camelot: Rework ZFS, add mailer

2025-01-12 13:30:09 +01:00 · 2025-01-12 13:30:09 +01:00 · 6f40a9fbde
commit 6f40a9fbde
parent bb0c54ee26
6 changed files with 73 additions and 13 deletions
--- a/configurations/camelot/default.nix
+++ b/configurations/camelot/default.nix
@ -12,6 +12,7 @@
    ./nextcloud.nix
    ./gotosocial.nix
    ./forgejo.nix
+    ./zfs.nix
  ];

  services.nginx = {
@ -48,6 +49,7 @@
    };

    keycloakDbPassword.file = ../../secrets/keycloak-db.age;
+    zfsMail.file = ../../secrets/zfs-mail.age;
  };

  my.server.blog.enable = true;
--- a/configurations/camelot/hardware.nix
+++ b/configurations/camelot/hardware.nix
@ -1,4 +1,9 @@
-{ lib, config, ... }:
+{
+  lib,
+  config,
+  extraInfo,
+  ...
+}:
 {
  boot.initrd.availableKernelModules = [
    "xhci_pci"
@ -12,14 +17,6 @@
  boot.initrd.kernelModules = [ "dm-snapshot" ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
-  boot.supportedFilesystems = [ "zfs" ];
-  boot.zfs.forceImportRoot = false;
-  networking.hostId = "c97cef07";
-  boot.zfs.extraPools = [ "pool" ];
-  services.zfs = {
-    autoScrub.enable = true;
-    trim.enable = true;
-  };

  fileSystems = {
    "/" = {
--- a/configurations/camelot/zfs.nix
+++ b/configurations/camelot/zfs.nix
@ -0,0 +1,52 @@
+{
+  config,
+  extraInfo,
+  pkgs,
+  ...
+}:
+{
+  boot.supportedFilesystems = [ "zfs" ];
+  boot.zfs.forceImportRoot = false;
+  networking.hostId = "c97cef07";
+  boot.zfs.extraPools = [ "pool" ];
+  services.zfs = {
+    autoScrub.enable = true;
+    trim.enable = true;
+  };
+
+  programs.msmtp = {
+    enable = true;
+    setSendmail = true;
+
+    defaults = {
+      aliases = "/etc/aliases";
+      port = 465;
+      tls_trust_file = "/etc/ssl/certs/ca-certificates.crt";
+      tls = "on";
+      auth = "login";
+      tls_starttls = "off";
+    };
+
+    accounts = {
+      default = {
+        host = extraInfo.mail.zfs.smtpServer;
+        passwordeval = "cat ${config.age.secrets.zfsMail.path}";
+        user = extraInfo.mail.zfs.address;
+        from = extraInfo.mail.zfs.address;
+      };
+    };
+  };
+
+  services.zfs.zed.settings = {
+    ZED_DEBUG_LOG = "/tmp/zed.debug.log";
+    ZED_EMAIL_ADDR = [ "root" ];
+    ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp";
+    ZED_EMAIL_OPTS = extraInfo.mail.personal.address;
+
+    ZED_NOTIFY_INTERVAL_SECS = 3600;
+    ZED_NOTIFY_VERBOSE = true;
+
+    ZED_USE_ENCLOSURE_LEDS = true;
+    ZED_SCRUB_AFTER_RESILVER = true;
+  };
+}
--- a/flake.lock
+++ b/flake.lock
@ -79,11 +79,11 @@
    },
    "extra-config": {
      "locked": {
-        "lastModified": 1735909779,
-        "narHash": "sha256-Io0thwq2X2M5jiw9SQO+VAbxS+hP6OJqxgI/qi2LkrI=",
+        "lastModified": 1736683904,
+        "narHash": "sha256-HgTgHiWmGxaolrZpHE+1Z7CdOWgD0k/T31AZusxMIdw=",
        "ref": "refs/heads/main",
-        "rev": "aa3e249bbc51649702359af9ea6e8dc9f5ac4e66",
-        "revCount": 11,
+        "rev": "8a54c1cda37f0e2ad6696053e93d0c84f43d6da2",
+        "revCount": 12,
        "type": "git",
        "url": "ssh://forgejo@git.dalaran.fr/dala/nixos-config-extra.git"
      },
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -46,4 +46,8 @@ in
    fuyuki
    london
  ];
+
+  "zfs-mail.age".publicKeys = [
+    camelot
+  ];
 }
--- a/secrets/zfs-mail.age
+++ b/secrets/zfs-mail.age
@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 1urzmQ kyj7ofD6U9RnLEBttrTB/+HmuCzRVEwnQ5I0fvU8lWY
+WKy7iO7PjQurvG+VCV0bfVsNqbTAtODPuIWC0BNSu/A
+--- +7QEzVzqxGrMhUDz+joaeAyf/JweahvIqdfmuLf6zIw
+¹¢Â=x"2’À…9ñ²þQ¥‡]ý¿Ž;4Gë<18>5>2ß-ðiL4kMûIV Ë¦L