summary refs log tree commit diff
path: root/gnu/system
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/system')
-rw-r--r--gnu/system/examples/desktop.tmpl15
-rw-r--r--gnu/system/mapped-devices.scm8
-rw-r--r--gnu/system/vm.scm2
3 files changed, 18 insertions, 7 deletions
diff --git a/gnu/system/examples/desktop.tmpl b/gnu/system/examples/desktop.tmpl
index 2fcf90f8b1..82687e740b 100644
--- a/gnu/system/examples/desktop.tmpl
+++ b/gnu/system/examples/desktop.tmpl
@@ -1,5 +1,6 @@
 ;; This is an operating system configuration template
-;; for a "desktop" setup with GNOME and Xfce.
+;; for a "desktop" setup with GNOME and Xfce where the
+;; root partition is encrypted with LUKS.
 
 (use-modules (gnu) (gnu system nss))
 (use-service-modules desktop)
@@ -13,11 +14,21 @@
   ;; Assuming /dev/sdX is the target hard disk, and "my-root"
   ;; is the label of the target root file system.
   (bootloader (grub-configuration (device "/dev/sdX")))
+
+  ;; Specify a mapped device for the encrypted root partition.
+  ;; The UUID is that returned by 'cryptsetup luksUUID'.
+  (mapped-devices
+   (list (mapped-device
+          (source (uuid "12345678-1234-1234-1234-123456789abc"))
+          (target "the-root-device")
+          (type luks-device-mapping))))
+
   (file-systems (cons (file-system
                         (device "my-root")
                         (title 'label)
                         (mount-point "/")
-                        (type "ext4"))
+                        (type "ext4")
+                        (dependencies mapped-devices))
                       %base-file-systems))
 
   (users (cons (user-account
diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm
index e44f2693a7..8ab861bf73 100644
--- a/gnu/system/mapped-devices.scm
+++ b/gnu/system/mapped-devices.scm
@@ -23,7 +23,7 @@
   #:use-module (guix modules)
   #:use-module (gnu services)
   #:use-module (gnu services shepherd)
-  #:autoload   (gnu packages cryptsetup) (cryptsetup)
+  #:autoload   (gnu packages cryptsetup) (cryptsetup-static)
   #:autoload   (gnu packages linux) (mdadm-static)
   #:use-module (srfi srfi-1)
   #:use-module (ice-9 match)
@@ -104,7 +104,9 @@
                      ((gnu build file-systems)
                       #:select (find-partition-by-luks-uuid)))
 
-        (zero? (system* (string-append #$cryptsetup "/sbin/cryptsetup")
+        ;; Use 'cryptsetup-static', not 'cryptsetup', to avoid pulling the
+        ;; whole world inside the initrd (for when we're in an initrd).
+        (zero? (system* #$(file-append cryptsetup-static "/sbin/cryptsetup")
                         "open" "--type" "luks"
 
                         ;; Note: We cannot use the "UUID=source" syntax here
@@ -120,7 +122,7 @@
 
 (define (close-luks-device source target)
   "Return a gexp that closes TARGET, a LUKS device."
-  #~(zero? (system* (string-append #$cryptsetup "/sbin/cryptsetup")
+  #~(zero? (system* #$(file-append cryptsetup-static "/sbin/cryptsetup")
                     "close" #$target)))
 
 (define luks-device-mapping
diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm
index 03f7d6c913..1e680b85a2 100644
--- a/gnu/system/vm.scm
+++ b/gnu/system/vm.scm
@@ -317,7 +317,6 @@ of the GNU system as described by OS."
               (initrd (lambda (file-systems . rest)
                         (apply base-initrd file-systems
                                #:virtio? #t
-                               #:qemu-networking? #t
                                rest)))
 
               ;; Force our own root file system.
@@ -386,7 +385,6 @@ environment with the store shared with the host.  MAPPINGS is a list of
               (apply base-initrd file-systems
                      #:volatile-root? #t
                      #:virtio? #t
-                     #:qemu-networking? #t
                      rest)))
 
     ;; Disable swap.