diff --git a/flake.nix b/flake.nix index 77d8e8f..4768cfd 100644 --- a/flake.nix +++ b/flake.nix @@ -301,7 +301,7 @@ ]; }; - makeNextcloudConfig = { hostname, primaryIp ? null }: + makeGarageConfig = { hostname, selfIp, primaryIp ? null, unlockMounts ? true, mountVolumes ? true }: with image-builder.packages.aarch64-linux.modules; let device = "/dev/mapper/cryptdrive1"; @@ -309,16 +309,18 @@ subvolumes = [ "@nc-config" "@nc-data" - "@postgres" "@redis" "@gitea" "@gitea-conf" "@pihole" - "@papermc" "@docker-cfg" "@garage" "@garage-config" ]; + garageVolumes = [ + "@garage-cluster" + "@garage-cluster-config" + ]; in makeConfig { inherit hostname; @@ -326,38 +328,117 @@ extraModules = [ rockPro64v2 dockerModule + (networkModule { inherit selfIp; }) (btrbkModule { - instances = [{ - inherit mountDir primaryIp subvolumes; - }]; + instances = [ + { + inherit mountDir primaryIp subvolumes; + } + { + inherit mountDir; + name = "garage"; + subvolumes = garageVolumes; + } + ]; }) - (if primaryIp == null then + (if primaryIp == null && unlockMounts && mountVolumes then (subvolumesModule { inherit device subvolumes; }) else { }) - ({ config, ... }: { - sops.secrets.nextcloudKeyFile = { - format = "binary"; - sopsFile = ./secrets/nextcloudKeyFile.bin; - }; - - environment.etc.crypttab = { - enable = true; - text = '' - cryptdrive1 /dev/sda1 ${config.sops.secrets.nextcloudKeyFile.path} luks - cryptdrive2 /dev/sdb1 ${config.sops.secrets.nextcloudKeyFile.path} luks - cryptdrive3 /dev/sdc1 ${config.sops.secrets.nextcloudKeyFile.path} luks - ''; - }; - - fileSystems."${mountDir}" = { + (if unlockMounts && mountVolumes then + (subvolumesModule { inherit device; - fsType = "btrfs"; - options = [ "defaults" "compress=zstd" "rw" ]; - }; + subvolumes = garageVolumes; + }) else { }) + ({ config, pkgs, ... }: + let + keyFile = "nextcloudKeyFile"; + keyFilePath = config.sops.secrets."${keyFile}".path; + prepareDrives = '' + fdisk -w always /dev/sda << EOL + g + n + 1 - networking.firewall.enable = false; - }) + + w + EOL + + fdisk -w always /dev/sdb << EOL + g + n + 1 + + + w + EOL + + fdisk -w always /dev/sdc << EOL + g + n + 1 + + + w + EOL + + echo "YES" | cryptsetup luksFormat /dev/sda1 -d ${keyFilePath} + cryptsetup luksOpen /dev/sda1 cryptdrive1 -d ${keyFilePath} + + echo "YES" | cryptsetup luksFormat /dev/sdb1 -d ${keyFilePath} + cryptsetup luksOpen /dev/sdb1 cryptdrive2 -d ${keyFilePath} + + echo "YES" | cryptsetup luksFormat /dev/sdc1 -d ${keyFilePath} + cryptsetup luksOpen /dev/sdc1 cryptdrive3 -d ${keyFilePath} + + mkfs.btrfs -d raid1c3 -m raid1c3 /dev/mapper/cryptdrive1 /dev/mapper/cryptdrive2 /dev/mapper/cryptdrive3 + + mkdir -p /btrfs/hdd + mount /dev/mapper/cryptdrive1 /btrfs/hdd + + btrfs subvolume create /btrfs/hdd/@garage-cluster + btrfs subvolume create /btrfs/hdd/@garage-cluster-config + btrfs subvolume create /btrfs/hdd/@snapshots + + umount /btrfs/hdd + + cryptsetup luksClose cryptdrive1 + cryptsetup luksClose cryptdrive2 + cryptsetup luksClose cryptdrive3 + ''; + in + { + sops.secrets.nextcloudKeyFile = { + format = "binary"; + sopsFile = ./secrets/nextcloudKeyFile.bin; + }; + + environment.systemPackages = with pkgs; [ + (writeShellScriptBin "prepare-drives" prepareDrives) + ]; + + environment.etc.crypttab = { + enable = unlockMounts; + text = '' + cryptdrive1 /dev/sda1 ${keyFilePath} luks + cryptdrive2 /dev/sdb1 ${keyFilePath} luks + cryptdrive3 /dev/sdc1 ${keyFilePath} luks + ''; + }; + + fileSystems = + let fileSystemConfig = { + "${mountDir}" = { + inherit device; + fsType = "btrfs"; + options = [ "defaults" "compress=zstd" "rw" ]; + }; + }; + in + if unlockMounts && mountVolumes then fileSystemConfig else { }; + + networking.firewall.enable = false; + }) ]; }; @@ -430,13 +511,21 @@ in { nixosConfigurations = { - nextcloud1 = makeNextcloudConfig { - hostname = "nextcloud1"; + garage1 = makeGarageConfig { + hostname = "garage1"; + selfIp = "192.168.20.21"; # primaryIp = "192.168.20.28"; }; - nextcloud2 = makeNextcloudConfig { - hostname = "nextcloud2"; + garage2 = makeGarageConfig { + hostname = "garage2"; + selfIp = "192.168.20.28"; + primaryIp = "192.168.20.21"; + }; + + garage3 = makeGarageConfig { + hostname = "garage3"; + selfIp = "192.168.20.29"; primaryIp = "192.168.20.21"; }; @@ -570,14 +659,19 @@ configuration = self.nixosConfigurations.whitestorm2; }; - deploy.nodes.nextcloud1 = deployer { + deploy.nodes.garage1 = deployer { hostname = "192.168.20.21"; - configuration = self.nixosConfigurations.nextcloud1; + configuration = self.nixosConfigurations.garage1; }; - deploy.nodes.nextcloud2 = deployer { + deploy.nodes.garage2 = deployer { hostname = "192.168.20.28"; - configuration = self.nixosConfigurations.nextcloud2; + configuration = self.nixosConfigurations.garage2; + }; + + deploy.nodes.garage3 = deployer { + hostname = "192.168.20.29"; + configuration = self.nixosConfigurations.garage3; }; deploy.nodes.build2 = deployer {