Add encrypted vault for dungflix

2022-07-15 00:58:39 +01:00
parent 93d914ade6
commit f4e537f2db
4 changed files with 51 additions and 4 deletions
--- a/hosts/dingserver/rclone.nix
+++ b/hosts/dingserver/rclone.nix
@@ -8,11 +8,16 @@
  file = ''
    [dungflix]
    type = b2
+
+    [dungflix-vault]
+    type = crypt
+    remote = dungflix:dungflix-bucket
  '';
 in {
  age.secrets = {
    dungflix_bucket_account_id.file = ../../secrets/dungflix_bucket_account_id.age;
    dungflix_bucket_account_key.file = ../../secrets/dungflix_bucket_account_key.age;
+    dungflix_crypt_remote_obscured_pass.file = ../../secrets/dungflix_crypt_remote_obscured_pass.age;
  };
  systemd.services.dungflix-mount = {
    description = "Mount the Backblaze B2 media store";
@@ -24,15 +29,23 @@ in {
    script = ''
      export RCLONE_B2_ACCOUNT=''$(cat ${config.age.secrets.dungflix_bucket_account_id.path})
      export RCLONE_B2_KEY=''$(cat ${config.age.secrets.dungflix_bucket_account_key.path})
-      ${pkgs.rclone}/bin/rclone --config="${pkgs.writeText "" file}" mount dungflix:dungflix-bucket ${mountdir} \
+      export RCLONE_CRYPT_PASSWORD=''$(cat ${config.age.secrets.dungflix_crypt_remote_obscured_pass.path})
+      ${pkgs.rclone}/bin/rclone --config="${pkgs.writeText "" file}" mount dungflix-vault: ${mountdir} \
+        --transfers 32 \
        --vfs-cache-mode full \
-        --vfs-cache-max-age 48h \
+        --vfs-cache-max-age 168h \
        --vfs-cache-max-size 100G \
        --allow-other \
        --no-modtime \
        --buffer-size 2G \
-        -vvv
+        --fast-list \
+        --rc \
+        --rc-no-auth \
+        -vv
+    '';
+    postStart = ''
+      sleep 5
+      ${pkgs.rclone}/bin/rclone rc vfs/refresh recursive=true _async=true
    '';
-    postStop = "fusermount -u ${mountdir}";
  };
 }