nixos/servnerr-3: new storage module, ZFS auto snapshot, add ZED config

Signed-off-by: Matt Layher <mdlayher@gmail.com>
2024-12-14 11:47:32 +00:00 · 2022-02-08 15:45:08 -05:00 · 2022-02-08 15:45:08 -05:00 · cb74c8bd41
commit cb74c8bd41
parent bdf297b75b
2 changed files with 70 additions and 28 deletions
--- a/nixos/servnerr-3/configuration.nix
+++ b/nixos/servnerr-3/configuration.nix
@ -1,7 +1,3 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
 { lib, pkgs, ... }:

 let
@ -17,6 +13,7 @@ in {
    # Service configuration.
    ./containers.nix
    ./prometheus.nix
+    ./storage.nix
  ];

  networking = {
@ -78,10 +75,6 @@ in {
  # lib/system.nix.
  environment.systemPackages = with pkgs; [ zfs ];

-  # Only allow certain unfree packages.
-  nixpkgs.config.allowUnfreePredicate = pkg:
-    builtins.elem (lib.getName pkg) [ "tarsnap" ];
-
  services = {
    apcupsd.enable = true;

@ -113,31 +106,11 @@ in {
      addr = "";
    };

-    # Export ZFS pool via NFS to trusted LAN.
-    nfs.server = {
-      enable = true;
-      exports = with vars.interfaces.lan0; ''
-        /primary 192.168.1.0/24(rw,sync,no_subtree_check,crossmnt) fd9e:1a04:f01d::/64(rw,sync,no_subtree_check,crossmnt)
-      '';
-    };
-
    # Enable the OpenSSH daemon.
    openssh = {
      enable = true;
      passwordAuthentication = false;
    };
-
-    # Enable tarsnap backups.
-    tarsnap = {
-      enable = true;
-
-      archives.archive = {
-        directories = [ "/primary/archive" ];
-        verbose = true;
-      };
-    };
-
-    zfs.autoScrub.enable = true;
  };

  virtualisation.libvirtd.enable = true;
--- a/nixos/servnerr-3/storage.nix
+++ b/nixos/servnerr-3/storage.nix
@ -0,0 +1,69 @@
+{ lib, pkgs, ... }:
+
+let
+  secrets = import ./lib/secrets.nix;
+
+in {
+  # Only allow certain unfree packages.
+  nixpkgs.config.allowUnfreePredicate = pkg:
+    builtins.elem (lib.getName pkg) [ "tarsnap" ];
+
+  services = {
+    # Enable tarsnap backups.
+    tarsnap = {
+      enable = true;
+
+      archives.archive = {
+        directories = [ "/primary/archive" ];
+        verbose = true;
+      };
+    };
+
+    # ZFS configuration.
+    #
+    # TODO(mdlayher): sharenfs integration?
+    zfs = {
+      # Scrub all pools regularly.
+      autoScrub.enable = true;
+
+      # Roll up snapshots for long periods of time, we have storage to burn.
+      autoSnapshot = {
+        enable = true;
+
+        # No 15 minute or hourly snapshots, things don't change that often.
+        frequent = 0;
+        hourly = 0;
+
+        # Every day for 2 weeks.
+        daily = 14;
+        # Every week for 2 months.
+        weekly = 8;
+        # Every month for 2 years.
+        monthly = 24;
+      };
+
+      # ZED configuration.
+      zed = {
+        enableMail = false;
+        settings = with secrets.zfs; {
+          # Send event notifications via Pushbullet.
+          ZED_PUSHBULLET_ACCESS_TOKEN = pushbullet.access_token;
+
+          # Send event notifications via Pushover.
+          #
+          # TODO(mdlayher): it seems NixOS 21.11 ZFS does not support pushover
+          # yet; we'll use pushbullet for now and reevaluate later.
+          # ZED_PUSHOVER_TOKEN = pushover.token;
+          # ZED_PUSHOVER_USER = pushover.user_key;
+
+          # Verify integrity via scrub after resilver.
+          ZED_SCRUB_AFTER_RESILVER = true;
+
+          # More verbose reporting.
+          ZED_NOTIFY_VERBOSE = true;
+          ZED_DEBUG_LOG = "/var/log/zed.log";
+        };
+      };
+    };
+  };
+}