diff options
author | Marius Bakke <mbakke@fastmail.com> | 2016-11-30 18:24:32 +0100 |
---|---|---|
committer | Marius Bakke <mbakke@fastmail.com> | 2016-11-30 18:24:32 +0100 |
commit | 8a7cbc882a75d7f9f1fe960552dea47acf347b0a (patch) | |
tree | ded8c9116d357b38fd23b8c0cc312863fe68c9b5 /gnu/system | |
parent | 3084a9908434e4e7123d2fd3881c798977abedb9 (diff) | |
parent | 72f0c5ea3c0272a93436ad3c04a281d1237a9593 (diff) | |
download | patches-8a7cbc882a75d7f9f1fe960552dea47acf347b0a.tar patches-8a7cbc882a75d7f9f1fe960552dea47acf347b0a.tar.gz |
Merge branch 'master' into staging
Diffstat (limited to 'gnu/system')
-rw-r--r-- | gnu/system/examples/desktop.tmpl | 18 | ||||
-rw-r--r-- | gnu/system/mapped-devices.scm | 8 |
2 files changed, 20 insertions, 6 deletions
diff --git a/gnu/system/examples/desktop.tmpl b/gnu/system/examples/desktop.tmpl index 2fcf90f8b1..21b4563b53 100644 --- a/gnu/system/examples/desktop.tmpl +++ b/gnu/system/examples/desktop.tmpl @@ -1,9 +1,10 @@ ;; This is an operating system configuration template -;; for a "desktop" setup with GNOME and Xfce. +;; for a "desktop" setup with GNOME and Xfce where the +;; root partition is encrypted with LUKS. (use-modules (gnu) (gnu system nss)) (use-service-modules desktop) -(use-package-modules certs) +(use-package-modules certs gnome) (operating-system (host-name "antelope") @@ -13,11 +14,21 @@ ;; Assuming /dev/sdX is the target hard disk, and "my-root" ;; is the label of the target root file system. (bootloader (grub-configuration (device "/dev/sdX"))) + + ;; Specify a mapped device for the encrypted root partition. + ;; The UUID is that returned by 'cryptsetup luksUUID'. + (mapped-devices + (list (mapped-device + (source (uuid "12345678-1234-1234-1234-123456789abc")) + (target "the-root-device") + (type luks-device-mapping)))) + (file-systems (cons (file-system (device "my-root") (title 'label) (mount-point "/") - (type "ext4")) + (type "ext4") + (dependencies mapped-devices)) %base-file-systems)) (users (cons (user-account @@ -31,6 +42,7 @@ ;; This is where we specify system-wide packages. (packages (cons* nss-certs ;for HTTPS access + gvfs ;for user mounts %base-packages)) ;; Add GNOME and/or Xfce---we can choose at the log-in diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm index e44f2693a7..8ab861bf73 100644 --- a/gnu/system/mapped-devices.scm +++ b/gnu/system/mapped-devices.scm @@ -23,7 +23,7 @@ #:use-module (guix modules) #:use-module (gnu services) #:use-module (gnu services shepherd) - #:autoload (gnu packages cryptsetup) (cryptsetup) + #:autoload (gnu packages cryptsetup) (cryptsetup-static) #:autoload (gnu packages linux) (mdadm-static) #:use-module (srfi srfi-1) #:use-module (ice-9 match) @@ -104,7 +104,9 @@ ((gnu build file-systems) #:select (find-partition-by-luks-uuid))) - (zero? (system* (string-append #$cryptsetup "/sbin/cryptsetup") + ;; Use 'cryptsetup-static', not 'cryptsetup', to avoid pulling the + ;; whole world inside the initrd (for when we're in an initrd). + (zero? (system* #$(file-append cryptsetup-static "/sbin/cryptsetup") "open" "--type" "luks" ;; Note: We cannot use the "UUID=source" syntax here @@ -120,7 +122,7 @@ (define (close-luks-device source target) "Return a gexp that closes TARGET, a LUKS device." - #~(zero? (system* (string-append #$cryptsetup "/sbin/cryptsetup") + #~(zero? (system* #$(file-append cryptsetup-static "/sbin/cryptsetup") "close" #$target))) (define luks-device-mapping |