102 lines
2.4 KiB
Nix
102 lines
2.4 KiB
Nix
|
{ config, lib, pkgs, ... }:
|
||
|
|
||
|
let
|
||
|
s3qlWithSystemd = pkgs.s3ql.overrideAttrs (old: {
|
||
|
propagatedBuildInputs = old.propagatedBuildInputs ++ [
|
||
|
pkgs.python3Packages.systemd
|
||
|
];
|
||
|
});
|
||
|
|
||
|
dirs = {
|
||
|
cache = "/srv/storage/private/s3ql-cache";
|
||
|
underlay = "/mnt/heresy";
|
||
|
mount = "/srv/heresy";
|
||
|
};
|
||
|
in
|
||
|
|
||
|
{
|
||
|
age.secrets = {
|
||
|
storageBoxCredentials.file = ./secrets/storage-box-credentials.age;
|
||
|
heresyEncryptionKey.file = ./secrets/heresy-encryption-key.age;
|
||
|
};
|
||
|
|
||
|
boot.supportedFilesystems = [ "cifs" ];
|
||
|
|
||
|
fileSystems."${dirs.underlay}" = {
|
||
|
fsType = "cifs";
|
||
|
device = "//u357754.your-storagebox.de/u357754-sub1/fs/heresy";
|
||
|
options = [
|
||
|
"credentials=${config.age.secrets.storageBoxCredentials.path}"
|
||
|
"dir_mode=0700"
|
||
|
"file_mode=0600"
|
||
|
"_netdev"
|
||
|
"x-systemd.automount"
|
||
|
];
|
||
|
};
|
||
|
|
||
|
systemd = {
|
||
|
tmpfiles.rules = [
|
||
|
"d '${dirs.cache}' 0700 root root - -"
|
||
|
];
|
||
|
services.heresy = {
|
||
|
description = "Heresy Filesystem";
|
||
|
wantedBy = [ "multi-user.target" ];
|
||
|
requires = [ "mnt-heresy.mount" ];
|
||
|
wants = [ "remote-fs.target" ];
|
||
|
after = [ "mnt-heresy.mount" ];
|
||
|
before = [ "remote-fs.target" ];
|
||
|
|
||
|
# used by umount.s3ql
|
||
|
path = with pkgs; [
|
||
|
psmisc
|
||
|
util-linux
|
||
|
];
|
||
|
|
||
|
serviceConfig = let
|
||
|
commonOptions = [
|
||
|
"--compress" "none"
|
||
|
"--cachedir" dirs.cache
|
||
|
"--authfile" config.age.secrets.heresyEncryptionKey.path
|
||
|
];
|
||
|
in {
|
||
|
Type = "notify";
|
||
|
|
||
|
ExecStartPre = map lib.escapeShellArgs [
|
||
|
[
|
||
|
"${pkgs.coreutils}/bin/install" "-dm755" dirs.mount
|
||
|
]
|
||
|
([
|
||
|
"${s3qlWithSystemd}/bin/fsck.s3ql"
|
||
|
"local://${dirs.underlay}"
|
||
|
] ++ commonOptions)
|
||
|
];
|
||
|
ExecStart = lib.escapeShellArgs ([
|
||
|
"${s3qlWithSystemd}/bin/mount.s3ql"
|
||
|
"local://${dirs.underlay}"
|
||
|
dirs.mount
|
||
|
"--fs-name" "heresy"
|
||
|
"--allow-other"
|
||
|
"--systemd" "--fg"
|
||
|
"--log" "none"
|
||
|
] ++ commonOptions);
|
||
|
|
||
|
ExecStop = lib.escapeShellArgs [
|
||
|
"${s3qlWithSystemd}/bin/umount.s3ql"
|
||
|
"--log" "none"
|
||
|
dirs.mount
|
||
|
];
|
||
|
|
||
|
# fsck and unmounting might take a while
|
||
|
TimeoutStartSec = "600s";
|
||
|
TimeoutStopSec = "600s";
|
||
|
|
||
|
# s3ql only handles SIGINT
|
||
|
KillSignal = "SIGINT";
|
||
|
|
||
|
Restart = "on-failure";
|
||
|
RestartSec = "10s";
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
}
|