gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

disks

Browse source
This commit is contained in:
arcnmx 2023-03-11 13:18:35 -08:00
parent 14f97d4028
commit 8f611f02be
3 changed files with 107 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

108
nixos/systems/tewi/nixos.nix
View file

@ -1,6 +1,28 @@
{ meta, tf, config, lib, pkgs, modulesPath, ... }:
{
{ meta, tf, config, lib, utils, pkgs, modulesPath, ... }: let
hddopts = [ "luks" "discard" "noauto" "nofail" ];
md = {
shadow = rec {
name = "shadowlegend";
device = "/dev/md/${name}";
unit = utils.escapeSystemdPath device;
service = "md-shadow.service";
cryptDisks = lib.flip lib.mapAttrs {
seagate0 = {
device = "/dev/disk/by-uuid/78880135-6455-4603-ae07-4e044a77b740";
keyFile = "/root/ST4000DM000-1F21.key";
options = hddopts;
};
hgst = {
device = "/dev/disk/by-uuid/4033c877-fa1f-4f75-b9de-07be84f83afa";
keyFile = "/root/HGST-HDN724040AL.key";
options = hddopts;
};
} (disk: attrs: attrs // {
service = "systemd-cryptsetup@${disk}.service";
});
};
};
in {
imports = with meta; [
(modulesPath + "/installer/scan/not-detected.nix")
hardware.local
@ -38,6 +60,8 @@
};
};
environment.systemPackages = [ pkgs.cryptsetup ];
boot = {
loader = {
systemd-boot = {
@ -53,14 +77,32 @@
kernelModules = [ "kvm-intel" ];
};
services.mediatomb = {
enable = true;
openFirewall = true;
serverName = config.networking.hostName;
mediaDirectories = lib.singleton {
path = "/mnt/shadow/media";
recursive = true;
hidden-files = false;
};
};
services.openiscsi = {
enable = true;
name = "";
discoverPortal = "shanghai.tail.cutie.moe";
};
environment.etc."iscsi/initiatorname.iscsi" = lib.mkForce {
source = config.sops.secrets.openscsi-config.path;
environment.etc = {
"iscsi/initiatorname.iscsi" = lib.mkForce {
source = config.sops.secrets.openscsi-config.path;
};
crypttab.text = let
inherit (lib) concatStringsSep mapAttrsToList;
cryptOpts = lib.concatStringsSep ",";
in concatStringsSep "\n" (mapAttrsToList (disk: { device, keyFile, options, ... }:
"${disk} ${device} ${keyFile} ${cryptOpts options}"
) md.shadow.cryptDisks);
};
sops.secrets.openscsi-config = { };
@ -74,6 +116,60 @@
device = "/dev/disk/by-uuid/85DC-72FA";
fsType = "vfat";
};
"/mnt/shadow" = {
device = "/dev/disk/by-uuid/84aafe0e-132a-4ee5-8c5c-c4a396b999bf";
fsType = "xfs";
options = [
"x-systemd.automount" "noauto"
"x-systemd.requires=${md.shadow.service}"
"x-systemd.after=${md.shadow.service}"
"x-systemd.after=${md.shadow.unit}"
];
};
};
systemd = let
inherit (lib) getExe mapAttrsToList mapAttrs' nameValuePair;
serviceName = lib.removeSuffix ".service";
cryptServices = mapAttrsToList (_: { service, ... }: service) md.shadow.cryptDisks;
in {
services = {
mdmonitor.enable = false;
${serviceName md.shadow.service} = rec {
restartIfChanged = false;
wants = cryptServices;
after = wants;
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "true";
ExecStartPre = [
"-${getExe pkgs.mdadm} --assemble --scan"
];
ExecStart = [
"${getExe pkgs.mdadm} --detail ${md.shadow.device}"
];
ExecStop = [
"${getExe pkgs.mdadm} --stop ${md.shadow.device}"
];
};
};
iscsid = rec {
wantedBy = cryptServices;
before = wantedBy;
};
mediatomb = rec {
confinement.enable = true;
requires = [
"mnt-shadow.mount"
];
after = requires;
serviceConfig = {
StateDirectory = config.services.mediatomb.package.pname;
BindReadOnlyPaths = map (path: "/mnt/shadow/media/${path}") [
"anime" "movies" "tv" "unsorted"
];
};
};
};
};
swapDevices = lib.singleton ({