diff options
author | Albert Peschar <albert@peschar.net> | 2023-04-18 17:44:25 +0300 |
---|---|---|
committer | Albert Peschar <albert@peschar.net> | 2023-04-18 17:44:25 +0300 |
commit | 0f05321d784fdd9e6b3a80aabe292a32d28e96c1 (patch) | |
tree | ee465b53d2ca6c2d5081ebf0265d5c2b5f0c4d9d /nixos | |
parent | 75c131fc1b791b66225c2f5e4d95c6fc8e773efd (diff) |
zfs: enable keylocation=http://
When ZFS is built with cURL, it allows retrieving encryption keys from URLs automatically.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/tests/zfs.nix | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/nixos/tests/zfs.nix b/nixos/tests/zfs.nix index bcb9d9bcfd60d..ce2796b67da42 100644 --- a/nixos/tests/zfs.nix +++ b/nixos/tests/zfs.nix @@ -80,6 +80,11 @@ let fsType = "zfs"; options = [ "noauto" ]; }; + virtualisation.fileSystems."/manual/httpkey" = { + device = "manual/httpkey"; + fsType = "zfs"; + options = [ "noauto" ]; + }; }; specialisation.forcepool.configuration = { @@ -92,6 +97,19 @@ let options = [ "noauto" ]; }; }; + + services.nginx = { + enable = true; + virtualHosts = { + localhost = { + locations = { + "/zfskey" = { + return = ''200 "httpkeyabc"''; + }; + }; + }; + }; + }; }; testScript = '' @@ -130,6 +148,8 @@ let "zpool create -O mountpoint=legacy manual /dev/vdd1", "echo otherpass | zfs create " + "-o encryption=aes-256-gcm -o keyformat=passphrase manual/encrypted", + "zfs create -o encryption=aes-256-gcm -o keyformat=passphrase " + + "-o keylocation=http://localhost/zfskey manual/httpkey", "bootctl set-default nixos-generation-1-specialisation-encryption.conf", "sync", "zpool export automatic", @@ -141,10 +161,12 @@ let machine.send_console("password\n") machine.wait_for_unit("multi-user.target") machine.succeed( - "zfs get keystatus manual/encrypted | grep unavailable", + "zfs get -Ho value keystatus manual/encrypted | grep -Fx unavailable", "echo otherpass | zfs load-key manual/encrypted", "systemctl start manual-encrypted.mount", - "umount /automatic /manual/encrypted /manual", + "zfs load-key manual/httpkey", + "systemctl start manual-httpkey.mount", + "umount /automatic /manual/encrypted /manual/httpkey /manual", "zpool destroy automatic", "zpool destroy manual", ) |