diff --git a/nixos/doc/manual/release-notes/rl-2605.section.md b/nixos/doc/manual/release-notes/rl-2605.section.md index fa389018e997c..03a9e7c3f6156 100644 --- a/nixos/doc/manual/release-notes/rl-2605.section.md +++ b/nixos/doc/manual/release-notes/rl-2605.section.md @@ -232,6 +232,8 @@ See . - `services.slurm` now supports slurmrestd usage through the `services.slurm.rest` NixOS options. +- Encrypted bcachefs filesystem now prompts for a password only once during boot, even if mounted at multiple points. + - The `services.calibre-web` systemd service has been hardened with additional sandboxing restrictions. - `services.kanidm` options for server, client and unix were moved under dedicated namespaces. diff --git a/nixos/modules/tasks/filesystems/bcachefs.nix b/nixos/modules/tasks/filesystems/bcachefs.nix index 4817739912061..55e13a2ae3d11 100644 --- a/nixos/modules/tasks/filesystems/bcachefs.nix +++ b/nixos/modules/tasks/filesystems/bcachefs.nix @@ -89,6 +89,25 @@ let tryUnlock ${name} ${firstDevice fs} ''; + groupByDevice = builtins.groupBy (fileSystem: fileSystem.value.device); + + nameGrouped = lib.mapAttrs ( + name: value: builtins.concatStringsSep "," (builtins.map (fileSystem: fileSystem.name) value) + ); + + reverseAttrs = + attrs: + builtins.foldl' (acc: x: acc // x) { } ( + lib.mapAttrsToList (name: value: { + "${value}" = { + device = name; + }; + }) attrs + ); + + dedupDevices = + fileSystems: reverseAttrs (nameGrouped (groupByDevice (lib.attrsToList fileSystems))); + mkUnits = prefix: name: fs: let @@ -282,7 +301,7 @@ in ''; boot.initrd.postDeviceCommands = lib.mkIf (!config.boot.initrd.systemd.enable) ( - commonFunctions + lib.concatStrings (lib.mapAttrsToList openCommand bootFs) + commonFunctions + lib.concatStrings (lib.mapAttrsToList openCommand (dedupDevices bootFs)) ); boot.initrd.systemd.services = lib.mapAttrs' (mkUnits "/sysroot") bootFs;