nixos: Don't use grep to request ZFS credentials, and consider keystatus
This commit is contained in:
parent
3a71b11329
commit
e0b5ba5479
1 changed files with 9 additions and 6 deletions
|
@ -97,6 +97,11 @@ let
|
||||||
in
|
in
|
||||||
map (x: "${mountPoint x}.mount") (getPoolFilesystems pool);
|
map (x: "${mountPoint x}.mount") (getPoolFilesystems pool);
|
||||||
|
|
||||||
|
getKeyLocations = pool:
|
||||||
|
if isBool cfgZfs.requestEncryptionCredentials
|
||||||
|
then "${cfgZfs.package}/sbin/zfs list -rHo name,keylocation,keystatus ${pool}"
|
||||||
|
else "${cfgZfs.package}/sbin/zfs list -Ho name,keylocation,keystatus ${toString (filter (x: datasetToPool x == pool) cfgZfs.requestEncryptionCredentials)}";
|
||||||
|
|
||||||
createImportService = { pool, systemd, force, prefix ? "" }:
|
createImportService = { pool, systemd, force, prefix ? "" }:
|
||||||
nameValuePair "zfs-import-${pool}" {
|
nameValuePair "zfs-import-${pool}" {
|
||||||
description = "Import ZFS pool \"${pool}\"";
|
description = "Import ZFS pool \"${pool}\"";
|
||||||
|
@ -137,13 +142,11 @@ let
|
||||||
${optionalString (if isBool cfgZfs.requestEncryptionCredentials
|
${optionalString (if isBool cfgZfs.requestEncryptionCredentials
|
||||||
then cfgZfs.requestEncryptionCredentials
|
then cfgZfs.requestEncryptionCredentials
|
||||||
else cfgZfs.requestEncryptionCredentials != []) ''
|
else cfgZfs.requestEncryptionCredentials != []) ''
|
||||||
${cfgZfs.package}/sbin/zfs list -rHo name,keylocation ${pool} | while IFS=$'\t' read ds kl; do
|
${getKeyLocations pool} | while IFS=$'\t' read ds kl ks; do
|
||||||
{
|
{
|
||||||
${optionalString (!isBool cfgZfs.requestEncryptionCredentials) ''
|
if [[ "$ks" != unavailable ]]; then
|
||||||
if ! echo '${concatStringsSep "\n" cfgZfs.requestEncryptionCredentials}' | grep -qFx "$ds"; then
|
continue
|
||||||
continue
|
fi
|
||||||
fi
|
|
||||||
''}
|
|
||||||
case "$kl" in
|
case "$kl" in
|
||||||
none )
|
none )
|
||||||
;;
|
;;
|
||||||
|
|
Loading…
Reference in a new issue