Let me give some tips when making this:
The system must be able to encrypt:
- if possible whole / though I personally don't prefer it like that
- to encrypt /home on a device
- to encrypt /tmp (very important)
- to encrypt swap
On Fri, Mar 11, 2016 at 03:30:10PM +0100, Ludovic Courtès wrote:
> Jookia <166...@gmail.com> skribis:
>
> > I'd really like to discuss how much I needed to break to get the
> > mapped-devices,
> > file-systems and swap-devices to just 'work'. I even had to make a function
> > to
> > return a mapped-device type, and have swap-devices not do dependency tests
> > since
> > I technically don't use a device I've defined.
> >
> > It'd be much much better if I could do something like this in my services:
> >
> > (devices (list (file-system
> > (uses '("/dev/matrix/root"))
> > (creates '("/"))
> > (device "/dev/matrix/root")
> > (mount-point "/")
> > (type "ext4"))
> > (swap-device
> > (uses '("/dev/mapper/matrix-swap"))
> > (creates '()))
> > (device "/dev/mapper/matrix-swap")
> > (lvm-device
> > (uses '("/dev/mapper/hdd" "/dev/sdb"))
> > (creates '("/dev/matrix/"
> > "/dev/mapper/matrix-swap"))
> > (devices '("/dev/mapper/hdd" "/dev/sdb")))
> > (luks-device
> > (uses '("UUID=4dab5feb-d176-45de-b287-9b0a6e4c01cb"))
> > (creates '("/dev/mapper/hdd"))
> > (device "UUID=4dab5feb-d176-45de-b287-9b0a6e4c01cb")
> > (name "hdd")
> > (key-file "..."))))
> >
> > The issue is that it has a lot of duplicate information as I'm not sure
> > uses/creates could always map to device/mount-point, like LUKS names. But
> > this
> > should satisfy most dependency issues automatically, I hope.
>
> There are several issues being addressed here, IIUC:
>
> 1. How to refer to block devices (in the Unix sense) using UUIDs,
> labels, or /dev file names in general, and not just for
> ‘file-system’.
>
> 2. How to determine dependencies among all these things.
>
> 3. How to handle mapped devices that lead to several /dev nodes, as is
> the case with LVM.
>
> For #1, I would like to have a general ‘device’ type, so one could
> write:
>
> (operating-system
> ;; …
> (file-systems (list (file-system
> (source (device (title 'label)
> (name "my-root")))
> (mount-point "/"))))
> (swap (list (device
> (title 'uuid)
> (name (uuid "4dab5feb-d176-45de-b287-9b0a6e4c01cb")))))
>
> For that to work, we ideally need code to recognize swap signatures,
> similar to what we do for ext2 in (gnu build file-systems).
>
> For #3, what about changing the ‘target’ field of ‘mapped-device’ such
> that it can be a list of /dev file names?
>
> For #2, I’m not sure we need to change anything, but let’s discuss it
> later. :-)
>
> Ludo’.
>
