asonix/sbc-deploys
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Nfs on second nvme

Browse source
This commit is contained in:
asonix 2023-02-09 19:37:49 -06:00
parent e750fe290e
commit ab17743830
2 changed files with 77 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

61
flake.nix
View file

@ -95,9 +95,13 @@
with image-builder.packages.aarch64-linux.modules; with image-builder.packages.aarch64-linux.modules;
let let
device = "/dev/mapper/cryptdrive1"; device = "/dev/mapper/cryptdrive1";
device2 = "/dev/mapper/cryptdrive2";
subvolumes = [ subvolumes = [
"@k3s-config" "@k3s-config"
]; ];
subvolumes2 = [
"@exports"
];
in in
makeGenericK3sConfig { makeGenericK3sConfig {
inherit hostname selfIp serverIp; inherit hostname selfIp serverIp;
@ -107,9 +111,18 @@
extraModules = [ extraModules = [
soquartz-blade soquartz-blade
(btrbkModule { (btrbkModule {
instances = [
{
inherit subvolumes; inherit subvolumes;
mountDir = "/btrfs/nvme"; mountDir = "/btrfs/nvme";
primaryIp = serverIp; primaryIp = serverIp;
}
{
subvolumes = subvolumes2;
mountDir = "/btrfs/nvme2";
name = "nvme2";
}
];
}) })
(if unlockMounts && mountVolumes then (if unlockMounts && mountVolumes then
(subvolumesModule { (subvolumesModule {
@ -137,6 +150,8 @@
w w
EOL EOL
echo "configure first part"
echo "YES" | cryptsetup luksFormat /dev/nvme0n1p1 -d ${keyFilePath} echo "YES" | cryptsetup luksFormat /dev/nvme0n1p1 -d ${keyFilePath}
cryptsetup luksOpen /dev/nvme0n1p1 cryptdrive1 -d ${keyFilePath} cryptsetup luksOpen /dev/nvme0n1p1 cryptdrive1 -d ${keyFilePath}
@ -149,7 +164,6 @@
btrfs subvolume create /btrfs/nvme/@snapshots btrfs subvolume create /btrfs/nvme/@snapshots
btrfs subvolume create /btrfs/nvme/@swap btrfs subvolume create /btrfs/nvme/@swap
btrfs subvolume create /btrfs/nvme/@var-lib-rancher btrfs subvolume create /btrfs/nvme/@var-lib-rancher
btrfs subvolume create /btrfs/nvme/@var-lib-rook
btrfs subvolume create /btrfs/nvme/@var-log-pods btrfs subvolume create /btrfs/nvme/@var-log-pods
btrfs filesystem mkswapfile -s 4g /btrfs/nvme/@swap/file btrfs filesystem mkswapfile -s 4g /btrfs/nvme/@swap/file
@ -157,6 +171,23 @@
umount /btrfs/nvme umount /btrfs/nvme
cryptsetup luksClose cryptdrive1 cryptsetup luksClose cryptdrive1
echo "configure second part"
echo "YES" | cryptsetup luksFormat /dev/nvme0n1p2 -d ${keyFilePath}
cryptsetup luksOpen /dev/nvme0n1p2 cryptdrive2 -d ${keyFilePath}
mkfs.btrfs /dev/mapper/cryptdrive2
mkdir -p /btrfs/nvme2
mount /dev/mapper/cryptdrive2 /btrfs/nvme2
btrfs subvolume create /btrfs/nvme2/@exports
btrfs subvolume create /btrfs/nvme2/@snapshots
umount /btrfs/nvme2
cryptsetup luksClose cryptdrive2
''; '';
in in
{ {
@ -173,6 +204,7 @@
enable = unlockMounts; enable = unlockMounts;
text = '' text = ''
cryptdrive1 /dev/nvme0n1p1 ${keyFilePath} luks cryptdrive1 /dev/nvme0n1p1 ${keyFilePath} luks
cryptdrive2 /dev/nvme0n1p2 ${keyFilePath} luks
''; '';
}; };
@ -186,6 +218,16 @@
fsType = "btrfs"; fsType = "btrfs";
options = defaultOptions; options = defaultOptions;
}; };
"/btrfs/nvme2" = {
device = device2;
fsType = "btrfs";
options = defaultOptions;
};
"/exports" = {
device = device2;
fsType = "btrfs";
options = defaultOptions ++ [ "subvol=@exports" ];
};
"/swap" = { "/swap" = {
inherit device; inherit device;
fsType = "btrfs"; fsType = "btrfs";
@ -196,11 +238,6 @@
fsType = "btrfs"; fsType = "btrfs";
options = defaultOptions ++ [ "subvol=@var-lib-rancher" ]; options = defaultOptions ++ [ "subvol=@var-lib-rancher" ];
}; };
"/var/lib/rook" = {
inherit device;
fsType = "btrfs";
options = defaultOptions ++ [ "subvol=@var-lib-rook" ];
};
"/var/log/pods" = { "/var/log/pods" = {
inherit device; inherit device;
fsType = "btrfs"; fsType = "btrfs";
@ -224,6 +261,14 @@
[ swapFile ] [ swapFile ]
else else
[ ]; [ ];
services.nfs.server = {
enable = unlockMounts && mountVolumes;
exports = ''
/exports 192.168.20.0/24(rw,sync,fsid=0,no_subtree_check)
/exports/k3s 192.168.20.0/24(rw,nohide,insecure,sync,no_subtree_check,no_root_squash)
'';
};
}) })
]; ];
}; };
@ -254,7 +299,9 @@
rockPro64v2 rockPro64v2
dockerModule dockerModule
(btrbkModule { (btrbkModule {
instances = [{
inherit mountDir primaryIp subvolumes; inherit mountDir primaryIp subvolumes;
}];
}) })
(if primaryIp == null then (if primaryIp == null then
(subvolumesModule { (subvolumesModule {
@ -301,7 +348,9 @@
rock64 rock64
dockerModule dockerModule
(btrbkModule { (btrbkModule {
instances = [{
inherit mountDir primaryIp subvolumes; inherit mountDir primaryIp subvolumes;
}];
}) })
(if primaryIp == null then (if primaryIp == null then
(subvolumesModule { (subvolumesModule {

