zfs: enable keylocation=http://

When ZFS is built with cURL, it allows retrieving encryption keys from URLs automatically.
author: Albert Peschar <albert@peschar.net> 2023-04-18 17:44:25 +0300
committer: Albert Peschar <albert@peschar.net> 2023-04-18 17:44:25 +0300
commit: 0f05321d784fdd9e6b3a80aabe292a32d28e96c1 (patch)
tree: ee465b53d2ca6c2d5081ebf0265d5c2b5f0c4d9d /nixos/tests
parent: 75c131fc1b791b66225c2f5e4d95c6fc8e773efd (diff)
1 files changed, 24 insertions, 2 deletions
diff --git a/nixos/tests/zfs.nix b/nixos/tests/zfs.nix
index bcb9d9bcfd60d..ce2796b67da42 100644
--- a/nixos/tests/zfs.nix
+++ b/nixos/tests/zfs.nix
@@ -80,6 +80,11 @@ let
             fsType = "zfs";
             options = [ "noauto" ];
           };
+          virtualisation.fileSystems."/manual/httpkey" = {
+            device = "manual/httpkey";
+            fsType = "zfs";
+            options = [ "noauto" ];
+          };
         };
 
         specialisation.forcepool.configuration = {
@@ -92,6 +97,19 @@ let
             options = [ "noauto" ];
           };
         };
+
+        services.nginx = {
+          enable = true;
+          virtualHosts = {
+            localhost = {
+              locations = {
+                "/zfskey" = {
+                  return = ''200 "httpkeyabc"'';
+                };
+              };
+            };
+          };
+        };
       };
 
       testScript = ''
@@ -130,6 +148,8 @@ let
                 "zpool create -O mountpoint=legacy manual /dev/vdd1",
                 "echo otherpass | zfs create "
                 + "-o encryption=aes-256-gcm -o keyformat=passphrase manual/encrypted",
+                "zfs create -o encryption=aes-256-gcm -o keyformat=passphrase "
+                + "-o keylocation=http://localhost/zfskey manual/httpkey",
                 "bootctl set-default nixos-generation-1-specialisation-encryption.conf",
                 "sync",
                 "zpool export automatic",
@@ -141,10 +161,12 @@ let
             machine.send_console("password\n")
             machine.wait_for_unit("multi-user.target")
             machine.succeed(
-                "zfs get keystatus manual/encrypted | grep unavailable",
+                "zfs get -Ho value keystatus manual/encrypted | grep -Fx unavailable",
                 "echo otherpass | zfs load-key manual/encrypted",
                 "systemctl start manual-encrypted.mount",
-                "umount /automatic /manual/encrypted /manual",
+                "zfs load-key manual/httpkey",
+                "systemctl start manual-httpkey.mount",
+                "umount /automatic /manual/encrypted /manual/httpkey /manual",
                 "zpool destroy automatic",
                 "zpool destroy manual",
             )
author	Albert Peschar <albert@peschar.net>	2023-04-18 17:44:25 +0300
committer	Albert Peschar <albert@peschar.net>	2023-04-18 17:44:25 +0300
commit	0f05321d784fdd9e6b3a80aabe292a32d28e96c1 (patch)
tree	ee465b53d2ca6c2d5081ebf0265d5c2b5f0c4d9d /nixos/tests
parent	75c131fc1b791b66225c2f5e4d95c6fc8e773efd (diff)