remove raspberry ext drive

2024-07-21 20:43:32 +01:00 · 2024-07-21 20:43:32 +01:00 · cadd395aaf
parent 4794ef08b8
commit cadd395aaf
11 changed files with 2 additions and 194 deletions
--- a/data/drives/raspberryExternalDrive.nix
+++ b/data/drives/raspberryExternalDrive.nix
@ -1,16 +0,0 @@
-rec {
-  encryptedLabel = "raspberry_encrypted";
-  unencryptedLabel = "raspberry_drive";
-
-  mapperName = "raspberry_external_drive";
-
-  mountpoint = "/external_drive";
-
-  encryptedPath = "/dev/disk/by-label/${encryptedLabel}";
-  unencryptedPath = "/dev/disk/by-label/${unencryptedLabel}";
-  mapperPath = "/dev/mapper/${mapperName}";
-
-  backupsPath = "${mountpoint}/backups";
-  storagePath = "${mountpoint}/storage";
-  extrasPath = "${mountpoint}/extras";
-}
--- a/extras/mk-raspberry-ext-drive.nix
+++ b/extras/mk-raspberry-ext-drive.nix
@ -1,68 +0,0 @@
-{
-  util-linux,
-  cryptsetup,
-  btrfs-progs,
-  writeShellApplication,
-}: let
-  externalDriveData = import ../data/drives/raspberryExternalDrive.nix;
-in
-  writeShellApplication {
-    name = "mk-raspberry-ext-drive";
-    runtimeInputs = [
-      util-linux
-      cryptsetup
-      btrfs-progs
-    ];
-    text = ''
-      if [ -z "''${1-}" ]; then
-        echo "Please specify a path to device as first argument"
-        exit 1
-      fi
-
-      DRIVE_PATH=$1
-
-      if [ -z "''${2-}" ]; then
-        echo "Please specify a key file to use"
-        exit 1
-      fi
-
-      KEY_FILE=$2
-
-      if [ -z "''${3-}" ]; then
-        echo "Please specify a temp mountpoint to use"
-        exit 1
-      fi
-
-      TEMP_MOUNTPOINT=$3
-
-      if [ "$EUID" -ne 0 ]; then
-        echo "Please run as root"
-        exit
-      fi
-      echo "Wiping Partitions..."
-      wipefs --all "$DRIVE_PATH"
-
-      echo "Creating Encrypted Partition"
-      cryptsetup luksFormat "$DRIVE_PATH" --key-file "$KEY_FILE" --label "${externalDriveData.encryptedLabel}"
-
-      echo "Opening Encrypted Partition"
-      cryptsetup open "$DRIVE_PATH" "mk-raspberry-ext-drive" --key-file "$KEY_FILE"
-
-      echo "Formatting Encrypted Filesystem"
-      mkfs.btrfs -L "${externalDriveData.unencryptedLabel}" /dev/mapper/mk-raspberry-ext-drive
-
-      echo "Mounting Partition"
-      mount -t btrfs /dev/mapper/mk-raspberry-ext-drive "$TEMP_MOUNTPOINT"
-
-      echo "Creating Folders"
-      mkdir "$TEMP_MOUNTPOINT/backups"
-      mkdir "$TEMP_MOUNTPOINT/storage"
-      mkdir "$TEMP_MOUNTPOINT/extras"
-
-      echo "Unmounting"
-      umount "$TEMP_MOUNTPOINT"
-
-      echo "Closing mapper device"
-      cryptsetup close "mk-raspberry-ext-drive"
-    '';
-  }
--- a/home/dev/all/extra.nix
+++ b/home/dev/all/extra.nix
@ -20,6 +20,5 @@

