99 lines
2.8 KiB
Nix
99 lines
2.8 KiB
Nix
{ config, pkgs, ... }:
|
|
let
|
|
sendEmailEvent = { event }: ''
|
|
printf "Subject: phoenix ${event} ''$(${pkgs.coreutils}/bin/date --iso-8601=seconds)\n\nzpool status:\n\n''$(${pkgs.zfs}/bin/zpool status)" | ${pkgs.msmtp}/bin/msmtp -a default ciapa@lewd.wtf
|
|
'';
|
|
in
|
|
{
|
|
# ZFS remote unlocking
|
|
boot.initrd.systemd.enable = true;
|
|
# TODO: Install ZFS tools
|
|
# TODO: Override built-in zfs unlock service
|
|
boot.initrd.availableKernelModules = [ "igb" ];
|
|
boot.kernelParams = [
|
|
"ip=192.168.0.42::192.168.0.1:255.255.252.0:phoenix-initrd:eno2:off:192.168.0.1"
|
|
];
|
|
boot.initrd.systemd.services.zfsunlock = {
|
|
description = "Unlock ZFS pools";
|
|
wantedBy = [
|
|
"initrd.target"
|
|
];
|
|
before = [
|
|
"zfs-import-zroot.service"
|
|
];
|
|
unitConfig.DefaultDependencies = "no";
|
|
serviceConfig.Type = "oneshot";
|
|
script = ''
|
|
cat <<EOF > /root/.profile
|
|
if pgrep -x "zfs" > /dev/null
|
|
then
|
|
zfs load-key zroot
|
|
zpool import -f zbigdata
|
|
zfs load-key zbigdata
|
|
zpool import -f zvault
|
|
zfs load-key zvault
|
|
killall zfs
|
|
else
|
|
echo "zfs not running -- maybe the pool is taking some time to load for some unforseen reason."
|
|
fi
|
|
EOF
|
|
'';
|
|
};
|
|
boot.initrd.network = {
|
|
enable = true;
|
|
ssh = {
|
|
enable = true;
|
|
port = 2222;
|
|
hostKeys = [
|
|
/boot-1/initrd-ssh-key
|
|
/boot-2/initrd-ssh-key
|
|
];
|
|
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
|
};
|
|
};
|
|
|
|
# ZFS options from https://nixos.wiki/wiki/NixOS_on_ZFS
|
|
networking.hostId = "42069420";
|
|
boot.supportedFilesystems = [ "zfs" ];
|
|
|
|
# ZFS notifications
|
|
services.zfs.zed.enableMail = true;
|
|
services.zfs.zed.settings = {
|
|
ZED_EMAIL_ADDR = [ "ciapa@lewd.wtf" ];
|
|
ZED_EMAIL_OPTS = "-a 'FROM:phoenix@lewd.wtf' -s '@SUBJECT@' @ADDRESS@";
|
|
ZED_NOTIFY_VERBOSE = true;
|
|
};
|
|
|
|
# Timed status mails (Boot, Shutdown, Weekly)
|
|
systemd.services."boot-mail-alert" = {
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [ "network-online.target" ];
|
|
wants = [ "network-online.target" ];
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
RemainAfterExit = true;
|
|
};
|
|
script = sendEmailEvent { event = "just booted"; };
|
|
};
|
|
systemd.services."shutdown-mail-alert" = {
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [ "network-online.target" ];
|
|
wants = [ "network-online.target" ];
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
RemainAfterExit = true;
|
|
};
|
|
script = "true";
|
|
preStop = sendEmailEvent { event = "is shutting down"; };
|
|
};
|
|
systemd.services."weekly-mail-alert" = {
|
|
serviceConfig.Type = "oneshot";
|
|
script = sendEmailEvent { event = "is still alive"; };
|
|
};
|
|
systemd.timers."weekly-mail-alert" = {
|
|
wantedBy = [ "timers.target" ];
|
|
partOf = [ "weekly-mail-alert.service" ];
|
|
timerConfig.OnCalendar = "weekly";
|
|
};
|
|
}
|