From 02e25f89fffc13153ef99dfe0e60df34edea4102 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sun, 25 Feb 2024 14:47:55 +0100 Subject: [PATCH] home.nas: prepare for new NAS disks --- nodes/home/nas.py | 98 +++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 82 insertions(+), 16 deletions(-) diff --git a/nodes/home/nas.py b/nodes/home/nas.py index c065912..8832b6e 100644 --- a/nodes/home/nas.py +++ b/nodes/home/nas.py @@ -4,6 +4,7 @@ nodes['home.nas'] = { 'hostname': '172.19.138.20', 'bundles': { 'backup-client', + 'dm-crypt', 'jellyfin', 'lm-sensors', 'mixcloud-downloader', @@ -66,6 +67,26 @@ nodes['home.nas'] = { '/storage/nas/normen', }, }, + 'dm-crypt': { + 'encrypted-devices': { + '/dev/disk/by-id/ata-ST18000NM0092-3CX103_ZVV06JV7-part1': { + 'dm-name': 'sg-ZVV06JV7-1', + 'passphrase': bwpass.password('bw/home.nas/dmcrypt/sg-ZVV06JV7-1'), + }, + '/dev/disk/by-id/ata-ST18000NM0092-3CX103_ZVV06JV7-part2': { + 'dm-name': 'sg-ZVV06JV7-2', + 'passphrase': bwpass.password('bw/home.nas/dmcrypt/sg-ZVV06JV7-2'), + }, + '/dev/disk/by-id/ata-ST18000NM0092-3CX103_ZVV06SLR-part1': { + 'dm-name': 'sg-ZVV06SLR-1', + 'passphrase': bwpass.password('bw/home.nas/dmcrypt/sg-ZVV06SLR-1'), + }, + '/dev/disk/by-id/ata-ST18000NM0092-3CX103_ZVV06SLR-part2': { + 'dm-name': 'sg-ZVV06SLR-2', + 'passphrase': bwpass.password('bw/home.nas/dmcrypt/sg-ZVV06SLR-2'), + }, + }, + }, 'groups': { 'nas': {}, }, @@ -162,9 +183,13 @@ nodes['home.nas'] = { 'disks': { '/dev/nvme0', + # encrypted disks + '/dev/disk/by-id/ata-ST18000NM0092-3CX103_ZVV06JV7', + '/dev/disk/by-id/ata-ST18000NM0092-3CX103_ZVV06SLR', + # ZFS cache disks - '/dev/disk/by-id/ata-TS64GSSD370_B807810503', - '/dev/disk/by-id/ata-TS64GSSD370_B807810527', + #'/dev/disk/by-id/ata-TS64GSSD370_B807810503', + #'/dev/disk/by-id/ata-TS64GSSD370_B807810527', }, }, 'sysctl': { @@ -245,26 +270,67 @@ nodes['home.nas'] = { '/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8J8ZKRR', }, }, - { - 'type': 'log', - 'devices': { - '/dev/disk/by-id/ata-TS64GSSD370_B807810503-part1', - '/dev/disk/by-id/ata-TS64GSSD370_B807810527-part1', - }, - }, - { - 'type': 'cache', - 'devices': { - '/dev/disk/by-id/ata-TS64GSSD370_B807810503-part2', - '/dev/disk/by-id/ata-TS64GSSD370_B807810527-part2', - }, - }, +# { +# 'type': 'log', +# 'devices': { +# '/dev/disk/by-id/ata-TS64GSSD370_B807810503-part1', +# '/dev/disk/by-id/ata-TS64GSSD370_B807810527-part1', +# }, +# }, +# { +# 'type': 'cache', +# 'devices': { +# '/dev/disk/by-id/ata-TS64GSSD370_B807810503-part2', +# '/dev/disk/by-id/ata-TS64GSSD370_B807810527-part2', +# }, +# }, ], 'ashift': 12, }, }, + 'encrypted': { + 'when_creating': { + 'config': [ + # These are new and fancy "dual actuator" + # drives, partitioned into two partitions + # taking 50% of the disk each. + { + 'type': 'mirror', + 'devices': { + '/dev/mapper/sg-ZVV06JV7-1', + '/dev/mapper/sg-ZVV06SLR-1', + }, + }, + { + 'type': 'mirror', + 'devices': { + '/dev/mapper/sg-ZVV06JV7-2', + '/dev/mapper/sg-ZVV06SLR-2', + }, + }, + ], + 'ashift': 12 + }, + 'needs': { + 'action:dm-crypt_open_sg-ZVV06JV7-1', + 'action:dm-crypt_open_sg-ZVV06JV7-2', + 'action:dm-crypt_open_sg-ZVV06SLR-1', + 'action:dm-crypt_open_sg-ZVV06SLR-2', + }, + # see comment in bundle:backup-server + 'unless': 'zpool import encrypted', + }, }, 'datasets': { + 'encrypted': { + 'primarycache': 'metadata', + }, + 'encrypted/nas': { + 'acltype': 'off', + 'atime': 'off', + 'compression': 'off', + 'mountpoint': '/media/nas', + }, 'storage': { 'primarycache': 'metadata', },