nixos/clevis: guard zfs code behind config.clevis.boot.initrd.enable

This commit is contained in:
Julien Malka 2023-12-04 15:09:49 +00:00
parent c0443ea94c
commit 9b6b934949

View file

@ -157,7 +157,7 @@ let
poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool. poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool.
fi fi
if poolImported "${pool}"; then if poolImported "${pool}"; then
${concatMapStringsSep "\n" (elem: "clevis decrypt < /etc/clevis/${elem}.jwe | zfs load-key ${elem} || true ") (filter (p: (elemAt (splitString "/" p) 0) == pool) clevisDatasets)} ${optionalString config.boot.initrd.clevis.enable (concatMapStringsSep "\n" (elem: "clevis decrypt < /etc/clevis/${elem}.jwe | zfs load-key ${elem} || true ") (filter (p: (elemAt (splitString "/" p) 0) == pool) clevisDatasets))}
${optionalString keyLocations.hasKeys '' ${optionalString keyLocations.hasKeys ''
@ -630,7 +630,7 @@ in
poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool. poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool.
fi fi
${concatMapStringsSep "\n" (elem: "clevis decrypt < /etc/clevis/${elem}.jwe | zfs load-key ${elem}") (filter (p: (elemAt (splitString "/" p) 0) == pool) clevisDatasets)} ${optionalString config.boot.initrd.clevis.enable (concatMapStringsSep "\n" (elem: "clevis decrypt < /etc/clevis/${elem}.jwe | zfs load-key ${elem}") (filter (p: (elemAt (splitString "/" p) 0) == pool) clevisDatasets))}
${if isBool cfgZfs.requestEncryptionCredentials ${if isBool cfgZfs.requestEncryptionCredentials
then optionalString cfgZfs.requestEncryptionCredentials '' then optionalString cfgZfs.requestEncryptionCredentials ''