I'm on NixOS and try to encrypt a hard drive partition (potentially more in the future) using ZFS. I tried to stick to this guide, so I added
boot.zfs = {
enableUnstable = true;
requestEncryptionCredentials = true;
};
boot.supportedFilesystems = [ "zfs" ];
to my configuration.nix, and created the pool and dataset zroot and zroot/genc with mountpoint=legacy acltype=posixacl xattr=sa. I encrypted the pool with
$ sudo zfs create -o acltype=posixacl -o xattr=sa -o encryption=aes-256-gcm -o keyformat=passphrase -o mountpoint=none zroot/genc
I was asked for a passphrase, and then I did
$ sudo zfs set mountpoint=legacy zroot/genc
$ sudo mount -t zfs zroot/genc /home/gecku/genc
$ sudo chown gecku:users ~/genc
$ touch ~/genc/hello
$ sudo nixos-generate-config
This all worked fine (I could create the file ~/genc/hello). However, after nixos-rebuild switch, I was dropped into an emergency shell and couldn't do anything. I reverted to a previous version of NixOS, and removed the zfs entries from /etc/nixos/hardware-configuration.nix so that the system wouldn't try to import the ZFS pools (because apparently it failed at that). With this new configuration, I did
$ sudo zfs import zroot
$ sudo mount -t zfs zroot/genc ~/genc
> filesystem 'zroot/genc' can not be mounted: Permission denied
I did not get to a point where I was asked for my passphrase. zroot/genc has the attributes canmount=on keylocation=prompt.
So, how can I fix this? How can I mount the encrypted dataset?
