From f44adbc8158a5f5917f6bb5312b8a3617cef9e39 Mon Sep 17 00:00:00 2001
From: ahtlon <atlan@ahtlon.de>
Date: Thu, 2 Jan 2025 14:07:38 +0100
Subject: [PATCH] Allow disableing encryption for testing

---
 machines/modules/disko/default.nix   | 26 +++++++++++++++-----------
 machines/modules/malobeo/initssh.nix |  2 +-
 machines/testvm/default.nix          |  1 +
 3 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/machines/modules/disko/default.nix b/machines/modules/disko/default.nix
index 5c8006c3..2794fff7 100644
--- a/machines/modules/disko/default.nix
+++ b/machines/modules/disko/default.nix
@@ -1,4 +1,4 @@
-{config, lib, inputs, ...}:
+{config, inputs, lib, ...}:
 let 
   cfg = config.malobeo.disks;
 in
@@ -15,6 +15,11 @@ in
       default = "";
       description = "Host ID for zfs disks, generate with 'head -c4 /dev/urandom | od -A none -t x4'";
     };
+    encryption = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "Allows encryption to be disabled for testing";
+    };
     devNodes = lib.mkOption {
       type = lib.types.str;
       default = "/dev/disk/by-id/";
@@ -174,12 +179,12 @@ in
               type = "zfs_fs";
               options = {
                 mountpoint = "none";
-                encryption = "aes-256-gcm";
-                keyformat = "passphrase";
-                keylocation = "file:///tmp/secret.key";
+                encryption = lib.mkIf cfg.encryption "aes-256-gcm";
+                keyformat = lib.mkIf cfg.encryption "passphrase";
+                keylocation = lib.mkIf cfg.encryption "file:///tmp/secret.key";
               };
               # use this to read the key during boot
-              postCreateHook = ''
+              postCreateHook = lib.mkIf cfg.encryption ''
                 zfs set keylocation="prompt" zroot/encrypted;
               '';
             };
@@ -233,12 +238,12 @@ in
               type = "zfs_fs";
               options = {
                 mountpoint = "none";
-                encryption = "aes-256-gcm";
-                keyformat = "passphrase";
-                keylocation = "file:///tmp/secret.key";
+                encryption = lib.mkIf cfg.encryption "aes-256-gcm";
+                keyformat = lib.mkIf cfg.encryption "passphrase";
+                keylocation = lib.mkIf cfg.encryption "file:///tmp/secret.key";
               };
               # use this to read the key during boot
-              postCreateHook = ''
+              postCreateHook = lib.mkIf cfg.encryption ''
                 zfs set keylocation="prompt" storage/encrypted;
               '';
             };
@@ -261,7 +266,7 @@ in
       };
     };
 
-    boot.zfs.devNodes = cfg.devNodes;
+    boot.zfs.devNodes = lib.mkDefault cfg.devNodes;
 
     fileSystems."/".neededForBoot = true;
     fileSystems."/etc".neededForBoot = true;
@@ -269,6 +274,5 @@ in
     fileSystems."/var".neededForBoot = true;
     fileSystems."/home".neededForBoot = true;
     fileSystems."/nix".neededForBoot = true;
-    fileSystems."/data".neededForBoot = true;
   };
 }
diff --git a/machines/modules/malobeo/initssh.nix b/machines/modules/malobeo/initssh.nix
index 45b09c99..8286084f 100644
--- a/machines/modules/malobeo/initssh.nix
+++ b/machines/modules/malobeo/initssh.nix
@@ -24,7 +24,7 @@ in
     };
   };
   
-  config = lib.mkIf cfg.enable {
+  config = lib.mkIf (cfg.enable && config.malobeo.disks.encryption) {
     boot = {
       loader.systemd-boot.enable = true;
       loader.efi.canTouchEfiVariables = true;
diff --git a/machines/testvm/default.nix b/machines/testvm/default.nix
index c3422502..d0cf0b2b 100644
--- a/machines/testvm/default.nix
+++ b/machines/testvm/default.nix
@@ -22,6 +22,7 @@ in
 
   malobeo.disks = {
     enable = true;
+    encryption = false;
     hostId = "83abc8cb";
     devNodes = "/dev/disk/by-path/";
     root = {