diff --git a/configurations/camelot/default.nix b/configurations/camelot/default.nix index 973c3cf..cb57649 100644 --- a/configurations/camelot/default.nix +++ b/configurations/camelot/default.nix @@ -12,6 +12,7 @@ ./nextcloud.nix ./gotosocial.nix ./forgejo.nix + ./zfs.nix ]; services.nginx = { @@ -48,6 +49,7 @@ }; keycloakDbPassword.file = ../../secrets/keycloak-db.age; + zfsMail.file = ../../secrets/zfs-mail.age; }; my.server.blog.enable = true; diff --git a/configurations/camelot/hardware.nix b/configurations/camelot/hardware.nix index b691b66..0811aba 100644 --- a/configurations/camelot/hardware.nix +++ b/configurations/camelot/hardware.nix @@ -1,4 +1,9 @@ -{ lib, config, ... }: +{ + lib, + config, + extraInfo, + ... +}: { boot.initrd.availableKernelModules = [ "xhci_pci" @@ -12,14 +17,6 @@ boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - boot.supportedFilesystems = [ "zfs" ]; - boot.zfs.forceImportRoot = false; - networking.hostId = "c97cef07"; - boot.zfs.extraPools = [ "pool" ]; - services.zfs = { - autoScrub.enable = true; - trim.enable = true; - }; fileSystems = { "/" = { diff --git a/configurations/camelot/zfs.nix b/configurations/camelot/zfs.nix new file mode 100644 index 0000000..708bc6a --- /dev/null +++ b/configurations/camelot/zfs.nix @@ -0,0 +1,52 @@ +{ + config, + extraInfo, + pkgs, + ... +}: +{ + boot.supportedFilesystems = [ "zfs" ]; + boot.zfs.forceImportRoot = false; + networking.hostId = "c97cef07"; + boot.zfs.extraPools = [ "pool" ]; + services.zfs = { + autoScrub.enable = true; + trim.enable = true; + }; + + programs.msmtp = { + enable = true; + setSendmail = true; + + defaults = { + aliases = "/etc/aliases"; + port = 465; + tls_trust_file = "/etc/ssl/certs/ca-certificates.crt"; + tls = "on"; + auth = "login"; + tls_starttls = "off"; + }; + + accounts = { + default = { + host = extraInfo.mail.zfs.smtpServer; + passwordeval = "cat ${config.age.secrets.zfsMail.path}"; + user = extraInfo.mail.zfs.address; + from = extraInfo.mail.zfs.address; + }; + }; + }; + + services.zfs.zed.settings = { + ZED_DEBUG_LOG = "/tmp/zed.debug.log"; + ZED_EMAIL_ADDR = [ "root" ]; + ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp"; + ZED_EMAIL_OPTS = extraInfo.mail.personal.address; + + ZED_NOTIFY_INTERVAL_SECS = 3600; + ZED_NOTIFY_VERBOSE = true; + + ZED_USE_ENCLOSURE_LEDS = true; + ZED_SCRUB_AFTER_RESILVER = true; + }; +} diff --git a/flake.lock b/flake.lock index c8ee6ca..f93172d 100644 --- a/flake.lock +++ b/flake.lock @@ -79,11 +79,11 @@ }, "extra-config": { "locked": { - "lastModified": 1735909779, - "narHash": "sha256-Io0thwq2X2M5jiw9SQO+VAbxS+hP6OJqxgI/qi2LkrI=", + "lastModified": 1736683904, + "narHash": "sha256-HgTgHiWmGxaolrZpHE+1Z7CdOWgD0k/T31AZusxMIdw=", "ref": "refs/heads/main", - "rev": "aa3e249bbc51649702359af9ea6e8dc9f5ac4e66", - "revCount": 11, + "rev": "8a54c1cda37f0e2ad6696053e93d0c84f43d6da2", + "revCount": 12, "type": "git", "url": "ssh://forgejo@git.dalaran.fr/dala/nixos-config-extra.git" }, diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 9304219..c5df9a4 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -46,4 +46,8 @@ in fuyuki london ]; + + "zfs-mail.age".publicKeys = [ + camelot + ]; } diff --git a/secrets/zfs-mail.age b/secrets/zfs-mail.age new file mode 100644 index 0000000..1fa7777 --- /dev/null +++ b/secrets/zfs-mail.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 1urzmQ kyj7ofD6U9RnLEBttrTB/+HmuCzRVEwnQ5I0fvU8lWY +WKy7iO7PjQurvG+VCV0bfVsNqbTAtODPuIWC0BNSu/A +--- +7QEzVzqxGrMhUDz+joaeAyf/JweahvIqdfmuLf6zIw +=x"29Q];4G5>2-iL4kMIV ˦L \ No newline at end of file