add zfsunlock for vno1-oh2

2023-07-24 12:50:17 +03:00 · 2023-07-24 12:50:17 +03:00 · 5b44216b4b
parent f5d3249fa0
commit 5b44216b4b
2 changed files with 14 additions and 0 deletions
--- a/data.nix
+++ b/data.nix
@ -7,6 +7,7 @@ rec {
    "vno1-oh2.servers.jakst" = {
      extraHostNames = ["dl.jakstys.lt" "vno1-oh2.jakstys.lt"];
      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHtYsaht57g2sp6UmLHqsCK+fHjiiZ0rmGceFmFt88pY";
+      initrdPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEzt0eaSRTAfM2295x4vACEd5VFqVeYJPV/N9ZUq+voP";
      publicIP = "88.223.107.21";
    };
    "hel1-a.servers.jakst" = {
--- a/hosts/hel1-a/configuration.nix
+++ b/hosts/hel1-a/configuration.nix
@ -18,6 +18,19 @@ in {
    stateVersion = "22.11";
    timeZone = "UTC";

+    services = {
+      zfsunlock = {
+        enable = true;
+        targets."vno1-oh2.servers.jakst" = {
+          sshEndpoint = myData.hosts."vno1-oh2.servers.jakst".publicIP;
+          pingEndpoint = "vno1-oh2.servers.jakst";
+          remotePubkey = myData.hosts."vno1-oh2.servers.jakst".initrdPubKey;
+          pwFile = config.age.secrets.zfs-passphrase-vno1-oh2.path;
+          startAt = "*-*-* *:00/5:00";
+        };
+      };
+    };
+
    base = {
      users.passwd = {
        root.passwordFile = config.age.secrets.root-passwd-hash.path;