Unverified Commit dbb940f4 authored by Rene Hollander's avatar Rene Hollander
Browse files

nixos/zfs: disable unlock timeout with systemd 

Currently systemd-ask-passwd times out after 1m30s. After 3 tries this
causees systemd to enter the emergency shell and basically lead to an
unbootable system requiring a reboot to be able to try to unlock again.

Also if a pool is imported but not unlocked, the unlock step will no
longer be skipped.
parent 897876e4

nixos/modules/tasks/filesystems/zfs.nix

+20 −9
Original line number Diff line number Diff line
@@ -137,7 +137,7 @@ let 
        awkCmd = "${pkgs.gawk}/bin/awk";

        inherit cfgZfs;

      }) + ''

        poolImported "${pool}" && exit

        if ! poolImported "${pool}"; then

          echo -n "importing ZFS pool \"${pool}\"..."

          # Loop across the import until it succeeds, because the devices needed may not be discovered yet.

          for trial in `seq 1 60`; do
@@ -145,6 +145,7 @@ let 
            sleep 1

          done

          poolImported "${pool}" || poolImport "${pool}"  # Try one last time, e.g. to import a degraded pool.

        fi

        if poolImported "${pool}"; then

          ${optionalString keyLocations.hasKeys ''

            ${keyLocations.command} | while IFS=$'\t' read ds kl ks; do
@@ -159,7 +160,7 @@ let 
                  tries=3

                  success=false

                  while [[ $success != true ]] && [[ $tries -gt 0 ]]; do

                    ${systemd}/bin/systemd-ask-password "Enter key for $ds:" | ${cfgZfs.package}/sbin/zfs load-key "$ds" \

                    ${systemd}/bin/systemd-ask-password --timeout=${toString cfgZfs.passwordTimeout} "Enter key for $ds:" | ${cfgZfs.package}/sbin/zfs load-key "$ds" \

                      && success=true \

                      || tries=$((tries - 1))

                  done
@@ -312,6 +313,16 @@ in 
          an interactive prompt (keylocation=prompt) and from a file (keylocation=file://).

        '';

      };



      passwordTimeout = mkOption {

        type = types.int;

        default = 0;

        description = lib.mdDoc ''

          Timeout in seconds to wait for password entry for decrypt at boot.



          Defaults to 0, which waits forever.

        '';

      };

    };



    services.zfs.autoSnapshot = {