infrastructure/hosts/phoenix.lewd.wtf/services/zfs.nix

99 lines
2.9 KiB
Nix

{ config, pkgs, ... }:
let
sendEmailEvent = { event }: ''
printf "Subject: phoenix ${event} ''$(${pkgs.coreutils}/bin/date --iso-8601=seconds)\n\nzpool status:\n\n''$(${pkgs.zfs}/bin/zpool status)" | ${pkgs.msmtp}/bin/msmtp -a default ciapa@lewd.wtf || true
'';
in
{
# ZFS remote unlocking
boot.initrd.systemd.enable = true;
# TODO: Install ZFS tools
# TODO: Override built-in zfs unlock service
boot.initrd.availableKernelModules = [ "igb" ];
boot.kernelParams = [
"ip=192.168.0.42::192.168.0.1:255.255.252.0:phoenix-initrd:eno2:off:192.168.0.1"
];
boot.initrd.systemd.services.zfsunlock = {
description = "Unlock ZFS pools";
wantedBy = [
"initrd.target"
];
before = [
"zfs-import-zroot.service"
];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
cat <<EOF > /root/.profile
if pgrep -x "zfs" > /dev/null
then
zfs load-key zroot
zpool import -f zbigdata
zfs load-key zbigdata
zpool import -f zvault
zfs load-key zvault
killall zfs
else
echo "zfs not running -- maybe the pool is taking some time to load for some unforseen reason."
fi
EOF
'';
};
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
port = 2222;
hostKeys = [
/boot-1/initrd-ssh-key
/boot-2/initrd-ssh-key
];
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
};
};
# ZFS options from https://nixos.wiki/wiki/NixOS_on_ZFS
networking.hostId = "42069420";
boot.supportedFilesystems = [ "zfs" ];
# ZFS notifications
services.zfs.zed.enableMail = true;
services.zfs.zed.settings = {
ZED_EMAIL_ADDR = [ "ciapa@lewd.wtf" ];
ZED_EMAIL_OPTS = "-a 'FROM:phoenix@lewd.wtf' -s '@SUBJECT@' @ADDRESS@";
ZED_NOTIFY_VERBOSE = true;
};
# Timed status mails (Boot, Shutdown, Weekly)
systemd.services."boot-mail-alert" = {
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = sendEmailEvent { event = "just booted"; };
};
systemd.services."shutdown-mail-alert" = {
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = "true";
preStop = sendEmailEvent { event = "is shutting down"; };
};
systemd.services."weekly-mail-alert" = {
serviceConfig.Type = "oneshot";
script = sendEmailEvent { event = "is still alive"; };
};
systemd.timers."weekly-mail-alert" = {
wantedBy = [ "timers.target" ];
partOf = [ "weekly-mail-alert.service" ];
timerConfig.OnCalendar = "weekly";
};
}