Manually moving /srv to an existing drive

amit · February 1, 2021, 8:14pm

Hello,

I want to use an external drive that’s preformatted. Mainly, because I’d like to encrypt it. But also because I want to format to a specific filesystem, it using a newer kernel (on a laptop), with select options. I now have the disk ready and plugged in. What care do I have to take to manually move the /srv filesystem to the external drive? For example, things like when is /srv expected to be ready and usable? It will need to be decrypted, and mounted before /srv is available.

Also wondering about how to convince the Foris portal that my /srv is backed by an external drive if I make this manual move (and perhaps symlink /srv to point to the new location). This is perhaps only useful to have nextcloud going – which won’t let me proceed till it’s convinced /srv is on an external drive.

Edit: I also just noticed the ‘srv’ service, that seems to attempt to copy data off the existing location into a bind-mounted tmpfs. And it handles links specially. I’m guessing ths will need to be handled as well?

Thanks!

AreYouLoco · February 2, 2021, 4:44pm

I would like to do something similar but look. Imagine how you are going to provide unlock key or password for your drive? You would have to manually log in to the router each time it reboots to unlock the drive or keep the key on a router then there is no point in encrypting it.

I did preformatted drive with btrfs and just mounted it in /srv that should be enough to do with /etc/fstab or in LUCI

salty · February 2, 2021, 6:23pm

It would be possible to auto unlock the partition with clevis installed on the router and tang installed on another computer in the LAN. But only the server (tang) package is provided by OpenWRT (to auto unlock partitions on local computers), not the client (clevis).

amit · February 3, 2021, 6:35pm

I didn’t know about the tang and clevis packages - thanks for that! For the decryption itself, it’s possible to set it up by methods like https://openwrt.org/docs/guide-user/storage/disk.encryption or the tang/clevis way.

I’m going to attempt using this setup for now, also hoping it doesn’t break with a future update, since what I’m about to do is undocumented at best.

amit · February 20, 2021, 8:38am

I found out that the script that handles the storage is in /usr/libexec/format_and_set_srv.sh. These are the key commands:

   uci set storage.srv.uuid="$UUID"
   uci set storage.srv.old_uuid="rootfs"
   uci commit storage

Which result in mounting of the partition, and binding it to /srv/. Another way to do it is via the LuCI interface and just provide a mountpoint there. And yet another method is to put an entry into /etc/fstab manually.

Any of these 3 methods work fine. Note that combining the uci way and the LuCI way results in badness – I experienced that in /srv/www directory deleted after reboot - which resulted in an unintentional double-mount. So just use one of these methods, and you’re good.