sam
/
nixos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: sam:master
Branches Tags
sam:master
sam:bitcoin
sam:docker
sam:docker-entrypoint
sam:incus
sam:lxd
sam:nebula
sam:overseer
sam:disko
sam:development
sam:change-decrypt-key
sam:media
sam:impermanence
sam:fileserver-host
sam:sops
sam:modules
...
pull from: sam:lxd
Branches Tags
sam:master
sam:bitcoin
sam:docker
sam:docker-entrypoint
sam:incus
sam:lxd
sam:nebula
sam:overseer
sam:disko
sam:development
sam:change-decrypt-key
sam:media
sam:impermanence
sam:fileserver-host
sam:sops
sam:modules

12 Commits
master ... lxd

Author SHA1 Message Date
Sam 9f593876ab switch to incus 2024-06-30 12:25:44 +01:00
Sam 6d41b7dea9 changed fs of lxc to btrfs 2024-06-29 22:18:42 +01:00
Sam 017dba3475 alter zfs mountpoint 2024-06-29 20:14:43 +01:00
Sam eb9fb7789f setup zfs post system install 2024-06-29 18:13:47 +01:00
Sam 15578fc3af working zfs create disko config 2024-06-29 17:18:30 +01:00
mrsu 4c1e243555 link lxd preseed to zfs volume 2024-06-29 16:21:28 +01:00
mrsu f3f50b051a postgres zfs setup 2024-06-29 16:02:38 +01:00
Sam 291a86f71b lxd module 2024-06-29 14:40:10 +01:00
Sam 822a710ff5 Added extra admin groups 2024-06-29 14:39:16 +01:00
Sam d8672d109a Inital setup of lxd on nebula 2024-06-29 11:03:07 +01:00
Sam 7be100bfd2 Removed unnecessary imports 2024-06-29 11:02:15 +01:00
Sam fe42a0b448 Removed unnecessary declaration for btrfs device name. 2024-06-29 10:59:45 +01:00
8 changed files with 189 additions and 21 deletions
Show Stats Expand all files Collapse all files

26
flake.lock
View File

@ -278,11 +278,11 @@
"nix-secrets": { "nix-secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1719601133, "lastModified": 1719686367,
"narHash": "sha256-2+e92LyX1fFj3mIZft+K8OzR9NT/1xtheO8hO/3DyRc=", "narHash": "sha256-zQ/Mgrg3GjE4QkweXPLAtbO8SnfzTXZrqmm8oZwXBV4=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "278ccbbd646e86cab5fd38d43d9134270d8123d0", "rev": "eb8d568c7e30a8c45148fa5c235ebd49bc8effee",
"revCount": 141, "revCount": 148,
"type": "git", "type": "git",
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
}, },
@ -340,11 +340,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1719254875, "lastModified": 1719506693,
"narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=", "narHash": "sha256-C8e9S7RzshSdHB7L+v9I51af1gDM5unhJ2xO1ywxNH8=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60", "rev": "b2852eb9365c6de48ffb0dc2c9562591f652242a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -368,11 +368,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1719469291, "lastModified": 1719657372,
"narHash": "sha256-Efir01r7ThPabDBFOygX1UDyerJFHelbRGdMo/VNw14=", "narHash": "sha256-3uCk0WXaUZPErNGUNCCbOg+DgZIjA6OgyqFYJwfZ4+0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "8f52e4d1e34039937efb0ee05825b9963ef29739", "rev": "5b94f0caddc9f406554701a214f879c75fb0ee60",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -384,11 +384,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1719596768, "lastModified": 1719679086,
"narHash": "sha256-quSWztqqMxvSJIKddYp1D0GdR7Kg8JjEVCIzMbtBTQ4=", "narHash": "sha256-4s1Tn2T9EY9WE94bu9dGZXvl2L1BaerQSzoUfkpSINY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "35e48702118124ec52a071e300f55c78a4b7b338", "rev": "0dee89a38d574f3fd8a1ebe1dc43bfe8fb3448ec",
"type": "github" "type": "github"
}, },
"original": { "original": {

3
hosts/common/disks/zfs/post-install-setup.sh Executable file
View File

@ -0,0 +1,3 @@
#!/usr/bin/env bash
sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko ./zspeed.nix

73
hosts/common/disks/zfs/zspeed.nix Normal file
View File

@ -0,0 +1,73 @@
{
disko.devices = {
disk = {
x = {
type = "disk";
device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zspeed";
};
};
};
};
};
y = {
type = "disk";
device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi3";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zspeed";
};
};
};
};
};
};
zpool = {
zspeed = {
type = "zpool";
mode = "mirror";
rootFsOptions = {
"compression" = "zstd-4";
"com.sun:auto-snapshot" = "false";
"xattr" = "sa";
"atime" = "off";
};
options = {
"ashift" = "13";
};
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zspeed@blank$' || zfs snapshot zspeed@blank";
datasets = {
postgres = {
type = "zfs_volume";
size = "10G -s";
options = {
"com.sun:auto-snapshot:daily" = "true";
"volblocksize" = "8k";
};
};
test = {
type = "zfs_volume";
size = "10G -s";
options = {
"com.sun:auto-snapshot:daily" = "true";
"volblocksize" = "8k";
};
};
};
};
};
};
}

