diff --git a/nixos/modules/system/boot/stage-1-init.sh b/nixos/modules/system/boot/stage-1-init.sh index 3bc33a20a09f..6a4ac8128ab3 100644 --- a/nixos/modules/system/boot/stage-1-init.sh +++ b/nixos/modules/system/boot/stage-1-init.sh @@ -246,10 +246,7 @@ checkFS() { if [ "$fsType" = iso9660 -o "$fsType" = udf ]; then return 0; fi # Don't check resilient COWs as they validate the fs structures at mount time - if [ "$fsType" = btrfs -o "$fsType" = zfs ]; then return 0; fi - - # Skip fsck for bcachefs - not implemented yet. - if [ "$fsType" = bcachefs ]; then return 0; fi + if [ "$fsType" = btrfs -o "$fsType" = zfs -o "$fsType" = bcachefs ]; then return 0; fi # Skip fsck for nilfs2 - not needed by design and no fsck tool for this filesystem. if [ "$fsType" = nilfs2 ]; then return 0; fi diff --git a/nixos/modules/tasks/filesystems/bcachefs.nix b/nixos/modules/tasks/filesystems/bcachefs.nix index 227707173a3d..5fda24adb978 100644 --- a/nixos/modules/tasks/filesystems/bcachefs.nix +++ b/nixos/modules/tasks/filesystems/bcachefs.nix @@ -1,26 +1,65 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, utils, ... }: with lib; let - inInitrd = any (fs: fs == "bcachefs") config.boot.initrd.supportedFilesystems; + bootFs = filterAttrs (n: fs: (fs.fsType == "bcachefs") && (utils.fsNeededForBoot fs)) config.fileSystems; + + commonFunctions = '' + prompt() { + local name="$1" + printf "enter passphrase for $name: " + } + tryUnlock() { + local name="$1" + local path="$2" + if bcachefs unlock -c $path > /dev/null 2> /dev/null; then # test for encryption + prompt $name + until bcachefs unlock $path 2> /dev/null; do # repeat until sucessfully unlocked + printf "unlocking failed!\n" + prompt $name + done + printf "unlocking successful.\n" + fi + } + ''; + + openCommand = name: fs: + let + # we need only unlock one device manually, and cannot pass multiple at once + # remove this adaptation when bcachefs implements mounting by filesystem uuid + # also, implement automatic waiting for the constituent devices when that happens + # bcachefs does not support mounting devices with colons in the path, ergo we don't (see #49671) + firstDevice = head (splitString ":" fs.device); + in + '' + tryUnlock ${name} ${firstDevice} + ''; in { - config = mkIf (any (fs: fs == "bcachefs") config.boot.supportedFilesystems) { + config = mkIf (elem "bcachefs" config.boot.supportedFilesystems) (mkMerge [ + { + system.fsPackages = [ pkgs.bcachefs-tools ]; - system.fsPackages = [ pkgs.bcachefs-tools ]; + # use kernel package with bcachefs support until it's in mainline + boot.kernelPackages = pkgs.linuxPackages_testing_bcachefs; + } - # use kernel package with bcachefs support until it's in mainline - boot.kernelPackages = pkgs.linuxPackages_testing_bcachefs; - boot.initrd.availableKernelModules = mkIf inInitrd [ "bcachefs" ]; + (mkIf ((elem "bcachefs" config.boot.initrd.supportedFilesystems) || (bootFs != {})) { + # the cryptographic modules are required only for decryption attempts + boot.initrd.availableKernelModules = [ "bcachefs" "chacha20" "poly1305" ]; - boot.initrd.extraUtilsCommands = mkIf inInitrd - '' - copy_bin_and_libs ${pkgs.bcachefs-tools}/bin/fsck.bcachefs + boot.initrd.extraUtilsCommands = '' + copy_bin_and_libs ${pkgs.bcachefs-tools}/bin/bcachefs + ''; + boot.initrd.extraUtilsCommandsTest = '' + $out/bin/bcachefs version ''; - }; + boot.initrd.postDeviceCommands = commonFunctions + concatStrings (mapAttrsToList openCommand bootFs); + }) + ]); }