Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add bcachefs type with support for encryption #242

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Add bcachefs type with support for encryption #242

wants to merge 1 commit into from

Conversation

onny
Copy link

@onny onny commented May 20, 2023
edited
Loading

Fixes #240

Example usage

{ disks ? [ "/dev/vdb" ], ... }: {
  disko.devices = {
    disk = {
      vdb = {
        device = builtins.elemAt disks 0;
        type = "disk";
        content = {
          type = "table";
          format = "gpt";
          partitions = [
            {
              name = "ESP";
              start = "1MiB";
              end = "100MiB";
              bootable = true;
              content = {
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
              };
            }
            {
              name = "root";
              start = "100MiB";
              end = "100%";
              part-type = "primary";
              content = {
                type = "bcachefs";
                # if you want to use the key for interactive login be sure there is no trailing newline
                # for example use `echo -n "password" > /tmp/secret.key`
                keyFile = "/tmp/secret.key";
                mountpoint = "/";
              };
            }
          ];
        };
      };
    };
  };
}

Feel free to test or pickup this work. Guess it shouldn't be too difficult to add support for this. Would be really happy to see it supported :)

@Mic92
Copy link
Member

Mic92 commented Jun 16, 2023

If we add a type we should also think about multi device support.

@onny onny force-pushed the bcachefs-encrypt branch 2 times, most recently from 7565991 to c67af99 Compare August 12, 2023 20:09
@onny
Copy link
Author

onny commented Aug 12, 2023

If we add a type we should also think about multi device support.

What does this mean exactly?

@Lassulus I was able to add keyFile support. The test now correctly encrypts the bcachefs rootfs and mounts it. Now the test hangs after reboot probably because the boot process expects a password?

@Lassulus
Copy link
Collaborator

https://wiki.archlinux.org/title/Bcachefs#Multiple_drives bcachefs has support for multiple devices. so we need some abstraction like for lvm or mdadm to be feature complete

ThyMYthOS
ThyMYthOS suggested changes Jan 10, 2024
View reviewed changes
README.md
@@ -22,7 +22,7 @@ You can keep your configuration and re-use it for other installations, or for a

- Disk layouts: GPT, MBR, and mixed.
- Partition tools: LVM, mdadm, LUKS, and more.
- Filesystems: ext4, btrfs, ZFS, bcachefs, tmpfs, and others.
- Filesystems: ext4, bcachefs, btrfs, ZFS, bcachefs, tmpfs, and others.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now bcachefs is there twice

@ThyMYthOS
Copy link

https://wiki.archlinux.org/title/Bcachefs#Multiple_drives bcachefs has support for multiple devices. so we need some abstraction like for lvm or mdadm to be feature complete

@Lassulus should this be done with a new top level element, e.g. a bcachefs_pool? Or just with an option to list other devices (with theirs labels?) that should be used when bcachefs create is called? Also keep in mind that bcachefs mount might expect a list of devices separated by :.

{
  disko.devices = {
    disk = {
      x = {
        type = "disk";
        device = "/dev/nvme0";
        content = {
          type = "gpt";
          content = {
            type = "bcachefs";
            label = "ssd.ssd1";
          };
        };
      };
      y = {
        type = "disk";
        device = "/dev/sda;
        content = {
          type = "bcachefs";
          label = "hdd.hdd1";
        };
      };
    };

    bcachefs_pool = {
      rpool = {
        type = "bcachefs_pool";
        mountpoint = "/";
        passwordFile = "secret.key";
        extraArgs = [
          "--metadata_target=ssd"
          "--foreground_target=ssd"
          "--background_target=hdd"
          "--promote_target=ssd"
        ];
      };
    };
  };
}

vs

{
  disko.devices = {
    disk = {
      x = {
        device = "/dev/nvme0";
        type = "disk";
        content = {
          type = "gpt";
          partitions = {
            root = {
              size = "100%";
              content = {
                type = "bcachefs";
                label = "ssd.sdd1";
                otherDevices = {
                  "hdd.hdd1" = "/dev/sda";
                  "hdd.hdd2" = "/dev/sdb";
                };
              };
            };
          };
        };
      };
    };
  };
}

@iFreilicht
Copy link
Contributor

@ThyMYthOS From my understanding of the capabilities of bcachefs, the former option would be the better. This allows for more flexibility and is consistent with our other multi-device abstractions.

@iFreilicht
Copy link
Contributor

@onny are you even interested in getting this merged still? Or would someone else have to pick it up from here?

@onny
Copy link
Author

onny commented Oct 14, 2024

will unlikely have time to continue this any time soon, sorry :(

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ThyMYthOS ThyMYthOS ThyMYthOS requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

bcachefs encryption support (keyFile)
5 participants
@onny @Mic92 @Lassulus @ThyMYthOS @iFreilicht