Raphaël Numbus
107 lines
3.3 KiB
Nix
107 lines
3.3 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.numbus.hardware.disks.parity;
|
|
|
|
parityCount = builtins.length cfg.list;
|
|
|
|
parityDisks = lib.imap0 (i: device: {
|
|
name = "parity-${toString i}";
|
|
value = {
|
|
type = "disk";
|
|
inherit device;
|
|
content = {
|
|
type = cfg.partitionTableScheme;
|
|
partitions.luks = {
|
|
size = cfg.partition.size;
|
|
content = {
|
|
type = "luks";
|
|
name = "parity-${toString i}";
|
|
settings.keyFile = "/run/secrets/disks/parity-${toString i}";
|
|
initrdUnlock = false;
|
|
content = {
|
|
type = "filesystem";
|
|
format = cfg.partition.filesystem;
|
|
mountpoint = "/mnt/parity-${toString i}";
|
|
mountOptions = [ "noauto" "nofail" ];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}) cfg.list;
|
|
in
|
|
|
|
{
|
|
options.numbus.hardware.disks = {
|
|
parity = {
|
|
list = mkOption {
|
|
type = types.listOf types.str;
|
|
example = [ "/dev/disk/by-id/ata_WDC_MZVPYEHCO_159Ejz224G0000" "/dev/disk/by-id/ata-San_Disk_159Ejz224G" ];
|
|
default = [];
|
|
description = "A set of by-id path of disk(s) that will be used as parity disk(s).";
|
|
};
|
|
partitionTableScheme = mkOption {
|
|
type = types.enum [ "gpt" "mbr" ];
|
|
default = "gpt";
|
|
example = "gpt";
|
|
description = "The scheme of the partition table. Use \"gpt\" for modern devices and \"mbr\" for legacy ones.";
|
|
};
|
|
partition = {
|
|
filesystem = mkOption {
|
|
type = types.enum [ "ext4" "btrfs" "xfs" ];
|
|
default = "xfs";
|
|
example = "xfs";
|
|
description = "The filesystem to use for the main partition of the parity disk(s).";
|
|
};
|
|
size = mkOption {
|
|
type = types.str;
|
|
default = "100%";
|
|
example = "100%";
|
|
description = "The size of the main partition. Use G for GBs and M for MBs.";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
config = mkIf (parityCount > 1) {
|
|
disko.devices.disk = builtins.listToAttrs parityDisks;
|
|
|
|
sops.secrets = listToAttrs (map (i:
|
|
nameValuePair "disks/parity-${toString i}" {
|
|
sopsFile = "/etc/nixos/secrets/disks/parity.yaml";
|
|
gid = "0";
|
|
uid = "0";
|
|
mode = "0400";
|
|
}
|
|
) (range 0 (parityCount - 1)));
|
|
|
|
systemd.services.mount-parity-disks = {
|
|
description = "Mount parity disks.";
|
|
before = [ "mnt-data.mount" ];
|
|
requiredBy = [ "mnt-data.mount" ];
|
|
requires = [ "sops-install-secrets.service" ];
|
|
path = [ pkgs.cryptsetup pkgs.util-linux ];
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
RemainAfterExit = true;
|
|
};
|
|
script = let
|
|
mountparityDisk = i: ''
|
|
if [ ! -e /dev/mapper/parity-${toString i} ]; then
|
|
cryptsetup luksOpen --key-file /run/secrets/disks/parity-${toString i} /dev/disk/by-partlabel/disk-parity-${toString i}-luks parity-${toString i}
|
|
fi
|
|
mkdir -p /mnt/parity-${toString i}
|
|
if ! mountpoint -q /mnt/parity-${toString i}; then
|
|
mount -t ${cfg.partition.filesystem} /dev/mapper/parity-${toString i} /mnt/parity-${toString i}
|
|
fi
|
|
'';
|
|
in
|
|
''
|
|
${concatMapStrings mountparityDisk (range 0 (parityCount - 1))}
|
|
'';
|
|
};
|
|
};
|
|
} |