13
hosts/common/optional/lxd/default.nix Normal file
View File

@ -0,0 +1,13 @@
{ pkgs, ... }:
{
imports = [
./lxd-preseed.nix
];
networking.nftables.enable = true;
virtualisation = {
incus = {
package = pkgs.incus;
enable = true;
};
};
}

30
hosts/common/optional/lxd/lxd-preseed.nix Normal file
View File

@ -0,0 +1,30 @@
{ ... }:
let
lxd_profiles = {
"default" = (import ./profiles/default.nix);
};
in
{
virtualisation = {
incus = {
preseed = {
config = {
"core.https_address" = ":8443";
"images.auto_update_interval" = 9;
};
networks = [
lxd_profiles.default.network
];
profiles = [
lxd_profiles.default.profile
];
storage_pools = lxd_profiles.default.storage_pools;
};
};
};
}

43
hosts/common/optional/lxd/profiles/default.nix Normal file
View File

@ -0,0 +1,43 @@
{
network = {
name = "lxdBrDefault";
type = "bridge";
config = {
"ipv4.address" = "10.100.1.1/8";
"ipv4.nat" = "true";
"ipv4.firewall" = "false";
};
};
storage_pools = [
{
name = "postgres";
driver = "btrfs";
config.source = "/dev/zvol/zspeed/postgres";
}
{
name = "test";
driver = "btrfs";
config.source = "/dev/zvol/zspeed/test";
}
];
profile = {
name = "default";
devices = {
"eth0" = {
name = "eth0";
nictype = "bridged";
parent = "lxdBrDefault";
type = "nic";
};
"root" = {
path = "/";
pool = "default";
size = "8GiB";
type = "disk";
};
};
};
}

13
hosts/common/users/admin/default.nix
View File

@ -1,5 +1,6 @@
{ pkgs, inputs, config, lib, ... }: { pkgs, inputs, config, lib, ... }:
let let
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
username = "admin"; username = "admin";
pubKeys = lib.filesystem.listFilesRecursive (../keys); pubKeys = lib.filesystem.listFilesRecursive (../keys);
hostname = config.networking.hostName; hostname = config.networking.hostName;
@ -7,7 +8,7 @@ let
secretsDirectory = builtins.toString inputs.nix-secrets; secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml"; secretsFile = "${secretsDirectory}/secrets.yaml";
in in
{ {
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
@ -15,7 +16,13 @@ in
hashedPasswordFile = sopsHashedPasswordFile; hashedPasswordFile = sopsHashedPasswordFile;
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key); openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
extraGroups = ["wheel"]; extraGroups = [
"wheel"
] ++ ifTheyExist [
"docker"
"lxc"
"git"
];
packages = with pkgs; [ packages = with pkgs; [
]; ];
@ -30,7 +37,7 @@ in
path = "/home/${username}/.ssh/id_ed25519"; path = "/home/${username}/.ssh/id_ed25519";
mode = "0600"; mode = "0600";
owner = "${username}"; owner = "${username}";
}; };
"ssh_keys/${username}/id_ed25519.pub" = { "ssh_keys/${username}/id_ed25519.pub" = {
path = "/home/${username}/.ssh/id_ed25519.pub"; path = "/home/${username}/.ssh/id_ed25519.pub";
mode = "0644"; mode = "0644";

9
hosts/nebula/default.nix
View File

@ -1,11 +1,10 @@
{ inputs, config, lib, pkgs, outputs, ... }: { inputs, ... }:
let let
# Disko setup # Disko setup
fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
dev = "/dev/sda"; # depends on target hardware dev = "/dev/disk/by-id/ata-QEMU_HARDDISK_QM00005"; # depends on target hardware
encrypted = false; # currrently only applies to btrfs encrypted = false; # currrently only applies to btrfs
impermanence = false; # currrently only applies to btrfs impermanence = false; # currrently only applies to btrfs
btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root";
user = "admin"; user = "admin";
in in
{ {
@ -14,7 +13,7 @@ in
# Create users for this host # Create users for this host
../common/users/${user} ../common/users/${user}
# Disk configuration # Root disk configuration
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
(import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; }) (import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; })
@ -24,7 +23,7 @@ in
# Import optional options # Import optional options
../common/optional/openssh.nix ../common/optional/openssh.nix
../common/optional/lxd
]; ];