From e906b9c5dd07db663fc62f1a97da47380e645c3d Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Tue, 19 Mar 2024 14:46:44 +0100 Subject: [PATCH] sgx: add raid disks Signed-off-by: Harald Hoyer --- systems/x86_64-linux/sgx/default.nix | 2 + .../sgx/hardware-configuration.nix | 61 +++++++++++++++++-- 2 files changed, 59 insertions(+), 4 deletions(-) diff --git a/systems/x86_64-linux/sgx/default.nix b/systems/x86_64-linux/sgx/default.nix index 5eeeb5a..957e52c 100644 --- a/systems/x86_64-linux/sgx/default.nix +++ b/systems/x86_64-linux/sgx/default.nix @@ -5,6 +5,7 @@ with lib.plusultra; imports = [ ./hardware-configuration.nix ]; sops.secrets.pccs.sopsFile = ../../../.secrets/sgx/pccs.yaml; + sops.secrets.backup-pw.sopsFile = ../../../.secrets/sgx/backup-s3.yaml; plusultra = { base.enable = true; @@ -34,6 +35,7 @@ with lib.plusultra; networking.wireless.enable = false; # Enables wireless support via wpa_supplicant. # services.aesmd.enable = true; + services.pcscd.enable = true; powerManagement.cpuFreqGovernor = "ondemand"; diff --git a/systems/x86_64-linux/sgx/hardware-configuration.nix b/systems/x86_64-linux/sgx/hardware-configuration.nix index c776203..8e01add 100644 --- a/systems/x86_64-linux/sgx/hardware-configuration.nix +++ b/systems/x86_64-linux/sgx/hardware-configuration.nix @@ -18,22 +18,75 @@ services.btrfs.autoScrub.enable = true; - fileSystems."/" = - { + fileSystems = { + "/" = { device = "/dev/disk/by-uuid/7aa17b01-785e-41c6-9723-79195af906c6"; fsType = "btrfs"; options = [ "subvol=@" ]; }; - fileSystems."/boot" = - { + "/boot" = { device = "/dev/disk/by-uuid/C902-1AF5"; fsType = "vfat"; }; + "/mnt/raid" = { + fsType = "btrfs"; + device = "/dev/disk/by-uuid/11727be7-bf9b-4888-8b02-d7eb1f898712"; + options = [ "defaults" "compress=zstd" "subvol=root" "autodefrag" "noatime" "nofail" "x-systemd.device-timeout=60" ]; + }; + + "/mnt/backup" = { + fsType = "btrfs"; + device = "/dev/disk/by-uuid/c29e7eac-26ba-41b1-ac3e-11123476b7c5"; + options = [ "defaults" "compress=zstd" "subvol=root" "autodefrag" "noatime" "nofail" "x-systemd.device-timeout=60" ]; + }; + }; + + swapDevices = [{ device = "/dev/disk/by-uuid/72d061d7-ab18-47b9-beb1-1c465dda1be9"; }]; + environment.etc."crypttab".text = '' + a16 /dev/disk/by-uuid/6f1c1b24-3c94-44be-8d1b-70db562079c1 /dev/disk/by-id/usb-Ut165_USB2FlashStorage_08050508d213e6-0:0-part1 luks,keyfile-size=256 + b16 /dev/disk/by-uuid/9540de6d-c907-43e4-b740-2d75dbf37135 /dev/disk/by-id/usb-Ut165_USB2FlashStorage_08050508d213e6-0:0-part1 luks,keyfile-size=256 + a4 /dev/disk/by-uuid/72924bd6-3d58-4437-aafd-ae6d2b995fbf /dev/disk/by-id/usb-Ut165_USB2FlashStorage_08050508d213e6-0:0-part1 luks,keyfile-size=256 + b4 /dev/disk/by-uuid/459c8d9a-6e92-4dec-a998-701ab9e76a2e /dev/disk/by-id/usb-Ut165_USB2FlashStorage_08050508d213e6-0:0-part1 luks,keyfile-size=256 + c4 /dev/disk/by-uuid/5c61cbf0-dbca-48e0-948e-71bea3806a6c /dev/disk/by-id/usb-Ut165_USB2FlashStorage_08050508d213e6-0:0-part1 luks,keyfile-size=256 + ''; + + systemd.services.hd-idle = { + description = "Set to idle"; + wantedBy = [ "multi-user.target" ]; + after = [ + "dev-sdb.device" + "dev-sdc.device" + "dev-sdd.device" + "dev-sde.device" + "dev-sdf.device" + ]; + bindsTo = [ + "dev-sdb.device" + "dev-sdc.device" + "dev-sdd.device" + "dev-sde.device" + "dev-sdf.device" + ]; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.hdparm}/sbin/hdparm -S 60 /dev/sdb /dev/sdc /dev/sdd /dev/sde /dev/sdf"; + }; + }; + + powerManagement.powerUpCommands = '' + ${pkgs.hdparm}/sbin/hdparm -S 60 /dev/sdb + ${pkgs.hdparm}/sbin/hdparm -S 60 /dev/sdc + ${pkgs.hdparm}/sbin/hdparm -S 60 /dev/sdd + ${pkgs.hdparm}/sbin/hdparm -S 60 /dev/sde + ${pkgs.hdparm}/sbin/hdparm -S 60 /dev/sdf + ''; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction