Skip to content

Instantly share code, notes, and snippets.

@djds

djds/bcachefs mounting.md

Forked from RlndVt/bcachefs mounting.md
Created September 29, 2024 16:36
Show Gist options
  • Save djds/dd4643fb7dc4e60b06dde7b0333c901b to your computer and use it in GitHub Desktop.
Save djds/dd4643fb7dc4e60b06dde7b0333c901b to your computer and use it in GitHub Desktop.
Download ZIP
Mounting a encrypted bcachefs array at boot with a passphrase file.
Raw
bcachefs mounting.md

How I mount my encrypted bcachefs array at boot.

In /etc/fstab/ include a x-systemd.requires=unlock-bcachefs-vault.service mount option. This service does the unlocking before the mount is triggered. Example line as in my /etc/fstab:

UUID=bf512699-6643-4d96-a793-daaf3f1d34f1 /mnt/vault bcachefs nofail,x-systemd.requires=unlock-bcachefs-vault.service 0 0

The content of the unlock service:

# cat /etc/systemd/system/unlock-bcachefs-vault.service
[Unit]
Description=Unlock bcachefs Vault
After=-.mount
Before=mnt-vault.mount

[Service]
Type=oneshot
ExecStart=/usr/sbin/bcachefs unlock -f /path/to/key/for/vault /dev/disk/by-uuid/bf512699-6643-4d96-a793-daaf3f1d34f1

[Install]
WantedBy=multi-user.target

Notes

  • I'm not sure the Before=mnt-vault.mount is required. Probably more flexible to use x-systemd.after=unlock-bcachefs-vault.service.
  • This requires 'newish' versions of bcachefs-tools. I believe newer than 1.6.0; assumingly since commit 5b21631, tested using 1.7.0.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment