diff options
| author | Rene Hollander <mail@renehollander.at> | 2023-05-01 17:41:29 +0200 |
|---|---|---|
| committer | Rene Hollander <mail@renehollander.at> | 2023-05-13 13:53:22 +0200 |
| commit | dbb940f433142d933a54e94f1827f0d09536f138 (patch) | |
| tree | c5a8353fbe9dd9c984e20624e4bde00dc619b82d /nixos | |
| parent | 897876e4c484f1e8f92009fd11b7d988a121a4e7 (diff) | |
nixos/zfs: disable unlock timeout with systemd
Currently systemd-ask-passwd times out after 1m30s. After 3 tries this causees systemd to enter the emergency shell and basically lead to an unbootable system requiring a reboot to be able to try to unlock again. Also if a pool is imported but not unlocked, the unlock step will no longer be skipped.
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/tasks/filesystems/zfs.nix | 29 |
1 files changed, 20 insertions, 9 deletions
diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index 6c77596475170..16dc0c44c18d6 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -137,14 +137,15 @@ let awkCmd = "${pkgs.gawk}/bin/awk"; inherit cfgZfs; }) + '' - poolImported "${pool}" && exit - echo -n "importing ZFS pool \"${pool}\"..." - # Loop across the import until it succeeds, because the devices needed may not be discovered yet. - for trial in `seq 1 60`; do - poolReady "${pool}" && poolImport "${pool}" && break - sleep 1 - done - poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool. + if ! poolImported "${pool}"; then + echo -n "importing ZFS pool \"${pool}\"..." + # Loop across the import until it succeeds, because the devices needed may not be discovered yet. + for trial in `seq 1 60`; do + poolReady "${pool}" && poolImport "${pool}" && break + sleep 1 + done + poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool. + fi if poolImported "${pool}"; then ${optionalString keyLocations.hasKeys '' ${keyLocations.command} | while IFS=$'\t' read ds kl ks; do @@ -159,7 +160,7 @@ let tries=3 success=false while [[ $success != true ]] && [[ $tries -gt 0 ]]; do - ${systemd}/bin/systemd-ask-password "Enter key for $ds:" | ${cfgZfs.package}/sbin/zfs load-key "$ds" \ + ${systemd}/bin/systemd-ask-password --timeout=${toString cfgZfs.passwordTimeout} "Enter key for $ds:" | ${cfgZfs.package}/sbin/zfs load-key "$ds" \ && success=true \ || tries=$((tries - 1)) done @@ -312,6 +313,16 @@ in an interactive prompt (keylocation=prompt) and from a file (keylocation=file://). ''; }; + + passwordTimeout = mkOption { + type = types.int; + default = 0; + description = lib.mdDoc '' + Timeout in seconds to wait for password entry for decrypt at boot. + + Defaults to 0, which waits forever. + ''; + }; }; services.zfs.autoSnapshot = { |