22
modules/btrbk/default.nix
View file

@ -1,6 +1,4 @@
{ primaryIp ? null { instances ? [ ]
, mountDir
, subvolumes
}: }:
{ config, pkgs, ... }: { config, pkgs, ... }:
@ -30,7 +28,7 @@ let
subvolumes; subvolumes;
}; };
primary = { primary = mountDir: subvolumes: {
snapshot_preserve_min = "2d"; snapshot_preserve_min = "2d";
snapshot_preserve = "35d 20w 12m"; snapshot_preserve = "35d 20w 12m";
transaction_log = "/var/log/btrbk.log"; transaction_log = "/var/log/btrbk.log";
@ -41,7 +39,7 @@ let
}; };
}; };
secondary = { secondary = primaryIp: mountDir: subvolumes: {
backend_remote = "btrfs-progs-sudo"; backend_remote = "btrfs-progs-sudo";
ssh_identity = config.sops.secrets.private_key.path; ssh_identity = config.sops.secrets.private_key.path;
ssh_user = "btrbk"; ssh_user = "btrbk";
@ -59,8 +57,6 @@ let
}; };
}; };
}; };
selected = if primaryIp == null then primary else secondary;
in in
{ {
sops.secrets.private_key = { sops.secrets.private_key = {
@ -85,9 +81,19 @@ in
} }
]; ];
extraPackages = with pkgs; [ gzip ]; extraPackages = with pkgs; [ gzip ];
instances.btrbk = { instances = (builtins.foldl'
(acc: { primaryIp ? null, mountDir, subvolumes, name ? "btrbk" }:
let
selected = if primaryIp == null then (primary mountDir subvolumes) else (secondary primaryIp mountDir subvolumes);
in
acc //
{
${name} = {
onCalendar = "hourly"; onCalendar = "hourly";
settings = selected; settings = selected;
}; };
})
{ }
instances);
}; };
} }