alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

nixos: Don't use grep to request ZFS credentials, and consider keystatus

Browse source
This commit is contained in:
Will Fancher 2022-05-03 13:39:54 -04:00
parent 3a71b11329
commit e0b5ba5479
1 changed files with 9 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
nixos/modules/tasks/filesystems/zfs.nix
View file

@ -97,6 +97,11 @@ let
in in
map (x: "${mountPoint x}.mount") (getPoolFilesystems pool); map (x: "${mountPoint x}.mount") (getPoolFilesystems pool);
getKeyLocations = pool:
if isBool cfgZfs.requestEncryptionCredentials
then "${cfgZfs.package}/sbin/zfs list -rHo name,keylocation,keystatus ${pool}"
else "${cfgZfs.package}/sbin/zfs list -Ho name,keylocation,keystatus ${toString (filter (x: datasetToPool x == pool) cfgZfs.requestEncryptionCredentials)}";
createImportService = { pool, systemd, force, prefix ? "" }: createImportService = { pool, systemd, force, prefix ? "" }:
nameValuePair "zfs-import-${pool}" { nameValuePair "zfs-import-${pool}" {
description = "Import ZFS pool \"${pool}\""; description = "Import ZFS pool \"${pool}\"";
@ -137,13 +142,11 @@ let
${optionalString (if isBool cfgZfs.requestEncryptionCredentials ${optionalString (if isBool cfgZfs.requestEncryptionCredentials
then cfgZfs.requestEncryptionCredentials then cfgZfs.requestEncryptionCredentials
else cfgZfs.requestEncryptionCredentials != []) '' else cfgZfs.requestEncryptionCredentials != []) ''
${cfgZfs.package}/sbin/zfs list -rHo name,keylocation ${pool} | while IFS=$'\t' read ds kl; do ${getKeyLocations pool} | while IFS=$'\t' read ds kl ks; do
{ {
${optionalString (!isBool cfgZfs.requestEncryptionCredentials) '' if [[ "$ks" != unavailable ]]; then
if ! echo '${concatStringsSep "\n" cfgZfs.requestEncryptionCredentials}' | grep -qFx "$ds"; then continue
continue fi
fi
''}
case "$kl" in case "$kl" in
none ) none )
;; ;;