diff --git a/nodes/home/nas.py b/nodes/home/nas.py index 02c6790..bf404e4 100644 --- a/nodes/home/nas.py +++ b/nodes/home/nas.py @@ -67,6 +67,22 @@ nodes['home.nas'] = { '/storage/nas/normen', }, }, + 'dm-crypt': { + 'encrypted-devices': { + '/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409404K': { + 'dm-name': 'sam-S5SSNJ0X409404K', + 'passphrase': bwpass.password('bw/home.nas/dmcrypt/S5SSNJ0X409404K'), + }, + '/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409845F': { + 'dm-name': 'sam-S5SSNJ0X409845F', + 'passphrase': bwpass.password('bw/home.nas/dmcrypt/S5SSNJ0X409845F'), + }, + '/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409870J': { + 'dm-name': 'sam-S5SSNJ0X409870J', + 'passphrase': bwpass.password('bw/home.nas/dmcrypt/S5SSNJ0X409870J'), + }, + }, + }, 'groups': { 'nas': {}, }, @@ -173,6 +189,11 @@ nodes['home.nas'] = { 'smartd': { 'disks': { '/dev/nvme0', + + # encrypted disks + '/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409404K', + '/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409845F', + '/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5SSNJ0X409870J', }, }, 'systemd-networkd': { @@ -245,8 +266,45 @@ nodes['home.nas'] = { 'ashift': 12, }, }, + 'encrypted': { + 'when_creating': { + 'config': [ + { + 'type': 'raidz', + 'devices': { + '/dev/mapper/sam-S5SSNJ0X409404K', + '/dev/mapper/sam-S5SSNJ0X409845F', + '/dev/mapper/sam-S5SSNJ0X409870J', + }, + }, + ], + 'ashift': 12, + }, + 'needs': { + 'action:dm-crypt_open_sam-S5SSNJ0X409404K', + 'action:dm-crypt_open_sam-S5SSNJ0X409845F', + 'action:dm-crypt_open_sam-S5SSNJ0X409870J', + }, + # see comment in bundle:backup-server + 'unless': 'zpool import encrypted', + }, }, 'datasets': { + 'encrypted': { + 'primarycache': 'metadata', + }, + 'encrypted/download': { + 'mountpoint': '/media/download', + }, + 'encrypted/nas': { + 'acltype': 'off', + 'atime': 'off', + 'compression': 'off', + 'mountpoint': '/media/nas', + }, + 'encrypted/paperless': { + 'mountpoint': '/media/paperless', + }, 'storage': { 'primarycache': 'metadata', }, @@ -268,6 +326,23 @@ nodes['home.nas'] = { }, 'snapshots': { 'retain_per_dataset': { + 'encrypted/download': { + 'hourly': 6, + 'daily': 0, + 'weekly': 0, + 'monthly': 0, + }, + 'encrypted/nas': { + # juuuuuuuust to be sure. + 'daily': 14, + 'weekly': 6, + 'monthly': 12, + }, + 'encrypted/paperless': { + 'daily': 14, + 'weekly': 6, + 'monthly': 24, + }, 'storage/download': { 'hourly': 48, 'daily': 0,