    mk-enc-usb
    mk-encrypted-drive
-    mk-raspberry-ext-drive
  ];
 }
--- a/hosts/hetzner-arm/hetzner-arm.nix
+++ b/hosts/hetzner-arm/hetzner-arm.nix
@ -21,7 +21,6 @@ in {
      "storage"
      "mail"
      "jellyfin"
-      "vault"
    ] (name: ./containers + "/${name}"))
    ++ (with hosts.hetzner-arm.profiles; [
      staticSites
--- a/hosts/raspberry/data/rclone_config.template
+++ b/hosts/raspberry/data/rclone_config.template
@ -1,17 +0,0 @@
-[StorageBox-Remote]
-type = webdav
-vendor = other
-host = u323231.your-storagebox.de
-url = https://u323231.your-storagebox.de
-user = u323231
-pass = STORAGEBOX_PASSWORD
-
-[StorageBox-Hasher]
-type = hasher
-remote = StorageBox-Remote:
-hashes = sha1,md5
-max_age = off
-
-[StorageBox]
-type = alias
-remote = StorageBox-Hasher:
--- a/hosts/raspberry/profiles/autoStorageBackups.nix
+++ b/hosts/raspberry/profiles/autoStorageBackups.nix
@ -1,2 +0,0 @@
-{...}: {
-}
--- a/hosts/raspberry/profiles/externalDrive.nix
+++ b/hosts/raspberry/profiles/externalDrive.nix
@ -1,48 +0,0 @@
-{
-  self,
-  pkgs,
-  ...
-}: let
-  externalDriveData = import "${self}/data/drives/raspberryExternalDrive.nix";
-
-  mountExternalDrive = let
-    jq = "${pkgs.jq}/bin/jq";
-    vault = "${pkgs.vault}/bin/vault";
-    cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup";
-  in
-    pkgs.writeShellScriptBin "mount_external_drive" ''
-      ${unmountExternalDrive}/bin/unmount_external_drive
-
-      vault-login
-
-      ${vault} kv get -format json "/private-public-keys/cryptsetup/raspberry-ext-drive" \
-        | ${jq} -r ".data.data.key" \
-        | base64 -d \
-        | ${cryptsetup} open ${externalDriveData.encryptedPath} ${externalDriveData.mapperName} --key-file=/dev/stdin
-      mount ${externalDriveData.mapperPath} -o rw,compress=zstd ${externalDriveData.mountpoint}
-    '';
-
-  unmountExternalDrive = let
-    cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup";
-  in
-    pkgs.writeShellScriptBin "unmount_external_drive" ''
-      umount -flR ${externalDriveData.mountpoint} || true
-      ${cryptsetup} close ${externalDriveData.mapperName} || true
-    '';
-in {
-  environment.systemPackages =
-    (with pkgs; [
-      cryptsetup
-    ])
-    ++ [
-      mountExternalDrive
-      unmountExternalDrive
-    ];
-
-  systemd.tmpfiles.rules = ["d ${externalDriveData.mountpoint} - root root"];
-
-  #services.udev.extraRules = ''
-  #  ACTION=="add", ENV{PARTLABEL}=="${externalDriveData.encryptedLabel}", ENV{SYSTEMD_WANTS}="mount-external-drive.service"
-  #  ACTION=="remove", ENV{PARTLABEL}=="${externalDriveData.encryptedLabel}", ENV{SYSTEMD_WANTS}="unmount-external-drive.service"
-  #'';
-}
--- a/hosts/raspberry/profiles/rclone.nix
+++ b/hosts/raspberry/profiles/rclone.nix
@ -1,28 +0,0 @@
-{pkgs, ...}: let
-  rclone-raspberry = pkgs.writeShellScriptBin "rclone-raspberry" (let
-    vault = "${pkgs.vault}/bin/vault";
-    jq = "${pkgs.jq}/bin/jq";
-    rclone = "${pkgs.rclone}/bin/rclone";
-  in ''
-    TMP_DIR="$(mktemp -d)"
-
-    cp ${../data/rclone_config.template} "$TMP_DIR/rclone.conf"
-
-    vault-login 2>&1
-
-    STORAGEBOX_PASSWORD=$(${vault} kv get -format json "/api-keys/hetzner/storagebox" \
-      | ${jq} -r ".data.data.password")
-    STORAGEBOX_PASSWORD=$(rclone obscure "$STORAGEBOX_PASSWORD")
-
-    sed -i "s/STORAGEBOX_PASSWORD/$STORAGEBOX_PASSWORD/" "$TMP_DIR/rclone.conf"
-
-    ${rclone} --config "$TMP_DIR/rclone.conf" "$@"
-    returnVal=$?
-
-    rm -rf "$TMP_DIR"
-
-    return returnVal
-  '');
-in {
-  environment.systemPackages = with pkgs; [rclone rclone-raspberry];
-}
--- a/hosts/raspberry/raspberry.nix
+++ b/hosts/raspberry/raspberry.nix
@ -3,17 +3,10 @@
    [
      presets.nixos.serverBase

-      profiles.nginx
-      profiles.firewallAllow.httpCommon
-
      ./secrets.nix
      ./boot.nix
    ]
-    ++ (with hosts.raspberry.profiles; [
-      externalDrive
-      autoStorageBackups
-      rclone
-    ]);
+    ++ (with hosts.raspberry.profiles; []);

  networking.enableIPv6 = true;
  networking.useDHCP = true;
--- a/outputs.nix
+++ b/outputs.nix
@ -38,22 +38,19 @@ in
              (with pkgs; [
                git
                nano
-                bat
                nix
-                vault
                nix-tree
                nix-output-monitor
              ])
              ++ (with self.packages."${system}"; [
                mk-enc-usb
                mk-encrypted-drive
-                mk-raspberry-ext-drive
              ]);
          };

          packages = {
            inherit (pkgs) comic-code comic-sans;
-            inherit (pkgs) mk-enc-usb mk-encrypted-drive mk-raspberry-ext-drive;
+            inherit (pkgs) mk-enc-usb mk-encrypted-drive;
            inherit (pkgs) gotosocial mpd-headless;
            inherit (pkgs) kitty-terminfo;
          };
--- a/overlay/default.nix
+++ b/overlay/default.nix
@ -6,7 +6,6 @@ final: prev: rec {

  mk-enc-usb = final.callPackage ../extras/mk-enc-usb.nix {};
  mk-encrypted-drive = final.callPackage ../extras/mk-encrypted-drive.nix {};
-  mk-raspberry-ext-drive = final.callPackage ../extras/mk-raspberry-ext-drive.nix {};

  kitty-terminfo = final.runCommand "kitty-terminfo" {} ''
    mkdir -p $out/share