feat(zfs): Allow toggle for compression and encryption (#3)
This commit is contained in:
parent
7f2b16c6a4
commit
ba181c5fce
34
setup.sh
34
setup.sh
@ -152,21 +152,32 @@ function set_zpool_password () {
|
||||
|
||||
function import_pool () {
|
||||
zpool import -d '/dev/disk/by-partuuid' -R '/mnt' "${zpool_name}" -N -f
|
||||
zfs load-key "${zpool_name}"
|
||||
[[ ! "${ARCHZBM_ZFSPROPS_NO_ENCRYPTION}" ]] && zfs load-key "${zpool_name}"
|
||||
}
|
||||
|
||||
function create_pool () {
|
||||
# Create a temporary pool that is not cached
|
||||
#
|
||||
# Add zfsprops 'compression' unless environment variable
|
||||
# ARCHZBM_ZFSPROPS_NO_COMPRESSION is set to any value.
|
||||
#
|
||||
# Add zfsprops 'encryption' along with 'keyformat' and a 'keylocation'
|
||||
# unless environment variable ARCHZBM_ZFSPROPS_NO_ENCRYPTION is set to
|
||||
# any value.
|
||||
zpool create -f \
|
||||
-o 'ashift=12' \
|
||||
-o 'autotrim=on' \
|
||||
-O 'acltype=posix' \
|
||||
-O 'compression=on' \
|
||||
$([[ ! "${ARCHZBM_ZFSPROPS_NO_COMPRESSION}" ]] && \
|
||||
printf -- '%s ' \
|
||||
'-O compression=on') \
|
||||
-O 'relatime=on' \
|
||||
-O 'xattr=sa' \
|
||||
-O 'encryption=on' \
|
||||
-O 'keyformat=passphrase' \
|
||||
-O 'keylocation=file:///etc/zfs/'"${zpool_name}"'.key' \
|
||||
$([[ ! "${ARCHZBM_ZFSPROPS_NO_ENCRYPTION}" ]] && \
|
||||
printf -- '%s ' \
|
||||
'-O encryption=on' \
|
||||
'-O keyformat=passphrase' \
|
||||
'-O keylocation=file:///etc/zfs/'"${zpool_name}"'.key') \
|
||||
-O 'normalization=formD' \
|
||||
-O 'mountpoint=none' \
|
||||
-O 'canmount=off' \
|
||||
@ -202,7 +213,7 @@ function setup_zpool () {
|
||||
zpool_drive="$(select_part 'zfs')"
|
||||
drive_by_id="$(get_drive_id "${zpool_drive}")"
|
||||
|
||||
set_zpool_password
|
||||
[[ ! "${ARCHZBM_ZFSPROPS_NO_ENCRYPTION}" ]] && set_zpool_password
|
||||
if no_zpool_exists; then
|
||||
create_pool "${drive_by_id}"
|
||||
create_root_dataset
|
||||
@ -305,14 +316,17 @@ function set_locale () {
|
||||
}
|
||||
|
||||
function add_zfs_hook_to_initramfs () {
|
||||
# Add zfs hook, remove fsck hook from initramfs. Also add plain text key
|
||||
# file into initramfs since it's living inside an encrypted pool anyway.
|
||||
# Add zfs hook, remove fsck hook from initramfs.
|
||||
sed -ri \
|
||||
-e 's'$'\x1''^(FILES=)[^\r\n\f]*'$'\x1''\1(/etc/zfs/'"${zpool_name}"'.key)'$'\x1''g' \
|
||||
-e 's'$'\x1''(HOOKS=)(.*?[\(| ])(filesystems)([\)| ][^\r\n\f]*)'$'\x1''\1\2zfs \3\4'$'\x1''g' \
|
||||
-e 's'$'\x1''((\()(fsck)(\)))'$'\x1''\2\4'$'\x1''g' \
|
||||
-e 's'$'\x1''(([[:space:]]+)(fsck)|(fsck)([[:space:]]+))'$'\x1'''$'\x1''g' \
|
||||
'/mnt/etc/mkinitcpio.conf'
|
||||
# Also unless encryption's unwanted add plain text key file into
|
||||
# initramfs since it's living inside an encrypted pool anyway.
|
||||
[[ ! "${ARCHZBM_ZFSPROPS_NO_ENCRYPTION}" ]] && sed -ri \
|
||||
-e 's'$'\x1''^(FILES=)[^\r\n\f]*'$'\x1''\1(/etc/zfs/'"${zpool_name}"'.key)'$'\x1''g' \
|
||||
'/mnt/etc/mkinitcpio.conf'
|
||||
}
|
||||
|
||||
function set_initramfs_build_list () {
|
||||
@ -329,7 +343,7 @@ function set_initramfs_build_list () {
|
||||
}
|
||||
|
||||
function add_zfs_files_to_new_os () {
|
||||
for zfs_file in '/etc/hostid' '/etc/zfs/zpool.cache' '/etc/zfs/'"${zpool_name}"'.key'; do
|
||||
for zfs_file in '/etc/hostid' '/etc/zfs/zpool.cache' $([[ ! "${ARCHZBM_ZFSPROPS_NO_ENCRYPTION}" ]] && printf -- '%s' '/etc/zfs/'"${zpool_name}"'.key'); do
|
||||
rsync -av --itemize-changes {'','/mnt'}"${zfs_file}"
|
||||
done
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user