···
+
# Test whether opening encrypted filesystem with keyfile
+
# Checks for regression of missing cryptsetup, when no luks device without
+
# keyfile is configured
+
filesystemEncryptedWithKeyfile = makeInstallerTest "filesystemEncryptedWithKeyfile"
+
{ createPartitions = ''
+
"parted /dev/vda mklabel msdos",
+
"parted /dev/vda -- mkpart primary ext2 1M 50MB", # /boot
+
"parted /dev/vda -- mkpart primary linux-swap 50M 1024M",
+
"parted /dev/vda -- mkpart primary 1024M 1280M", # LUKS with keyfile
+
"parted /dev/vda -- mkpart primary 1280M -1s",
+
"mkswap /dev/vda2 -L swap",
+
"mkfs.ext3 -L nixos /dev/vda4",
+
"mount LABEL=nixos /mnt",
+
"mkfs.ext3 -L boot /dev/vda1",
+
"mount LABEL=boot /mnt/boot",
+
"modprobe dm_mod dm_crypt",
+
"echo -n supersecret > /mnt/keyfile",
+
"cryptsetup luksFormat -q /dev/vda3 --key-file /mnt/keyfile",
+
"cryptsetup luksOpen --key-file /mnt/keyfile /dev/vda3 crypt",
+
"mkfs.ext3 -L test /dev/mapper/crypt",
+
"cryptsetup luksClose crypt",
+
{ device = "/dev/disk/by-label/test";
+
encrypted.enable = true;
+
encrypted.blkDev = "/dev/vda3";
+
encrypted.label = "crypt";
+
encrypted.keyFile = "/mnt-root/keyfile";
swraid = makeInstallerTest "swraid"
pyrox.dev