From ee72ea2cee5306adb40d02ebda9f659210bbb9e7 Mon Sep 17 00:00:00 2001 From: Richie Cahill Date: Tue, 8 Oct 2024 20:48:23 -0400 Subject: [PATCH] created storage/secrets --- systems/jeeves/docker/internal.nix | 2 +- systems/jeeves/docker/photoprism.nix | 4 ++-- systems/jeeves/docker/web.nix | 4 ++-- systems/jeeves/scripts/datasets.sh | 15 +++++++++++---- systems/jeeves/services.nix | 5 ++++- systems/jeeves/vars.nix | 5 +++-- 6 files changed, 23 insertions(+), 12 deletions(-) diff --git a/systems/jeeves/docker/internal.nix b/systems/jeeves/docker/internal.nix index a2dd3b6..2eb2ff0 100644 --- a/systems/jeeves/docker/internal.nix +++ b/systems/jeeves/docker/internal.nix @@ -52,7 +52,7 @@ in DELUGE_DAEMON_LOG_LEVEL = "debug"; DELUGE_WEB_LOG_LEVEL = "debug"; }; - environmentFiles = [/root/secrets/docker/qbitvpn]; + environmentFiles = ["${vars.storage_secrets}/docker/qbitvpn"]; autoStart = true; }; bazarr = { diff --git a/systems/jeeves/docker/photoprism.nix b/systems/jeeves/docker/photoprism.nix index 4728c88..085b307 100644 --- a/systems/jeeves/docker/photoprism.nix +++ b/systems/jeeves/docker/photoprism.nix @@ -52,7 +52,7 @@ in PHOTOPRISM_GID="600"; # PHOTOPRISM_UMASK: 0000 }; - environmentFiles = [/root/secrets/docker/photoprism]; + environmentFiles = ["${vars.storage_secrets}/docker/photoprism"]; autoStart = true; dependsOn = [ "photoprism_mariadb" ]; extraOptions = [ "--network=web" ]; @@ -66,7 +66,7 @@ in MARIADB_DATABASE = "photoprism"; MARIADB_USER = "photoprism"; }; - environmentFiles = [/root/secrets/docker/photoprism]; + environmentFiles = ["${vars.storage_secrets}/docker/photoprism"]; cmd = [ "--innodb-buffer-pool-size=512M" "--transaction-isolation=READ-COMMITTED" "--character-set-server=utf8mb4" "--collation-server=utf8mb4_unicode_ci" "--max-connections=512" "--innodb-rollback-on-timeout=OFF" "--innodb-lock-wait-timeout=120" ]; autoStart = true; extraOptions = [ "--network=web" ]; diff --git a/systems/jeeves/docker/web.nix b/systems/jeeves/docker/web.nix index c4f0e83..1f02ddb 100644 --- a/systems/jeeves/docker/web.nix +++ b/systems/jeeves/docker/web.nix @@ -26,7 +26,7 @@ in TZ = "Etc/EST"; }; volumes = [ - "/root/secrets/docker/cloudflare.pem:/etc/ssl/certs/cloudflare.pem" + "${vars.storage_secrets}/docker/cloudflare.pem:/etc/ssl/certs/cloudflare.pem" "${./haproxy.cfg}:/usr/local/etc/haproxy/haproxy.cfg" ]; dependsOn = [ @@ -47,7 +47,7 @@ in "tunnel" "run" ]; - environmentFiles = [/root/secrets/docker/cloud_flare_tunnel]; + environmentFiles = ["${vars.storage_secrets}/docker/cloud_flare_tunnel"]; dependsOn = [ "haproxy" ]; extraOptions = [ "--network=web" ]; autoStart = true; diff --git a/systems/jeeves/scripts/datasets.sh b/systems/jeeves/scripts/datasets.sh index e81cf6a..8307df0 100644 --- a/systems/jeeves/scripts/datasets.sh +++ b/systems/jeeves/scripts/datasets.sh @@ -2,27 +2,34 @@ # zpools +# media sudo zpool create -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=auto -O xattr=sa -O zstd -m /zfs/media media mirror sudo zpool add media -o ashift=12 special mirror +# storage sudo zpool create -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=auto -O xattr=sa -O zstd -m /zfs/storage storage sudo zpool add storage -o ashift=12 special mirror sudo zpool add storage -o ashift=12 logs mirror +# torrenting sudo zpool create -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=auto -O xattr=sa -O zstd -m /zfs/torrenting torrenting # media datasets -sudo zfs create -o compression=zstd-9 media/plex sudo zfs create -o compression=zstd-9 media/docker -sudo zfs create -o exec=off media/mirror sudo zfs create -o exec=off media/minio +sudo zfs create -o exec=off media/mirror sudo zfs create -o copies=3 media/notes -sudo zfs create -o recordsize=16k -o primarycache=metadata -o mountpoint=/zfs/media/database/postgres media/postgres sudo zfs create -o recordsize=16k -o primarycache=metadata -o mountpoint=/zfs/media/database/photoprism_mariadb media/photoprism_mariadb +sudo zfs create -o compression=zstd-9 media/plex +sudo zfs create -o recordsize=16k -o primarycache=metadata -o mountpoint=/zfs/media/database/postgres media/postgres # storage datasets -sudo zfs create -o recordsize=16K -o compression=zstd-19 -o copies=2 storage/photos sudo zfs create -o recordsize=1M -o compression=zstd-19 storage/archive +sudo zfs create -o compression=zstd-19 storage/main +sudo zfs create -o recordsize=16K -o compression=zstd-19 -o copies=2 storage/photos +sudo zfs create -o recordsize=1M -o compression=zstd-19 storage/plex +sudo zfs create -o compression=zstd-19 -o copies=3 storage/secrets +sudo zfs create -o compression=zstd-19 storage/syncthing # torrenting datasets sudo zfs create -o recordsize=16K -o exec=off -o sync=disabled torrenting/qbit diff --git a/systems/jeeves/services.nix b/systems/jeeves/services.nix index 021e598..d395677 100644 --- a/systems/jeeves/services.nix +++ b/systems/jeeves/services.nix @@ -3,6 +3,9 @@ pkgs, ... }: +let + vars = import ../vars.nix; +in { systemd = { services = { @@ -20,7 +23,7 @@ description = "validates startup"; path = [ pkgs.zfs ]; serviceConfig = { - EnvironmentFile = "/root/secrets/services/server-validation"; + EnvironmentFile = "${vars.storage_secrets}/services/server-validation"; Type = "oneshot"; ExecStart = "${inputs.system_tools.packages.x86_64-linux.default}/bin/validate_jeeves"; }; diff --git a/systems/jeeves/vars.nix b/systems/jeeves/vars.nix index c7cb2cd..a9fe2c5 100644 --- a/systems/jeeves/vars.nix +++ b/systems/jeeves/vars.nix @@ -14,9 +14,10 @@ in media_plex = "${zfs_media}/plex"; # storage storage_main = "${zfs_storage}/main"; - storage_plex = "${zfs_storage}/plex"; - storage_syncthing = "${zfs_storage}/syncthing"; storage_photos = "${zfs_storage}/photos"; + storage_plex = "${zfs_storage}/plex"; + storage_secrets = "${zfs_storage}/secrets"; + storage_syncthing = "${zfs_storage}/syncthing"; # torrenting torrenting_qbit = "${zfs_torrenting}/qbit"; torrenting_qbitvpn = "${zfs_torrenting}/qbitvpn";