mirror of
https://github.com/nix-community/disko
synced 2024-11-10 06:14:14 +00:00
fix cryptsetup luksOpen idempotency, add luks-lvm test
This commit is contained in:
parent
1237ac36db
commit
dd99e29edc
3 changed files with 118 additions and 1 deletions
|
@ -151,7 +151,7 @@ let
|
|||
recursiveUpdate
|
||||
(mount-f { device = "/dev/mapper/${x.name}"; } x.content)
|
||||
{luks.${q.device} = ''
|
||||
cryptsetup luksOpen ${q.device} ${x.name} ${if builtins.hasAttr "keyfile" x then "--key-file " + x.keyfile else ""}
|
||||
cryptsetup status ${x.name} >/dev/null 2>/dev/null || cryptsetup luksOpen ${q.device} ${x.name} ${if builtins.hasAttr "keyfile" x then "--key-file " + x.keyfile else ""}
|
||||
'';}
|
||||
);
|
||||
|
||||
|
|
78
example/luks-lvm.nix
Normal file
78
example/luks-lvm.nix
Normal file
|
@ -0,0 +1,78 @@
|
|||
{
|
||||
type = "devices";
|
||||
content = {
|
||||
vdb = {
|
||||
type = "table";
|
||||
format = "gpt";
|
||||
partitions = [
|
||||
{
|
||||
type = "partition";
|
||||
part-type = "ESP";
|
||||
start = "1MiB";
|
||||
end = "100MiB";
|
||||
fs-type = "FAT32";
|
||||
bootable = true;
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
options = [
|
||||
"defaults"
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
type = "partition";
|
||||
part-type = "primary";
|
||||
start = "100MiB";
|
||||
end = "100%";
|
||||
content = {
|
||||
type = "luks";
|
||||
algo = "aes-xts...";
|
||||
name = "crypted";
|
||||
keyfile = "/tmp/secret.key";
|
||||
extraArgs = [
|
||||
"--hash sha512"
|
||||
"--iter-time 5000"
|
||||
];
|
||||
content = {
|
||||
type = "lvm";
|
||||
name = "pool";
|
||||
lvs = {
|
||||
root = {
|
||||
type = "lv";
|
||||
size = "100M";
|
||||
mountpoint = "/";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "ext4";
|
||||
mountpoint = "/";
|
||||
options = [
|
||||
"defaults"
|
||||
];
|
||||
};
|
||||
};
|
||||
home = {
|
||||
type = "lv";
|
||||
size = "10M";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "ext4";
|
||||
mountpoint = "/home";
|
||||
};
|
||||
};
|
||||
raw = {
|
||||
type = "lv";
|
||||
size = "10M";
|
||||
content = {
|
||||
type = "noop";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
39
tests/luks-lvm.nix
Normal file
39
tests/luks-lvm.nix
Normal file
|
@ -0,0 +1,39 @@
|
|||
{ makeTest ? import <nixpkgs/nixos/tests/make-test-python.nix>
|
||||
, pkgs ? (import <nixpkgs> {})
|
||||
}:
|
||||
let
|
||||
makeTest' = args:
|
||||
makeTest args {
|
||||
inherit pkgs;
|
||||
inherit (pkgs) system;
|
||||
};
|
||||
disko-config = import ../example/luks-lvm.nix;
|
||||
tsp-create = pkgs.writeScript "create" ((pkgs.callPackage ../. {}).create disko-config);
|
||||
tsp-mount = pkgs.writeScript "mount" ((pkgs.callPackage ../. {}).mount disko-config);
|
||||
in makeTest' {
|
||||
name = "disko";
|
||||
|
||||
nodes.machine =
|
||||
{ config, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/profiles/installation-device.nix")
|
||||
(modulesPath + "/profiles/base.nix")
|
||||
];
|
||||
|
||||
# speed-up eval
|
||||
documentation.enable = false;
|
||||
|
||||
virtualisation.emptyDiskImages = [ 512 ];
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
machine.succeed("echo 'secret' > /tmp/secret.key");
|
||||
machine.succeed("${tsp-create}");
|
||||
machine.succeed("${tsp-mount}");
|
||||
machine.succeed("${tsp-mount}"); # verify that the command is idempotent
|
||||
machine.succeed("cryptsetup isLuks /dev/vdb2");
|
||||
machine.succeed("grep -qs '/mnt/home' /proc/mounts");
|
||||
'';
|
||||
}
|
Loading…
Reference in a new issue