megamanmalte/nixos
0
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

[Server] Configure Restic, finish drive configuration

Browse source
This commit is contained in:
Malte Tammena 2021-08-29 15:08:05 +02:00
parent 6689de6da0
commit 382110bcc2
1 changed files with 26 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
system/elysia-clarki.nix
View file

@ -2,7 +2,7 @@
let let
cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup"; cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup";
unlockLuksService = label: keyfile: { unlockLuksService = label: keyfile: overwrites: lib.attrsets.recursiveUpdate {
description = "Unlock luks encrypted device '${label}'"; description = "Unlock luks encrypted device '${label}'";
bindsTo = [ "dev-${label}.device" ]; bindsTo = [ "dev-${label}.device" ];
after = [ "dev-${label}.device" ]; after = [ "dev-${label}.device" ];
@ -16,12 +16,12 @@ let
${cryptsetup} luksClose ${label}opened ${cryptsetup} luksClose ${label}opened
''; '';
}; };
}; } overwrites;
disks = { disks = {
FRA = "8ae45289-82ed-4cf1-9d68-a0e26e5d9bb5"; FRA = "8ae45289-82ed-4cf1-9d68-a0e26e5d9bb5";
BER = "85ce2e58-72fc-4a66-a376-565bb4fc39a1"; BER = "85ce2e58-72fc-4a66-a376-565bb4fc39a1";
#sdc = "DB9876543214E"; HND = "4a3765fc-155e-453d-a348-d1782447bcfe";
LEJ = "5e3c2c1e-73f6-43e6-b8f3-71c923cbeb6d"; LEJ = "5e3c2c1e-73f6-43e6-b8f3-71c923cbeb6d";
}; };
@ -47,9 +47,15 @@ in {
'') disks); '') disks);
}]; }];
systemd.services."luks-open-FRA" = unlockLuksService "FRA" "/root/keys/fra"; # Unlock all luks devices and import the zfs pools if necessary
systemd.services."luks-open-BER" = unlockLuksService "BER" "/root/keys/ber"; systemd.services."luks-open-FRA" = unlockLuksService "FRA" "/root/keys/fra" {};
systemd.services."luks-open-LEJ" = unlockLuksService "LEJ" "/root/keys/lej"; systemd.services."luks-open-BER" = unlockLuksService "BER" "/root/keys/ber" {
serviceConfig.ExecStartPost = "${pkgs.zfs}/bin/zpool import zBER";
};
systemd.services."luks-open-HND" = unlockLuksService "HND" "/root/keys/hnd" {
serviceConfig.ExecStartPost = "${pkgs.zfs}/bin/zpool import zHND";
};
systemd.services."luks-open-LEJ" = unlockLuksService "LEJ" "/root/keys/lej" {};
systemd.mounts = [ systemd.mounts = [
{ what = "/dev/mapper/FRAopened"; { what = "/dev/mapper/FRAopened";
@ -59,13 +65,6 @@ in {
requires = [ "luks-open-FRA.service" ]; requires = [ "luks-open-FRA.service" ];
after = [ "luks-open-FRA.service" ]; after = [ "luks-open-FRA.service" ];
} }
{ what = "/dev/mapper/BERopened";
where = "/srv/ber";
type = "ext4";
wantedBy = [ "default.target" ];
requires = [ "luks-open-BER.service" ];
after = [ "luks-open-BER.service" ];
}
{ what = "/dev/mapper/vg_lej-lv_lej"; { what = "/dev/mapper/vg_lej-lv_lej";
where = "/srv/lej"; where = "/srv/lej";
type = "ext4"; type = "ext4";
@ -75,15 +74,17 @@ in {
} }
]; ];
# services.restic.server = { services.restic.server = {
# enable = true; enable = true;
# dataDir = "/srv/fra/restic"; dataDir = "/srv/hnd/restic";
# listenAddress = "0.0.0.0:8000"; listenAddress = "0.0.0.0:8000";
# extraFlags = [ "--no-auth" ]; extraFlags = [ "--no-auth" ];
# }; };
networking.firewall.allowedTCPPorts = [ 8000 ]; networking.firewall.allowedTCPPorts = [ 8000 ];
systemd.services.restic-rest-server.unitConfig = {
# systemd.services.restic-rest-server.unitConfig."RequiresMountsFor" = "/srv/fra/restic"; Requires = lib.mkForce [ "network.target" "luks-open-HND.service"];
After = lib.mkForce [ "network.target" "luks-open-HND.service"];
};
services.ddclient = { services.ddclient = {
enable = true; enable = true;
@ -92,7 +93,10 @@ in {
username = "none"; username = "none";
password = "jgBk7uJGnx6Evisz3118pJy4xMFw6y"; password = "jgBk7uJGnx6Evisz3118pJy4xMFw6y";
zone = "home.dyn.tammena.rocks"; zone = "home.dyn.tammena.rocks";
domains = [ "elysia-clarki.home.dyn.tammena.rocks" ]; domains = [
"elysia-clarki.home.dyn.tammena.rocks"
"bak.home.dyn.tammena.rocks"
];
extraConfig = "usev6=on"; extraConfig = "usev6=on";
}; };