nixos/zfs: disable unlock timeout with systemd

Currently systemd-ask-passwd times out after 1m30s. After 3 tries this causees systemd to enter the emergency shell and basically lead to an unbootable system requiring a reboot to be able to try to unlock again. Also if a pool is imported but not unlocked, the unlock step will no longer be skipped.
2023-05-01 17:41:29 +02:00 · 2023-05-01 17:41:29 +02:00 · dbb940f433
parent 897876e4c4
commit dbb940f433
1 changed files with 20 additions and 9 deletions
--- a/nixos/modules/tasks/filesystems/zfs.nix
+++ b/nixos/modules/tasks/filesystems/zfs.nix
@ -137,14 +137,15 @@ let
        awkCmd = "${pkgs.gawk}/bin/awk";
        inherit cfgZfs;
      }) + ''
-        poolImported "${pool}" && exit
-        echo -n "importing ZFS pool \"${pool}\"..."
-        # Loop across the import until it succeeds, because the devices needed may not be discovered yet.
-        for trial in `seq 1 60`; do
-          poolReady "${pool}" && poolImport "${pool}" && break
-          sleep 1
-        done
-        poolImported "${pool}" || poolImport "${pool}"  # Try one last time, e.g. to import a degraded pool.
+        if ! poolImported "${pool}"; then
+          echo -n "importing ZFS pool \"${pool}\"..."
+          # Loop across the import until it succeeds, because the devices needed may not be discovered yet.
+          for trial in `seq 1 60`; do
+            poolReady "${pool}" && poolImport "${pool}" && break
+            sleep 1
+          done
+          poolImported "${pool}" || poolImport "${pool}"  # Try one last time, e.g. to import a degraded pool.
+        fi
        if poolImported "${pool}"; then
          ${optionalString keyLocations.hasKeys ''
            ${keyLocations.command} | while IFS=$'\t' read ds kl ks; do
@ -159,7 +160,7 @@ let
                  tries=3
                  success=false
                  while [[ $success != true ]] && [[ $tries -gt 0 ]]; do
-                    ${systemd}/bin/systemd-ask-password "Enter key for $ds:" | ${cfgZfs.package}/sbin/zfs load-key "$ds" \
+                    ${systemd}/bin/systemd-ask-password --timeout=${toString cfgZfs.passwordTimeout} "Enter key for $ds:" | ${cfgZfs.package}/sbin/zfs load-key "$ds" \
                      && success=true \
                      || tries=$((tries - 1))
                  done
@ -312,6 +313,16 @@ in
          an interactive prompt (keylocation=prompt) and from a file (keylocation=file://).
        '';
      };
+
+      passwordTimeout = mkOption {
+        type = types.int;
+        default = 0;
+        description = lib.mdDoc ''
+          Timeout in seconds to wait for password entry for decrypt at boot.
+
+          Defaults to 0, which waits forever.
+        '';
+      };
    };

    services.zfs.autoSnapshot = {