aboutsummaryrefslogtreecommitdiff
path: root/gnu/system
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2016-11-30 18:24:32 +0100
committerMarius Bakke <mbakke@fastmail.com>2016-11-30 18:24:32 +0100
commit8a7cbc882a75d7f9f1fe960552dea47acf347b0a (patch)
treeded8c9116d357b38fd23b8c0cc312863fe68c9b5 /gnu/system
parent3084a9908434e4e7123d2fd3881c798977abedb9 (diff)
parent72f0c5ea3c0272a93436ad3c04a281d1237a9593 (diff)
downloadpatches-8a7cbc882a75d7f9f1fe960552dea47acf347b0a.tar
patches-8a7cbc882a75d7f9f1fe960552dea47acf347b0a.tar.gz
Merge branch 'master' into staging
Diffstat (limited to 'gnu/system')
-rw-r--r--gnu/system/examples/desktop.tmpl18
-rw-r--r--gnu/system/mapped-devices.scm8
2 files changed, 20 insertions, 6 deletions
diff --git a/gnu/system/examples/desktop.tmpl b/gnu/system/examples/desktop.tmpl
index 2fcf90f8b1..21b4563b53 100644
--- a/gnu/system/examples/desktop.tmpl
+++ b/gnu/system/examples/desktop.tmpl
@@ -1,9 +1,10 @@
;; This is an operating system configuration template
-;; for a "desktop" setup with GNOME and Xfce.
+;; for a "desktop" setup with GNOME and Xfce where the
+;; root partition is encrypted with LUKS.
(use-modules (gnu) (gnu system nss))
(use-service-modules desktop)
-(use-package-modules certs)
+(use-package-modules certs gnome)
(operating-system
(host-name "antelope")
@@ -13,11 +14,21 @@
;; Assuming /dev/sdX is the target hard disk, and "my-root"
;; is the label of the target root file system.
(bootloader (grub-configuration (device "/dev/sdX")))
+
+ ;; Specify a mapped device for the encrypted root partition.
+ ;; The UUID is that returned by 'cryptsetup luksUUID'.
+ (mapped-devices
+ (list (mapped-device
+ (source (uuid "12345678-1234-1234-1234-123456789abc"))
+ (target "the-root-device")
+ (type luks-device-mapping))))
+
(file-systems (cons (file-system
(device "my-root")
(title 'label)
(mount-point "/")
- (type "ext4"))
+ (type "ext4")
+ (dependencies mapped-devices))
%base-file-systems))
(users (cons (user-account
@@ -31,6 +42,7 @@
;; This is where we specify system-wide packages.
(packages (cons* nss-certs ;for HTTPS access
+ gvfs ;for user mounts
%base-packages))
;; Add GNOME and/or Xfce---we can choose at the log-in
diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm
index e44f2693a7..8ab861bf73 100644
--- a/gnu/system/mapped-devices.scm
+++ b/gnu/system/mapped-devices.scm
@@ -23,7 +23,7 @@
#:use-module (guix modules)
#:use-module (gnu services)
#:use-module (gnu services shepherd)
- #:autoload (gnu packages cryptsetup) (cryptsetup)
+ #:autoload (gnu packages cryptsetup) (cryptsetup-static)
#:autoload (gnu packages linux) (mdadm-static)
#:use-module (srfi srfi-1)
#:use-module (ice-9 match)
@@ -104,7 +104,9 @@
((gnu build file-systems)
#:select (find-partition-by-luks-uuid)))
- (zero? (system* (string-append #$cryptsetup "/sbin/cryptsetup")
+ ;; Use 'cryptsetup-static', not 'cryptsetup', to avoid pulling the
+ ;; whole world inside the initrd (for when we're in an initrd).
+ (zero? (system* #$(file-append cryptsetup-static "/sbin/cryptsetup")
"open" "--type" "luks"
;; Note: We cannot use the "UUID=source" syntax here
@@ -120,7 +122,7 @@
(define (close-luks-device source target)
"Return a gexp that closes TARGET, a LUKS device."
- #~(zero? (system* (string-append #$cryptsetup "/sbin/cryptsetup")
+ #~(zero? (system* #$(file-append cryptsetup-static "/sbin/cryptsetup")
"close" #$target)))
(define luks-device-mapping