wip

2022-09-23 16:44:05 +02:00
3 changed files with 29 additions and 1 deletions
--- a/bundles/zfs/items.py
+++ b/bundles/zfs/items.py
@ -43,8 +43,17 @@ svc_systemd = {

 for name, config in node.metadata.get('zfs/datasets', {}).items():
    zfs_datasets[name] = config
+
    zfs_datasets[name].pop('backup', None)

+    encrypted = zfs_datasets[name].pop('encrypted', None)
+    if encrypted:
+        zfs_datasets[name]['encryption'] = 'aes-256-gcm'
+        zfs_datasets[name]['keylocation'] = 'prompt'
+        zfs_datasets[name]['keyformat'] = 'hex'
+        zfs_datasets[name]['password'] = node.metadata.get('zfs/password')
+
+
 for name, config in node.metadata.get('zfs/pools', {}).items():
    zfs_pools[name] = {
        "when_creating": {
--- a/bundles/zfs/metadata.py
+++ b/bundles/zfs/metadata.py
@ -1,4 +1,6 @@
-#import re
+from uuid import UUID
+from base64 import b64encode, b64decode
+

 defaults = {
    'apt': {
@ -89,6 +91,17 @@ def dataset_defaults(metadata):
    }


+@metadata_reactor.provides(
+    'zfs/password'
+)
+def encryption_key(metadata):
+    return {
+        'zfs': {
+            'password': b64decode(repo.vault.random_bytes_as_base64_for(b64encode(UUID(metadata.get('id')).bytes).decode(), length=32).value).hex(),
+        },
+    }
+
+
@metadata_reactor.provides(
    'backup/paths'
 )
--- a/nodes/home.server.py
+++ b/nodes/home.server.py
@ -197,6 +197,12 @@
                'hdd/nextcloud/ckn-privat': {
                    'mountpoint': '/var/lib/nextcloud/ckn-privat/files',
                },
+
+
+                'tank/enctest1': {
+                    'mountpoint': 'none',
+                    'encrypted': True,
+                },
            },
        },
    },