ZFS: Difference between revisions

Line 295:

* In order to use DHCP in the initrd, network manager must not be enabled and <code>networking.useDHCP = true;</code> must be set.

* If your network card isn't started, you'll need to add the according kernel module to the initrd as well, e.g. <code>boot.initrd.kernelModules = [ "r8169" ];</code>

=== Import and unlock multiple encrypted pools/dataset at boot ===

If you have not only one encrypted pool/dataset but multiple ones and you want to import and unlock them at boot, so that they can be automounted using the hardware-configuration.nix, you could just amend the <code>boot.initrd.network.postCommands</code> option option.

Unfortunately having an unlock key file stored in an encrypted zfs dataset cannot be used directly, so the pool must use <code>keyformat=password</code> and <code>keylocation=prompt</code>.

The following example follows the remote unlocking with dropbear, but imports another pool also and prompts for unlocking (either when at the machine itself or when logging in remotely:

boot = {

initrd.network = {

enable = true;

ssh = {

enable = true;

port = 2222;

hostECDSAKey = /run/keys/initrd-ssh-key;

authorizedKeys = [ "ssh-rsa AAAA..." ];

};

postCommands = ''

zpool import tankXXX

echo "zfs load-key -a; killall zfs" >> /root/.profile

'';

};

</syntaxHighlight>

When you login by SSH into dropbear or at the machine itself, you will be prompted to supply the unlocking password for your zroot and tankXXX pools.

== Encrypted Dataset Format Change ==