···
464
+
# Test whether opening encrypted filesystem with keyfile
465
+
# Checks for regression of missing cryptsetup, when no luks device without
466
+
# keyfile is configured
467
+
filesystemEncryptedWithKeyfile = makeInstallerTest "filesystemEncryptedWithKeyfile"
468
+
{ createPartitions = ''
470
+
"parted /dev/vda mklabel msdos",
471
+
"parted /dev/vda -- mkpart primary ext2 1M 50MB", # /boot
472
+
"parted /dev/vda -- mkpart primary linux-swap 50M 1024M",
473
+
"parted /dev/vda -- mkpart primary 1024M 1280M", # LUKS with keyfile
474
+
"parted /dev/vda -- mkpart primary 1280M -1s",
476
+
"mkswap /dev/vda2 -L swap",
478
+
"mkfs.ext3 -L nixos /dev/vda4",
479
+
"mount LABEL=nixos /mnt",
480
+
"mkfs.ext3 -L boot /dev/vda1",
481
+
"mkdir -p /mnt/boot",
482
+
"mount LABEL=boot /mnt/boot",
483
+
"modprobe dm_mod dm_crypt",
484
+
"echo -n supersecret > /mnt/keyfile",
485
+
"cryptsetup luksFormat -q /dev/vda3 --key-file /mnt/keyfile",
486
+
"cryptsetup luksOpen --key-file /mnt/keyfile /dev/vda3 crypt",
487
+
"mkfs.ext3 -L test /dev/mapper/crypt",
488
+
"cryptsetup luksClose crypt",
489
+
"mkdir -p /mnt/test"
493
+
fileSystems."/test" =
494
+
{ device = "/dev/disk/by-label/test";
496
+
encrypted.enable = true;
497
+
encrypted.blkDev = "/dev/vda3";
498
+
encrypted.label = "crypt";
499
+
encrypted.keyFile = "/mnt-root/keyfile";
swraid = makeInstallerTest "swraid"
pyrox.dev