swap: don't activate random encrypted swap files

This requires more code and is not implemented just now.
This commit is contained in:
Jörg Thalheim 2023-11-12 10:46:36 +01:00 committed by mergify[bot]
parent 2d7d77878c
commit 3cb78c93e6
3 changed files with 14 additions and 13 deletions

View file

@ -24,11 +24,17 @@
mountpoint = "/"; mountpoint = "/";
}; };
}; };
swap = { encryptedSwap = {
size = "100%"; size = "10M";
content = { content = {
type = "swap"; type = "swap";
randomEncryption = true; randomEncryption = true;
};
};
plainSwap = {
size = "100%";
content = {
type = "swap";
resumeDevice = true; # resume from hiberation from this device resumeDevice = true; # resume from hiberation from this device
}; };
}; };
@ -38,4 +44,3 @@
}; };
}; };
} }

View file

@ -47,7 +47,8 @@
}; };
_mount = diskoLib.mkMountOption { _mount = diskoLib.mkMountOption {
inherit config options; inherit config options;
default = { # TODO: we don't support encrypted swap yet
default = lib.optionalAttrs (!config.randomEncryption) {
fs.${config.device} = '' fs.${config.device} = ''
if ! swapon --show | grep -q "^$(readlink -f ${config.device}) "; then if ! swapon --show | grep -q "^$(readlink -f ${config.device}) "; then
swapon ${config.device} swapon ${config.device}

View file

@ -6,17 +6,12 @@ diskoLib.testLib.makeDiskoTest {
name = "swap"; name = "swap";
disko-config = ../example/swap.nix; disko-config = ../example/swap.nix;
extraTestScript = '' extraTestScript = ''
import json
machine.succeed("mountpoint /"); machine.succeed("mountpoint /");
machine.succeed("swapon --show >&2"); machine.succeed("swapon --show >&2");
machine.succeed(""" out = json.loads(machine.succeed("lsblk --json /dev/vda"))
lsblk --json | mnt_point = out["blockdevices"][0]["children"][1]["children"][0]["mountpoints"][0]
jq -e '.blockdevices[] | assert mnt_point == "[SWAP]"
select(.name == "vda") |
.children[] |
select(.name == "vda3") |
.children[0].mountpoints[0] == "[SWAP]"
'
""");
''; '';
extraSystemConfig = { extraSystemConfig = {
environment.systemPackages = [ pkgs.jq ]; environment.systemPackages = [ pkgs.jq ];