[Server] Configure Restic, finish drive configuration

2021-08-29 15:08:05 +02:00 · 2021-08-29 15:08:05 +02:00 · 382110bcc2
parent 6689de6da0
commit 382110bcc2
1 changed files with 26 additions and 22 deletions
--- a/system/elysia-clarki.nix
+++ b/system/elysia-clarki.nix
@ -2,7 +2,7 @@

 let
  cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup";
-  unlockLuksService = label: keyfile: {
+  unlockLuksService = label: keyfile: overwrites: lib.attrsets.recursiveUpdate {
    description = "Unlock luks encrypted device '${label}'";
    bindsTo = [ "dev-${label}.device" ];
    after = [ "dev-${label}.device" ];
@ -16,12 +16,12 @@ let
        ${cryptsetup} luksClose ${label}opened
      '';
    };
-  };
+  } overwrites;

  disks = {
    FRA = "8ae45289-82ed-4cf1-9d68-a0e26e5d9bb5";
    BER = "85ce2e58-72fc-4a66-a376-565bb4fc39a1";
-    #sdc = "DB9876543214E";
+    HND = "4a3765fc-155e-453d-a348-d1782447bcfe";
    LEJ = "5e3c2c1e-73f6-43e6-b8f3-71c923cbeb6d";
  };

@ -47,9 +47,15 @@ in {
      '') disks);
  }];

-  systemd.services."luks-open-FRA" = unlockLuksService "FRA" "/root/keys/fra";
-  systemd.services."luks-open-BER" = unlockLuksService "BER" "/root/keys/ber";
-  systemd.services."luks-open-LEJ" = unlockLuksService "LEJ" "/root/keys/lej";
+  # Unlock all luks devices and import the zfs pools if necessary
+  systemd.services."luks-open-FRA" = unlockLuksService "FRA" "/root/keys/fra" {};
+  systemd.services."luks-open-BER" = unlockLuksService "BER" "/root/keys/ber" {
+    serviceConfig.ExecStartPost = "${pkgs.zfs}/bin/zpool import zBER";
+  };
+  systemd.services."luks-open-HND" = unlockLuksService "HND" "/root/keys/hnd" {
+    serviceConfig.ExecStartPost = "${pkgs.zfs}/bin/zpool import zHND";
+  };
+  systemd.services."luks-open-LEJ" = unlockLuksService "LEJ" "/root/keys/lej" {};

  systemd.mounts = [
    { what = "/dev/mapper/FRAopened";
@ -59,13 +65,6 @@ in {
      requires = [ "luks-open-FRA.service" ];
      after = [ "luks-open-FRA.service" ];
    }
-    { what = "/dev/mapper/BERopened";
-      where = "/srv/ber";
-      type = "ext4";
-      wantedBy = [ "default.target" ];
-      requires = [ "luks-open-BER.service" ];
-      after = [ "luks-open-BER.service" ];
-    }
    { what = "/dev/mapper/vg_lej-lv_lej";
      where = "/srv/lej";
      type = "ext4";
@ -75,15 +74,17 @@ in {
    }
  ];

-  # services.restic.server = {
-  #   enable = true;
-  #   dataDir = "/srv/fra/restic";
-  #   listenAddress = "0.0.0.0:8000";
-  #   extraFlags = [ "--no-auth" ];
-  # };
+  services.restic.server = {
+    enable = true;
+    dataDir = "/srv/hnd/restic";
+    listenAddress = "0.0.0.0:8000";
+    extraFlags = [ "--no-auth" ];
+  };
  networking.firewall.allowedTCPPorts = [ 8000 ];
-
-  # systemd.services.restic-rest-server.unitConfig."RequiresMountsFor" = "/srv/fra/restic";
+  systemd.services.restic-rest-server.unitConfig = {
+    Requires = lib.mkForce [ "network.target" "luks-open-HND.service"];
+    After = lib.mkForce [ "network.target" "luks-open-HND.service"];
+  };

  services.ddclient = {
    enable = true;
@ -92,7 +93,10 @@ in {
    username = "none";
    password = "jgBk7uJGnx6Evisz3118pJy4xMFw6y";
    zone = "home.dyn.tammena.rocks";
-    domains = [ "elysia-clarki.home.dyn.tammena.rocks" ];
+    domains = [
+      "elysia-clarki.home.dyn.tammena.rocks"
+      "bak.home.dyn.tammena.rocks"
+    ];
    extraConfig = "usev6=on";
  };