nixpkgs/modules/tasks/swap.nix
Nicolas Pierron 81d621b4f7 * Replace blowfish by AES, since recent CPU could have optimisation for it.
* Miss-interpretation of the --skip option of cryptsetup.  Ciphered partition labels are not supported.  Labels are erased when doing mkswap on the ciphered partition.
* Avoid doing swapon on devices which are already listed in /proc/swaps.
* Remove no longer listed devices with only one swapoff command.

svn path=/nixos/trunk/; revision=19164
2009-12-31 13:56:47 +00:00

132 lines
3.2 KiB
Nix

{ config, pkgs, ... }:
with pkgs.lib;
let
inherit (pkgs) cryptsetup utillinux;
in
{
###### interface
options = {
swapDevices = mkOption {
default = [];
example = [
{ device = "/dev/hda7"; }
{ device = "/var/swapfile"; }
{ label = "bigswap"; }
];
description = ''
The swap devices and swap files. These must have been
initialised using <command>mkswap</command>. Each element
should be an attribute set specifying either the path of the
swap device or file (<literal>device</literal>) or the label
of the swap device (<literal>label</literal>, see
<command>mkswap -L</command>). Using a label is
recommended.
'';
type = types.list types.optionSet;
options = {config, options, ...}: {
options = {
device = mkOption {
example = "/dev/sda3";
type = types.string;
description = ''
Path of the device.
'';
};
label = mkOption {
example = "swap";
type = types.string;
description = "
Label of the device. Can be used instead of <varname>device</varname>.
";
};
cipher = mkOption {
default = false;
example = true;
type = types.bool;
description = "
Cipher the swap device to protect swapped data. This option
does not work with labels.
";
};
command = mkOption {
description = "
Command used to activate the swap device.
";
};
};
config = {
device =
if options.label.isDefined then
"/dev/disk/by-label/${config.label}"
else
mkNotdef;
command = ''
if test -e "${config.device}"; then
${if config.cipher then ''
plainDevice="${config.device}"
name="crypt$(echo "$plainDevice" | sed -e 's,/,.,g')"
device="/dev/mapper/$name"
if ! test -e "$device"; then
${cryptsetup}/sbin/cryptsetup -c aes -s 128 -d /dev/urandom create "$name" "$plainDevice"
${utillinux}/sbin/mkswap -f "$device" || true
fi
''
else ''
device="${config.device}"
''
}
# Add new swap devices.
if echo $unused | grep -q "^$device\$"; then
unused="$(echo $unused | grep -v "^$device\$")"
else
${utillinux}/sbin/swapon "$device" || true
fi
fi
'';
};
};
};
};
###### implementation
config = {
jobs.swap =
{ task = true;
startOn = ["startup" "new-devices"];
script =
''
unused="$(sed '1d; s/ .*//' /proc/swaps)"
${toString (map (x: x.command) config.swapDevices)}
# Remove remaining swap devices.
test -n "$unused" && ${utillinux}/sbin/swapoff $unused || true
'';
};
};
}