From a6a527987648e436ab10e47dcaded2305c623918 Mon Sep 17 00:00:00 2001
From: Philipp Hellmich <phil@hellmi.de>
Date: Sun, 2 Jun 2024 10:51:31 +0200
Subject: [PATCH] added additional zfs services to support encrypted volumes

---
 storage/zfs/zfs-key loader.yaml | 62 ++++++++++++++++++++++++++++++++
 storage/zfs/zfs-mouter.yaml     | 63 +++++++++++++++++++++++++++++++++
 2 files changed, 125 insertions(+)
 create mode 100755 storage/zfs/zfs-key loader.yaml
 create mode 100644 storage/zfs/zfs-mouter.yaml

diff --git a/storage/zfs/zfs-key loader.yaml b/storage/zfs/zfs-key loader.yaml
new file mode 100755
index 00000000..0037e22b
--- /dev/null
+++ b/storage/zfs/zfs-key loader.yaml	
@@ -0,0 +1,62 @@
+name: zfs-key-loader
+depends:
+  - service: udevd
+  - service: cri
+  - service: ext-zpool-importer
+  - path: /dev/zfs
+container:
+  security:
+    rootfsPropagation: shared
+  entrypoint: /usr/local/sbin/zfs
+  args:
+    - load-key
+    - -a
+  mounts:
+    # ld-musl-x86_64.so.1
+    - source: /lib
+      destination: /lib
+      type: bind
+      options:
+        - bind
+        - ro
+    # libcrypto.so and libc.so
+    - source: /usr/lib
+      destination: /usr/lib
+      type: bind
+      options:
+        - bind
+        - ro
+    - source: /usr/local/lib
+      destination: /usr/local/lib
+      type: bind
+      options:
+        - bind
+        - ro
+    - source: /usr/local/sbin
+      destination: /usr/local/sbin
+      type: bind
+      options:
+        - bind
+        - ro
+    - source: /dev
+      destination: /dev
+      type: bind
+      options:
+        - rshared
+        - rbind
+        - rw
+    - source: /proc
+      destination: /proc
+      type: bind
+      options:
+        - rshared
+        - rbind
+        - rw
+    - source: /var
+      destination: /var
+      type: bind
+      options:
+        - rshared
+        - rbind
+        - rw
+restart: untilSuccess
diff --git a/storage/zfs/zfs-mouter.yaml b/storage/zfs/zfs-mouter.yaml
new file mode 100644
index 00000000..95e50074
--- /dev/null
+++ b/storage/zfs/zfs-mouter.yaml
@@ -0,0 +1,63 @@
+name: zfs-mounter
+depends:
+  - service: udevd
+  - service: cri
+  - service: ext-zpool-importer
+  - service: ext-zfs-key-loader
+  - path: /dev/zfs
+container:
+  security:
+    rootfsPropagation: shared
+  entrypoint: /usr/local/sbin/zfs
+  args:
+    - mount
+    - -a
+  mounts:
+    # ld-musl-x86_64.so.1
+    - source: /lib
+      destination: /lib
+      type: bind
+      options:
+        - bind
+        - ro
+    # libcrypto.so and libc.so
+    - source: /usr/lib
+      destination: /usr/lib
+      type: bind
+      options:
+        - bind
+        - ro
+    - source: /usr/local/lib
+      destination: /usr/local/lib
+      type: bind
+      options:
+        - bind
+        - ro
+    - source: /usr/local/sbin
+      destination: /usr/local/sbin
+      type: bind
+      options:
+        - bind
+        - ro
+    - source: /dev
+      destination: /dev
+      type: bind
+      options:
+        - rshared
+        - rbind
+        - rw
+    - source: /proc
+      destination: /proc
+      type: bind
+      options:
+        - rshared
+        - rbind
+        - rw
+    - source: /var
+      destination: /var
+      type: bind
+      options:
+        - rshared
+        - rbind
+        - rw
+restart: untilSuccess