diff --git a/deploy.conf b/deploy.conf index 128f6a5..e5caabc 100644 --- a/deploy.conf +++ b/deploy.conf @@ -16,4 +16,4 @@ export HOME_ROUTER_IP="192.168.1.1" export HOME_SERVER_IP="192.168.1.5" # SERVICES SETTINGS export SELECTED_SERVICES=( "frigate" "gitea" "home-assistant" "immich" "it-tools" \ -"nextcloud" "passbolt" "pi-hole" "virtualization" ) \ No newline at end of file +"nextcloud" "passbolt" "pi-hole" "virtualization" ) diff --git a/deploy.sh b/deploy.sh index 9f9d1da..7fe07ba 100644 --- a/deploy.sh +++ b/deploy.sh @@ -528,7 +528,11 @@ EOF (envsubst < "templates/nix-config/disks/content.nix") >> final-nix-config/etc/nixos/disks/disko.nix SNAPRAID_CONTENT_FILES+=" \"/mnt/content-${j}/snapraid.content\""$'\n' SNAPRAID_DATA_DISKS+=" d${j} = \"/mnt/content-${j}\";"$'\n' - MERGERFS_REQ_DEPS+=" \"x-systemd.requires-mounts-for=/mnt/content-${j}\""$'\n' + MOUNT_DEPENDENCIES_START+=" cryptsetup open ${CONTENT_DISK_ID}-part1 crypted-content-${j} --key-file /etc/secrets/disks/content-${j}"$'\n' + MOUNT_DEPENDENCIES_START+=" mkdir -p /mnt/content-${j}"$'\n' + MOUNT_DEPENDENCIES_START+=" mount /mnt/content-${j}"$'\n' + MOUNT_DEPENDENCIES_STOP+=" umount /mnt/content-${j}"$'\n' + MOUNT_DEPENDENCIES_STOP+=" cryptsetup close crypted-content-${j}"$'\n' done echo -e "\n✅ Generated $CONTENT_DISK_NUMBER data disk configuration(s)." j=0 @@ -538,12 +542,18 @@ EOF if [[ "${DATA_DISKS_TYPE[${i}]}" == "HDD" ]]; then export ALLOW_DISCARDS="false"; else export ALLOW_DISCARDS="true"; fi (envsubst < "templates/nix-config/disks/parity.nix") >> final-nix-config/etc/nixos/disks/disko.nix SNAPRAID_PARITY_FILES+=" \"/mnt/parity-${j}/snapraid.parity\""$'\n' + MOUNT_DEPENDENCIES_START+=" cryptsetup open ${PARITY_DISK_ID} crypted-parity-${j} --key-file /etc/secrets/disks/parity-${j}"$'\n' + MOUNT_DEPENDENCIES_START+=" mkdir -p /mnt/parity-${j}"$'\n' + MOUNT_DEPENDENCIES_START+=" mount /mnt/parity-${j}"$'\n' + MOUNT_DEPENDENCIES_STOP+=" umount /mnt/parity-${j}"$'\n' + MOUNT_DEPENDENCIES_STOP+=" cryptsetup close crypted-parity-${j}"$'\n' done echo -e "\n✅ Generated $PARITY_DISK_NUMBER parity disk configuration(s)." export SNAPRAID_CONTENT_FILES export SNAPRAID_DATA_DISKS export SNAPRAID_PARITY_FILES - export MERGERFS_REQ_DEPS + export MOUNT_DEPENDENCIES_START + export MOUNT_DEPENDENCIES_STOP envsubst < templates/nix-config/disks/snapraid.nix > final-nix-config/etc/nixos/disks/snapraid.nix fi # Close the disko.nix block diff --git a/templates/nix-config/disks/content.nix b/templates/nix-config/disks/content.nix index a92b3cc..ca8c8d1 100644 --- a/templates/nix-config/disks/content.nix +++ b/templates/nix-config/disks/content.nix @@ -9,16 +9,17 @@ content = { type = "luks"; name = "crypted-content-${j}"; + initrdUnlock = false; settings = { keyFile = "/etc/secrets/disks/content-${j}"; allowDiscards = ${ALLOW_DISCARDS:-false}; - crypttabExtraOpts = [ "nofail" ]; + crypttabExtraOpts = [ "nofail" "noauto" ]; }; content = { type = "filesystem"; format = "xfs"; mountpoint = "/mnt/content-${j}"; - mountOptions = [ "nofail" "defaults" ]; + mountOptions = [ "nofail" "noauto" ]; }; }; }; diff --git a/templates/nix-config/disks/parity.nix b/templates/nix-config/disks/parity.nix index cdcf082..56af6b9 100644 --- a/templates/nix-config/disks/parity.nix +++ b/templates/nix-config/disks/parity.nix @@ -9,16 +9,17 @@ content = { type = "luks"; name = "crypted-parity-${j}"; + initrdUnlock = false; settings = { keyFile = "/etc/secrets/disks/parity-${j}"; allowDiscards = ${ALLOW_DISCARDS:-false}; - crypttabExtraOpts = [ "nofail" ]; + crypttabExtraOpts = [ "nofail" "noauto" ]; }; content = { type = "filesystem"; format = "xfs"; mountpoint = "/mnt/parity-${j}"; - mountOptions = [ "nofail" "defaults" ]; + mountOptions = [ "nofail" "noauto" ]; }; }; }; diff --git a/templates/nix-config/disks/snapraid.nix b/templates/nix-config/disks/snapraid.nix index 5bcd2c5..366ed1f 100644 --- a/templates/nix-config/disks/snapraid.nix +++ b/templates/nix-config/disks/snapraid.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: { ### --> MergerFS setup @@ -19,12 +19,31 @@ "fsname=mergerfs_data" "x-mount.mkdir" "x-systemd.automount" -$MERGERFS_REQ_DEPS + "x-systemd.requires=mount-dependencies.service" ]; }; - ### MergerFS setup <-- + systemd.services.mount-dependencies = { + description = "This service will mount the encrypted disks for mergerFS"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.cryptsetup pkgs.mount ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + # Bring the service up + ExecStart = pkgs.writeShellScript "mount-disks" '' +$MOUNT_DEPENDENCIES_START + ''; + # Take it down gracefully + ExecStop = pkgs.writeShellScript "unmount-disks" '' +$MOUNT_DEPENDENCIES_STOP + ''; + Restart = "on-failure"; + }; + }; + ### --> SnapRAID setup services.snapraid = { enable = true; diff --git a/templates/nix-config/podman/traefik.nix b/templates/nix-config/podman/traefik.nix index a145e4e..7acacc4 100644 --- a/templates/nix-config/podman/traefik.nix +++ b/templates/nix-config/podman/traefik.nix @@ -33,8 +33,8 @@ in it-tools: ipv4_address: 172.16.70.253 ports: - - 80:80 - - 443:443 + - 8080:80 + - 8443:443 volumes: - /run/user/1000/podman/podman.sock:/run/docker.sock:ro - ${config_dir}/rules/:/etc/traefik/conf/:ro