diff --git a/flake.nix b/flake.nix index 9b71f73..be4b1dc 100644 --- a/flake.nix +++ b/flake.nix @@ -95,9 +95,13 @@ with image-builder.packages.aarch64-linux.modules; let device = "/dev/mapper/cryptdrive1"; + device2 = "/dev/mapper/cryptdrive2"; subvolumes = [ "@k3s-config" ]; + subvolumes2 = [ + "@exports" + ]; in makeGenericK3sConfig { inherit hostname selfIp serverIp; @@ -107,9 +111,18 @@ extraModules = [ soquartz-blade (btrbkModule { - inherit subvolumes; - mountDir = "/btrfs/nvme"; - primaryIp = serverIp; + instances = [ + { + inherit subvolumes; + mountDir = "/btrfs/nvme"; + primaryIp = serverIp; + } + { + subvolumes = subvolumes2; + mountDir = "/btrfs/nvme2"; + name = "nvme2"; + } + ]; }) (if unlockMounts && mountVolumes then (subvolumesModule { @@ -137,6 +150,8 @@ w EOL + echo "configure first part" + echo "YES" | cryptsetup luksFormat /dev/nvme0n1p1 -d ${keyFilePath} cryptsetup luksOpen /dev/nvme0n1p1 cryptdrive1 -d ${keyFilePath} @@ -149,7 +164,6 @@ btrfs subvolume create /btrfs/nvme/@snapshots btrfs subvolume create /btrfs/nvme/@swap btrfs subvolume create /btrfs/nvme/@var-lib-rancher - btrfs subvolume create /btrfs/nvme/@var-lib-rook btrfs subvolume create /btrfs/nvme/@var-log-pods btrfs filesystem mkswapfile -s 4g /btrfs/nvme/@swap/file @@ -157,6 +171,23 @@ umount /btrfs/nvme cryptsetup luksClose cryptdrive1 + + echo "configure second part" + + echo "YES" | cryptsetup luksFormat /dev/nvme0n1p2 -d ${keyFilePath} + cryptsetup luksOpen /dev/nvme0n1p2 cryptdrive2 -d ${keyFilePath} + + mkfs.btrfs /dev/mapper/cryptdrive2 + + mkdir -p /btrfs/nvme2 + mount /dev/mapper/cryptdrive2 /btrfs/nvme2 + + btrfs subvolume create /btrfs/nvme2/@exports + btrfs subvolume create /btrfs/nvme2/@snapshots + + umount /btrfs/nvme2 + + cryptsetup luksClose cryptdrive2 ''; in { @@ -173,6 +204,7 @@ enable = unlockMounts; text = '' cryptdrive1 /dev/nvme0n1p1 ${keyFilePath} luks + cryptdrive2 /dev/nvme0n1p2 ${keyFilePath} luks ''; }; @@ -186,6 +218,16 @@ fsType = "btrfs"; options = defaultOptions; }; + "/btrfs/nvme2" = { + device = device2; + fsType = "btrfs"; + options = defaultOptions; + }; + "/exports" = { + device = device2; + fsType = "btrfs"; + options = defaultOptions ++ [ "subvol=@exports" ]; + }; "/swap" = { inherit device; fsType = "btrfs"; @@ -196,11 +238,6 @@ fsType = "btrfs"; options = defaultOptions ++ [ "subvol=@var-lib-rancher" ]; }; - "/var/lib/rook" = { - inherit device; - fsType = "btrfs"; - options = defaultOptions ++ [ "subvol=@var-lib-rook" ]; - }; "/var/log/pods" = { inherit device; fsType = "btrfs"; @@ -224,6 +261,14 @@ [ swapFile ] else [ ]; + + services.nfs.server = { + enable = unlockMounts && mountVolumes; + exports = '' + /exports 192.168.20.0/24(rw,sync,fsid=0,no_subtree_check) + /exports/k3s 192.168.20.0/24(rw,nohide,insecure,sync,no_subtree_check,no_root_squash) + ''; + }; }) ]; }; @@ -254,7 +299,9 @@ rockPro64v2 dockerModule (btrbkModule { - inherit mountDir primaryIp subvolumes; + instances = [{ + inherit mountDir primaryIp subvolumes; + }]; }) (if primaryIp == null then (subvolumesModule { @@ -301,7 +348,9 @@ rock64 dockerModule (btrbkModule { - inherit mountDir primaryIp subvolumes; + instances = [{ + inherit mountDir primaryIp subvolumes; + }]; }) (if primaryIp == null then (subvolumesModule { diff --git a/modules/btrbk/default.nix b/modules/btrbk/default.nix index 54c748e..18f0ca4 100644 --- a/modules/btrbk/default.nix +++ b/modules/btrbk/default.nix @@ -1,6 +1,4 @@ -{ primaryIp ? null -, mountDir -, subvolumes +{ instances ? [ ] }: { config, pkgs, ... }: @@ -30,7 +28,7 @@ let subvolumes; }; - primary = { + primary = mountDir: subvolumes: { snapshot_preserve_min = "2d"; snapshot_preserve = "35d 20w 12m"; transaction_log = "/var/log/btrbk.log"; @@ -41,7 +39,7 @@ let }; }; - secondary = { + secondary = primaryIp: mountDir: subvolumes: { backend_remote = "btrfs-progs-sudo"; ssh_identity = config.sops.secrets.private_key.path; ssh_user = "btrbk"; @@ -59,8 +57,6 @@ let }; }; }; - - selected = if primaryIp == null then primary else secondary; in { sops.secrets.private_key = { @@ -85,9 +81,19 @@ in } ]; extraPackages = with pkgs; [ gzip ]; - instances.btrbk = { - onCalendar = "hourly"; - settings = selected; - }; + instances = (builtins.foldl' + (acc: { primaryIp ? null, mountDir, subvolumes, name ? "btrbk" }: + let + selected = if primaryIp == null then (primary mountDir subvolumes) else (secondary primaryIp mountDir subvolumes); + in + acc // + { + ${name} = { + onCalendar = "hourly"; + settings = selected; + }; + }) + { } + instances); }; }