|
|
Line 176: |
Line 176: |
| if pgrep -x "zfs" > /dev/null | | if pgrep -x "zfs" > /dev/null |
| then | | then |
| | zpool import -a |
| zfs load-key -a | | zfs load-key -a |
| killall zfs | | killall zfs |
Line 190: |
Line 191: |
| boot.kernelModules = [ "r8169" ]; | | boot.kernelModules = [ "r8169" ]; |
| boot.initrd.kernelModules = [ "r8169" ];</syntaxhighlight> | | boot.initrd.kernelModules = [ "r8169" ];</syntaxhighlight> |
|
| |
| === Import and unlock multiple encrypted pools/dataset at boot ===
| |
| If you have not only one encrypted pool/dataset but multiple ones and you want to import and unlock them at boot, so that they can be automounted using the hardware-configuration.nix, you could just amend the <code>boot.initrd.network.postCommands</code> option.
| |
|
| |
| Unfortunately having an unlock key file stored in an encrypted zfs dataset cannot be used directly, so the pool must use <code>keyformat=passphrase</code> and <code>keylocation=prompt</code>.
| |
|
| |
| The following example follows the remote unlocking with OpenSSH, but imports another pool also and prompts for unlocking (either when at the machine itself or when logging in remotely:
| |
|
| |
| <syntaxhighlight lang="nix">
| |
| boot = {
| |
| initrd.network = {
| |
| enable = true;
| |
| ssh = {
| |
| enable = true;
| |
| port = 2222;
| |
| hostKeys = [ /path/to/ssh_host_rsa_key ];
| |
| authorizedKeys = [ "ssh-rsa AAAA..." ];
| |
| };
| |
| postCommands = ''
| |
| zpool import tankXXX
| |
| echo "zfs load-key -a; killall zfs" >> /root/.profile
| |
| '';
| |
| };
| |
| };
| |
| </syntaxhighlight>
| |
|
| |
| When you login by SSH into the box or when you have physical access to the machine itself, you will be prompted to supply the unlocking password for your zroot and tankXXX pools.
| |
|
| |
|
| == NFS share == | | == NFS share == |