pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #229318 from ReneHollander/fix/nixos-zfs-systemd-unlock-times-out

nixos/zfs: disable unlock timeout with systemd

Will Fancher edcd3d30 203c6bea

options
unified split
Changed files
+20 -9
nixos
modules
tasks
filesystems
zfs.nix
+20 -9
nixos/modules/tasks/filesystems/zfs.nix 
···

       
137

       
137

       
 

       
        awkCmd = "${pkgs.gawk}/bin/awk";


     

       
138

       
138

       
 

       
        inherit cfgZfs;


     

       
139

       
139

       
 

       
      }) + ''


     

       
140

       

       
-

       
        poolImported "${pool}" && exit


     

       
141

       

       
-

       
        echo -n "importing ZFS pool \"${pool}\"..."


     

       
142

       

       
-

       
        # Loop across the import until it succeeds, because the devices needed may not be discovered yet.


     

       
143

       

       
-

       
        for trial in `seq 1 60`; do


     

       
144

       

       
-

       
          poolReady "${pool}" && poolImport "${pool}" && break


     

       
145

       

       
-

       
          sleep 1


     

       
146

       

       
-

       
        done


     

       
147

       

       
-

       
        poolImported "${pool}" || poolImport "${pool}"  # Try one last time, e.g. to import a degraded pool.


     

       

       
140

       
+

       
        if ! poolImported "${pool}"; then


     

       

       
141

       
+

       
          echo -n "importing ZFS pool \"${pool}\"..."


     

       

       
142

       
+

       
          # Loop across the import until it succeeds, because the devices needed may not be discovered yet.


     

       

       
143

       
+

       
          for trial in `seq 1 60`; do


     

       

       
144

       
+

       
            poolReady "${pool}" && poolImport "${pool}" && break


     

       

       
145

       
+

       
            sleep 1


     

       

       
146

       
+

       
          done


     

       

       
147

       
+

       
          poolImported "${pool}" || poolImport "${pool}"  # Try one last time, e.g. to import a degraded pool.


     

       

       
148

       
+

       
        fi


     

       
148

       
149

       
 

       
        if poolImported "${pool}"; then


     

       
149

       
150

       
 

       
          ${optionalString keyLocations.hasKeys ''


     

       
150

       
151

       
 

       
            ${keyLocations.command} | while IFS=$'\t' read ds kl ks; do


     
···

       
159

       
160

       
 

       
                  tries=3


     

       
160

       
161

       
 

       
                  success=false


     

       
161

       
162

       
 

       
                  while [[ $success != true ]] && [[ $tries -gt 0 ]]; do


     

       
162

       

       
-

       
                    ${systemd}/bin/systemd-ask-password "Enter key for $ds:" | ${cfgZfs.package}/sbin/zfs load-key "$ds" \


     

       

       
163

       
+

       
                    ${systemd}/bin/systemd-ask-password --timeout=${toString cfgZfs.passwordTimeout} "Enter key for $ds:" | ${cfgZfs.package}/sbin/zfs load-key "$ds" \


     

       
163

       
164

       
 

       
                      && success=true \


     

       
164

       
165

       
 

       
                      || tries=$((tries - 1))


     

       
165

       
166

       
 

       
                  done


     
···

       
310

       
311

       
 

       
          are requested. To only decrypt selected datasets supply a list of dataset


     

       
311

       
312

       
 

       
          names instead. For root pools the encryption key can be supplied via both


     

       
312

       
313

       
 

       
          an interactive prompt (keylocation=prompt) and from a file (keylocation=file://).


     

       

       
314

       
+

       
        '';


     

       

       
315

       
+

       
      };


     

       

       
316

       
+

       



     

       

       
317

       
+

       
      passwordTimeout = mkOption {


     

       

       
318

       
+

       
        type = types.int;


     

       

       
319

       
+

       
        default = 0;


     

       

       
320

       
+

       
        description = lib.mdDoc ''


     

       

       
321

       
+

       
          Timeout in seconds to wait for password entry for decrypt at boot.


     

       

       
322

       
+

       



     

       

       
323

       
+

       
          Defaults to 0, which waits forever.


     

       
313

       
324

       
 

       
        '';


     

       
314

       
325

       
 

       
      };


     

       
315

       
326

       
 

       
    };