sgx: add raid disks

Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
2024-03-19 14:46:44 +01:00 · 2024-03-19 14:46:44 +01:00 · e906b9c5dd
parent 0e548b42c0
commit e906b9c5dd
2 changed files with 59 additions and 4 deletions
--- a/systems/x86_64-linux/sgx/default.nix
+++ b/systems/x86_64-linux/sgx/default.nix
@ -5,6 +5,7 @@ with lib.plusultra;
  imports = [ ./hardware-configuration.nix ];

  sops.secrets.pccs.sopsFile = ../../../.secrets/sgx/pccs.yaml;
+  sops.secrets.backup-pw.sopsFile = ../../../.secrets/sgx/backup-s3.yaml;

  plusultra = {
    base.enable = true;
@ -34,6 +35,7 @@ with lib.plusultra;
  networking.wireless.enable = false; # Enables wireless support via wpa_supplicant.

  # services.aesmd.enable = true;
+  services.pcscd.enable = true;

  powerManagement.cpuFreqGovernor = "ondemand";

--- a/systems/x86_64-linux/sgx/hardware-configuration.nix
+++ b/systems/x86_64-linux/sgx/hardware-configuration.nix
@ -18,22 +18,75 @@

  services.btrfs.autoScrub.enable = true;

-  fileSystems."/" =
-    {
+  fileSystems = {
+    "/" = {
      device = "/dev/disk/by-uuid/7aa17b01-785e-41c6-9723-79195af906c6";
      fsType = "btrfs";
      options = [ "subvol=@" ];
    };

-  fileSystems."/boot" =
-    {
+    "/boot" = {
      device = "/dev/disk/by-uuid/C902-1AF5";
      fsType = "vfat";
    };

+    "/mnt/raid" = {
+      fsType = "btrfs";
+      device = "/dev/disk/by-uuid/11727be7-bf9b-4888-8b02-d7eb1f898712";
+      options = [ "defaults" "compress=zstd" "subvol=root" "autodefrag" "noatime" "nofail" "x-systemd.device-timeout=60" ];
+    };
+
+    "/mnt/backup" = {
+      fsType = "btrfs";
+      device = "/dev/disk/by-uuid/c29e7eac-26ba-41b1-ac3e-11123476b7c5";
+      options = [ "defaults" "compress=zstd" "subvol=root" "autodefrag" "noatime" "nofail" "x-systemd.device-timeout=60" ];
+    };
+  };
+
+
  swapDevices =
    [{ device = "/dev/disk/by-uuid/72d061d7-ab18-47b9-beb1-1c465dda1be9"; }];

+  environment.etc."crypttab".text = ''
+    a16 /dev/disk/by-uuid/6f1c1b24-3c94-44be-8d1b-70db562079c1 /dev/disk/by-id/usb-Ut165_USB2FlashStorage_08050508d213e6-0:0-part1 luks,keyfile-size=256
+    b16 /dev/disk/by-uuid/9540de6d-c907-43e4-b740-2d75dbf37135 /dev/disk/by-id/usb-Ut165_USB2FlashStorage_08050508d213e6-0:0-part1 luks,keyfile-size=256
+    a4  /dev/disk/by-uuid/72924bd6-3d58-4437-aafd-ae6d2b995fbf /dev/disk/by-id/usb-Ut165_USB2FlashStorage_08050508d213e6-0:0-part1 luks,keyfile-size=256
+    b4  /dev/disk/by-uuid/459c8d9a-6e92-4dec-a998-701ab9e76a2e /dev/disk/by-id/usb-Ut165_USB2FlashStorage_08050508d213e6-0:0-part1 luks,keyfile-size=256
+    c4  /dev/disk/by-uuid/5c61cbf0-dbca-48e0-948e-71bea3806a6c /dev/disk/by-id/usb-Ut165_USB2FlashStorage_08050508d213e6-0:0-part1 luks,keyfile-size=256
+  '';
+
+  systemd.services.hd-idle = {
+    description = "Set to idle";
+    wantedBy = [ "multi-user.target" ];
+    after = [
+      "dev-sdb.device"
+      "dev-sdc.device"
+      "dev-sdd.device"
+      "dev-sde.device"
+      "dev-sdf.device"
+    ];
+    bindsTo = [
+      "dev-sdb.device"
+      "dev-sdc.device"
+      "dev-sdd.device"
+      "dev-sde.device"
+      "dev-sdf.device"
+    ];
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = "${pkgs.hdparm}/sbin/hdparm -S 60 /dev/sdb /dev/sdc /dev/sdd /dev/sde /dev/sdf";
+    };
+  };
+
+  powerManagement.powerUpCommands = ''
+    ${pkgs.hdparm}/sbin/hdparm -S 60 /dev/sdb
+    ${pkgs.hdparm}/sbin/hdparm -S 60 /dev/sdc
+    ${pkgs.hdparm}/sbin/hdparm -S 60 /dev/sdd
+    ${pkgs.hdparm}/sbin/hdparm -S 60 /dev/sde
+    ${pkgs.hdparm}/sbin/hdparm -S 60 /dev/sdf
+  '';
+
+
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction