jan-leila/nix-config
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added email config to disko zfs config

Browse source
This commit is contained in:
Leyla Becker 2025-02-23 13:56:22 -06:00
parent af568c7b70
commit 0a00be9651
4 changed files with 76 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -57,7 +57,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home
- figure out steam vr things? - figure out steam vr things?
- Open GL? - Open GL?
- rotate sops encryption keys periodically (and somehow sync between devices?) - rotate sops encryption keys periodically (and somehow sync between devices?)
- zfs email after scrubbing - zfs email after scrubbing # TODO: test this
- wake on LAN for updates - wake on LAN for updates
- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix
- Immich - Immich

11
configurations/nixos/defiant/configuration.nix
View file

@ -9,6 +9,9 @@
"wireguard-keys/tailscale-authkey/defiant" = { "wireguard-keys/tailscale-authkey/defiant" = {
sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; sopsFile = "${inputs.secrets}/wireguard-keys.yaml";
}; };
"services/zfs_smtp_token" = {
sopsFile = "${inputs.secrets}/defiant-services.yaml";
};
}; };
host = { host = {
@ -23,6 +26,14 @@
storage = { storage = {
enable = true; enable = true;
encryption = true; encryption = true;
notifications = {
enable = true;
host = "smtp.protonmail.ch";
port = 587;
to = "leyla@jan-leila.com";
user = "leyla@jan-leila.com";
tokenFile = config.sops.secrets."services/zfs_smtp_token".path;
};
pool = { pool = {
drives = [ drives = [
"ata-ST18000NE000-3G6101_ZVTCXVEB" "ata-ST18000NE000-3G6101_ZVTCXVEB"

8
flake.lock generated
View file

@ -234,11 +234,11 @@
"secrets": { "secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1740328351, "lastModified": 1740340309,
"narHash": "sha256-oX+XYRclxVYgLy5NX9UR7XKixaH5jJQuQhR7Of/ZtTk=", "narHash": "sha256-NoCpH7t1hTPi6+j7tB/IBirae4Bk6iZXpTiUmFzdKAY=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "52bb4eadd620757e6a943d335e31458ffa2ada2b", "rev": "0237156ee8bc0157e8c3a701fcf7e2dd27d76fc6",
"revCount": 11, "revCount": 12,
"type": "git", "type": "git",
"url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git"
}, },

60
modules/nixos-modules/disko.nix
View file

@ -1,5 +1,6 @@
{ {
lib, lib,
pkgs,
config, config,
inputs, inputs,
... ...
@ -23,6 +24,26 @@ in {
options.host.storage = { options.host.storage = {
enable = lib.mkEnableOption "are we going create zfs disks with disko on this device"; enable = lib.mkEnableOption "are we going create zfs disks with disko on this device";
encryption = lib.mkEnableOption "is the vdev going to be encrypted"; encryption = lib.mkEnableOption "is the vdev going to be encrypted";
notifications = {
enable = lib.mkEnableOption "are notifications enabled";
host = lib.mkOption {
type = lib.types.str;
description = "what is the host that we are going to send the email to";
};
port = lib.mkOption {
type = lib.types.port;
description = "what port is the host using to receive mail on";
};
to = lib.mkOption {
type = lib.types.str;
description = "what account is the email going to be sent to";
};
user = lib.mkOption {
type = lib.types.str;
description = "what user is the email going to be set from";
};
tokenFile = lib.mkOption {}; # TODO: make this a secrets file
};
pool = { pool = {
vdevs = lib.mkOption { vdevs = lib.mkOption {
type = lib.types.listOf (lib.types.listOf lib.types.str); type = lib.types.listOf (lib.types.listOf lib.types.str);
@ -50,9 +71,48 @@ in {
}; };
config = lib.mkIf config.host.storage.enable { config = lib.mkIf config.host.storage.enable {
programs.msmtp = lib.mkIf config.host.storage.notifications.enable {
enable = true;
setSendmail = true;
defaults = {
aliases = "/etc/aliases";
port = config.host.storage.notifications.port;
tls_trust_file = "/etc/ssl/certs/ca-certificates.crt";
tls = "on";
auth = "login";
tls_starttls = "off";
};
accounts = {
zfs_notifications = {
host = config.host.storage.notifications.host;
passwordeval = "cat ${config.host.storage.notifications.tokenFile}";
user = config.host.storage.notifications.user;
from = config.host.storage.notifications.user;
};
};
};
services.zfs = { services.zfs = {
autoScrub.enable = true; autoScrub.enable = true;
autoSnapshot.enable = true; autoSnapshot.enable = true;
zed = lib.mkIf config.host.storage.notifications.enable {
# this option is broken we are just going to disable it
enableMail = false;
settings = {
ZED_DEBUG_LOG = "/tmp/zed.debug.log";
ZED_EMAIL_ADDR = [config.host.storage.notifications.to];
ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp";
ZED_EMAIL_OPTS = "@ADDRESS@";
ZED_NOTIFY_INTERVAL_SECS = 3600;
ZED_NOTIFY_VERBOSE = true;
ZED_USE_ENCLOSURE_LEDS = true;
ZED_SCRUB_AFTER_RESILVER = true;
};
};
}; };
disko.devices = { disko.devices = {