
5let
6
7 bootFs = filterAttrs (n: fs: (fs.fsType == "bcachefs") && (utils.fsNeededForBoot fs)) config.fileSystems;
8
9 commonFunctions = ''
10 prompt() {
11 local name="$1"
12 printf "enter passphrase for $name: "
13 }
14 tryUnlock() {
15 local name="$1"
16 local path="$2"
17 if bcachefs unlock -c $path > /dev/null 2> /dev/null; then # test for encryption
18 prompt $name
19 until bcachefs unlock $path 2> /dev/null; do # repeat until sucessfully unlocked
20 printf "unlocking failed!\n"
21 prompt $name
22 done
23 printf "unlocking successful.\n"
24 fi
25 }
26 '';
27
28 openCommand = name: fs:
29 let
30 # we need only unlock one device manually, and cannot pass multiple at once
31 # remove this adaptation when bcachefs implements mounting by filesystem uuid
32 # also, implement automatic waiting for the constituent devices when that happens
33 # bcachefs does not support mounting devices with colons in the path, ergo we don't (see #49671)
34 firstDevice = head (splitString ":" fs.device);
35 in
36 ''
37 tryUnlock ${name} ${firstDevice}
38 '';
39
40in
41
42{
43 config = mkIf (elem "bcachefs" config.boot.supportedFilesystems) (mkMerge [
44 {
45 system.fsPackages = [ pkgs.bcachefs-tools ];
46
47 # use kernel package with bcachefs support until it's in mainline
48 boot.kernelPackages = pkgs.linuxPackages_testing_bcachefs;
49 }
50
51 (mkIf ((elem "bcachefs" config.boot.initrd.supportedFilesystems) || (bootFs != {})) {
52 # chacha20 and poly1305 are required only for decryption attempts
53 boot.initrd.availableKernelModules = [ "bcachefs" "sha256" "chacha20" "poly1305" ];
54
55 boot.initrd.extraUtilsCommands = ''
56 copy_bin_and_libs ${pkgs.bcachefs-tools}/bin/bcachefs
57 '';
58 boot.initrd.extraUtilsCommandsTest = ''
59 $out/bin/bcachefs version
60 '';
61
62 boot.initrd.postDeviceCommands = commonFunctions + concatStrings (mapAttrsToList openCommand bootFs);
63 })
64 ]);
65}