Change 'nextcloud' to 'garage', add third garage host

2023-02-16 13:24:43 -06:00 · 2023-02-16 13:24:43 -06:00 · 1795143afc
commit 1795143afc
parent 15194aa91b
1 changed files with 130 additions and 36 deletions
--- a/flake.nix
+++ b/flake.nix
@ -301,7 +301,7 @@
          ];
        };

-      makeNextcloudConfig = { hostname, primaryIp ? null }:
+      makeGarageConfig = { hostname, selfIp, primaryIp ? null, unlockMounts ? true, mountVolumes ? true }:
        with image-builder.packages.aarch64-linux.modules;
        let
          device = "/dev/mapper/cryptdrive1";
@ -309,16 +309,18 @@
          subvolumes = [
            "@nc-config"
            "@nc-data"
-            "@postgres"
            "@redis"
            "@gitea"
            "@gitea-conf"
            "@pihole"
-            "@papermc"
            "@docker-cfg"
            "@garage"
            "@garage-config"
          ];
+          garageVolumes = [
+            "@garage-cluster"
+            "@garage-cluster-config"
+          ];
        in
        makeConfig {
          inherit hostname;
@ -326,38 +328,117 @@
          extraModules = [
            rockPro64v2
            dockerModule
+            (networkModule { inherit selfIp; })
            (btrbkModule {
-              instances = [{
-                inherit mountDir primaryIp subvolumes;
-              }];
+              instances = [
+                {
+                  inherit mountDir primaryIp subvolumes;
+                }
+                {
+                  inherit mountDir;
+                  name = "garage";
+                  subvolumes = garageVolumes;
+                }
+              ];
            })
-            (if primaryIp == null then
+            (if primaryIp == null && unlockMounts && mountVolumes then
              (subvolumesModule {
                inherit device subvolumes;
              }) else { })
-            ({ config, ... }: {
-              sops.secrets.nextcloudKeyFile = {
-                format = "binary";
-                sopsFile = ./secrets/nextcloudKeyFile.bin;
-              };
-
-              environment.etc.crypttab = {
-                enable = true;
-                text = ''
-                  cryptdrive1 /dev/sda1 ${config.sops.secrets.nextcloudKeyFile.path} luks
-                  cryptdrive2 /dev/sdb1 ${config.sops.secrets.nextcloudKeyFile.path} luks
-                  cryptdrive3 /dev/sdc1 ${config.sops.secrets.nextcloudKeyFile.path} luks
-                '';
-              };
-
-              fileSystems."${mountDir}" = {
+            (if unlockMounts && mountVolumes then
+              (subvolumesModule {
                inherit device;
-                fsType = "btrfs";
-                options = [ "defaults" "compress=zstd" "rw" ];
-              };
+                subvolumes = garageVolumes;
+              }) else { })
+            ({ config, pkgs, ... }:
+              let
+                keyFile = "nextcloudKeyFile";
+                keyFilePath = config.sops.secrets."${keyFile}".path;
+                prepareDrives = ''
+                  fdisk -w always /dev/sda << EOL
+                  g
+                  n
+                  1

-              networking.firewall.enable = false;
-            })
+
+                  w
+                  EOL
+
+                  fdisk -w always /dev/sdb << EOL
+                  g
+                  n
+                  1
+
+
+                  w
+                  EOL
+
+                  fdisk -w always /dev/sdc << EOL
+                  g
+                  n
+                  1
+
+
+                  w
+                  EOL
+
+                  echo "YES" | cryptsetup luksFormat /dev/sda1 -d ${keyFilePath}
+                  cryptsetup luksOpen /dev/sda1 cryptdrive1 -d ${keyFilePath}
+
+                  echo "YES" | cryptsetup luksFormat /dev/sdb1 -d ${keyFilePath}
+                  cryptsetup luksOpen /dev/sdb1 cryptdrive2 -d ${keyFilePath}
+
+                  echo "YES" | cryptsetup luksFormat /dev/sdc1 -d ${keyFilePath}
+                  cryptsetup luksOpen /dev/sdc1 cryptdrive3 -d ${keyFilePath}
+
+                  mkfs.btrfs -d raid1c3 -m raid1c3 /dev/mapper/cryptdrive1 /dev/mapper/cryptdrive2 /dev/mapper/cryptdrive3
+
+                  mkdir -p /btrfs/hdd
+                  mount /dev/mapper/cryptdrive1 /btrfs/hdd
+
+                  btrfs subvolume create /btrfs/hdd/@garage-cluster
+                  btrfs subvolume create /btrfs/hdd/@garage-cluster-config
+                  btrfs subvolume create /btrfs/hdd/@snapshots
+
+                  umount /btrfs/hdd
+
+                  cryptsetup luksClose cryptdrive1
+                  cryptsetup luksClose cryptdrive2
+                  cryptsetup luksClose cryptdrive3
+                '';
+              in
+              {
+                sops.secrets.nextcloudKeyFile = {
+                  format = "binary";
+                  sopsFile = ./secrets/nextcloudKeyFile.bin;
+                };
+
+                environment.systemPackages = with pkgs; [
+                  (writeShellScriptBin "prepare-drives" prepareDrives)
+                ];
+
+                environment.etc.crypttab = {
+                  enable = unlockMounts;
+                  text = ''
+                    cryptdrive1 /dev/sda1 ${keyFilePath} luks
+                    cryptdrive2 /dev/sdb1 ${keyFilePath} luks
+                    cryptdrive3 /dev/sdc1 ${keyFilePath} luks
+                  '';
+                };
+
+                fileSystems =
+                  let fileSystemConfig = {
+                    "${mountDir}" = {
+                      inherit device;
+                      fsType = "btrfs";
+                      options = [ "defaults" "compress=zstd" "rw" ];
+                    };
+                  };
+                  in
+                  if unlockMounts && mountVolumes then fileSystemConfig else { };
+
+                networking.firewall.enable = false;
+              })
          ];
        };

@ -430,13 +511,21 @@
    in
    {
      nixosConfigurations = {
-        nextcloud1 = makeNextcloudConfig {
-          hostname = "nextcloud1";
+        garage1 = makeGarageConfig {
+          hostname = "garage1";
+          selfIp = "192.168.20.21";
          # primaryIp = "192.168.20.28";
        };

-        nextcloud2 = makeNextcloudConfig {
-          hostname = "nextcloud2";
+        garage2 = makeGarageConfig {
+          hostname = "garage2";
+          selfIp = "192.168.20.28";
+          primaryIp = "192.168.20.21";
+        };
+
+        garage3 = makeGarageConfig {
+          hostname = "garage3";
+          selfIp = "192.168.20.29";
          primaryIp = "192.168.20.21";
        };

@ -570,14 +659,19 @@
        configuration = self.nixosConfigurations.whitestorm2;
      };

-      deploy.nodes.nextcloud1 = deployer {
+      deploy.nodes.garage1 = deployer {
        hostname = "192.168.20.21";
-        configuration = self.nixosConfigurations.nextcloud1;
+        configuration = self.nixosConfigurations.garage1;
      };

-      deploy.nodes.nextcloud2 = deployer {
+      deploy.nodes.garage2 = deployer {
        hostname = "192.168.20.28";
-        configuration = self.nixosConfigurations.nextcloud2;
+        configuration = self.nixosConfigurations.garage2;
+      };
+
+      deploy.nodes.garage3 = deployer {
+        hostname = "192.168.20.29";
+        configuration = self.nixosConfigurations.garage3;
      };

      deploy.nodes.build2 = deployer {