Compare commits

...

1 commit

Author SHA1 Message Date
c94ddbd403
wip 2022-09-23 16:44:05 +02:00
3 changed files with 29 additions and 1 deletions

View file

@ -43,8 +43,17 @@ svc_systemd = {
for name, config in node.metadata.get('zfs/datasets', {}).items():
zfs_datasets[name] = config
zfs_datasets[name].pop('backup', None)
encrypted = zfs_datasets[name].pop('encrypted', None)
if encrypted:
zfs_datasets[name]['encryption'] = 'aes-256-gcm'
zfs_datasets[name]['keylocation'] = 'prompt'
zfs_datasets[name]['keyformat'] = 'hex'
zfs_datasets[name]['password'] = node.metadata.get('zfs/password')
for name, config in node.metadata.get('zfs/pools', {}).items():
zfs_pools[name] = {
"when_creating": {

View file

@ -1,4 +1,6 @@
#import re
from uuid import UUID
from base64 import b64encode, b64decode
defaults = {
'apt': {
@ -89,6 +91,17 @@ def dataset_defaults(metadata):
}
@metadata_reactor.provides(
'zfs/password'
)
def encryption_key(metadata):
return {
'zfs': {
'password': b64decode(repo.vault.random_bytes_as_base64_for(b64encode(UUID(metadata.get('id')).bytes).decode(), length=32).value).hex(),
},
}
@metadata_reactor.provides(
'backup/paths'
)

View file

@ -197,6 +197,12 @@
'hdd/nextcloud/ckn-privat': {
'mountpoint': '/var/lib/nextcloud/ckn-privat/files',
},
'tank/enctest1': {
'mountpoint': 'none',
'encrypted': True,
},
},
},
},