Chore: move more implementation details out of service definitions
This commit is contained in:
parent
0693336769
commit
45d0e19862
|
@ -93,7 +93,11 @@ in
|
|||
gpu.amd.enable = true;
|
||||
|
||||
# Enable support for primary RAID array
|
||||
raid.storage.enable = true;
|
||||
raid.storage = {
|
||||
enable = true;
|
||||
keyFile = config.secrets.devices.storage.keyFile.path;
|
||||
mailAddr = config.secrets.users.aires.email;
|
||||
};
|
||||
|
||||
# Change how long old generations are kept for.
|
||||
retentionPeriod = "30d";
|
||||
|
|
|
@ -31,6 +31,8 @@ in
|
|||
allowRemoteGuiRpc = true;
|
||||
};
|
||||
|
||||
systemd.services.boinc.unitConfig.RequiresMountsFor = cfg.home;
|
||||
|
||||
# Allow connections via BOINC Manager
|
||||
networking.firewall.allowedTCPPorts = [ 31416 ];
|
||||
};
|
||||
|
|
|
@ -7,7 +7,21 @@ in
|
|||
options = {
|
||||
aux.system.raid = {
|
||||
enable = lib.mkEnableOption "Enables RAID support.";
|
||||
storage.enable = lib.mkEnableOption "Enables support for the storage array.";
|
||||
storage = {
|
||||
enable = lib.mkEnableOption "Enables support for the storage array.";
|
||||
mailAddr = lib.mkOption {
|
||||
default = "";
|
||||
type = lib.types.str;
|
||||
description = "Address to email in case of issues.";
|
||||
example = "admin@example.com";
|
||||
};
|
||||
keyFile = lib.mkOption {
|
||||
default = "";
|
||||
type = lib.types.path;
|
||||
description = "Path to the key file to use to auto-unlock the array.";
|
||||
example = /home/user/storage.key;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -17,12 +31,12 @@ in
|
|||
aux.system.raid.enable = true;
|
||||
boot.swraid.mdadmConf = ''
|
||||
ARRAY /dev/md/Sapana metadata=1.2 UUID=51076daf:efdb34dd:bce48342:3b549fcb
|
||||
MAILADDR ${config.secrets.users.aires.email}
|
||||
MAILADDR ${cfg.storage.mailAddr}
|
||||
'';
|
||||
|
||||
# Auto-unlock RAID array with a key file
|
||||
environment.etc."crypttab".text = ''
|
||||
storage /dev/md/Sapana ${config.secrets.devices.storage.keyFile.path} nofail,keyfile-timeout=5s
|
||||
environment.etc."crypttab".text = lib.mkIf (cfg.storage.keyFile != "") ''
|
||||
storage /dev/md/Sapana ${toString cfg.storage.keyFile} nofail,keyfile-timeout=5s
|
||||
'';
|
||||
fileSystems."/storage" = {
|
||||
device = "/dev/mapper/storage";
|
||||
|
|
Loading…
Reference in a new issue