cluster/services/storage: mount heresy via external-storage

2023-08-23 00:56:27 +02:00 · 2023-08-23 00:56:27 +02:00 · 365e4c69c9
commit 365e4c69c9
parent 7c1b78f7f8
1 changed files with 12 additions and 97 deletions
--- a/cluster/services/storage/heresy.nix
+++ b/cluster/services/storage/heresy.nix
@ -1,101 +1,16 @@
 { config, lib, pkgs, ... }:
 let
  s3qlWithSystemd = pkgs.s3ql.overrideAttrs (old: {
    propagatedBuildInputs = old.propagatedBuildInputs ++ [
      pkgs.python3Packages.systemd
    ];
  });
  dirs = {
    cache = "/srv/storage/private/s3ql-cache";
    underlay = "/mnt/heresy";
    mount = "/srv/heresy";
  };
 in
 {
-  age.secrets = {
+  services.external-storage = {
-    storageBoxCredentials.file = ./secrets/storage-box-credentials.age;
+    underlays.heresy = {
-    heresyEncryptionKey.file = ./secrets/heresy-encryption-key.age;
+      subUser = "sub1";
-  };
+      credentialsFile = ./secrets/storage-box-credentials.age;
-
+      path = "/fs/heresy";
-  boot.supportedFilesystems = [ "cifs" ];
+    };
-
+    fileSystems.heresy = {
-  fileSystems."${dirs.underlay}" = {
+      mountpoint = "/srv/heresy";
-    fsType = "cifs";
+      unitName = "heresy";
-    device = "//u357754.your-storagebox.de/u357754-sub1/fs/heresy";
+      unitDescription = "Heresy Filesystem";
-    options = [
+      encryptionKeyFile = ./secrets/heresy-encryption-key.age;
-      "credentials=${config.age.secrets.storageBoxCredentials.path}"
+      underlay = "heresy";
      "dir_mode=0700"
      "file_mode=0600"
      "_netdev"
      "x-systemd.automount"
    ];
  };
  systemd = {
    tmpfiles.rules = [
      "d '${dirs.cache}' 0700 root root - -"
    ];
    services.heresy = {
      description = "Heresy Filesystem";
      wantedBy = [ "multi-user.target" ];
      requires = [ "mnt-heresy.mount" ];
      wants = [ "remote-fs.target" ];
      after = [ "mnt-heresy.mount" ];
      before = [ "remote-fs.target" ];
      # used by umount.s3ql
      path = with pkgs; [
        psmisc
        util-linux
      ];
      serviceConfig = let
        commonOptions = [
          "--compress" "none"
          "--cachedir" dirs.cache
          "--authfile" config.age.secrets.heresyEncryptionKey.path
        ];
      in {
        Type = "notify";
        ExecStartPre = map lib.escapeShellArgs [
          [
            "${pkgs.coreutils}/bin/install" "-dm755" dirs.mount
          ]
          ([
            "${s3qlWithSystemd}/bin/fsck.s3ql"
            "local://${dirs.underlay}"
          ] ++ commonOptions)
        ];
        ExecStart = lib.escapeShellArgs ([
          "${s3qlWithSystemd}/bin/mount.s3ql"
          "local://${dirs.underlay}"
          dirs.mount
          "--fs-name" "heresy"
          "--allow-other"
          "--systemd" "--fg"
          "--log" "none"
        ] ++ commonOptions);
        ExecStop = lib.escapeShellArgs [
          "${s3qlWithSystemd}/bin/umount.s3ql"
          "--log" "none"
          dirs.mount
        ];
        # fsck and unmounting might take a while
        TimeoutStartSec = "600s";
        TimeoutStopSec = "600s";
        # s3ql only handles SIGINT
        KillSignal = "SIGINT";
        Restart = "on-failure";
        RestartSec = "10s";
      };
    };
  };
 }