mira/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

(common) ceph stuff?

Browse source
This commit is contained in:
ArgentumCation 2024-10-01 00:16:29 -04:00
parent 682f54728e
commit ac1ce583f1
4 changed files with 126 additions and 98 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

116
auxin/configuration.nix
View file

@ -28,6 +28,9 @@ let
8842 # Crowdsec (-> 8842)
8888 # Kodi
9000 # Portainer (-> 9443)
3300 # Ceph monitors
6789 # Ceph monitors
6800 # Ceph OSD
];
in
{
@ -40,21 +43,6 @@ in
kodi.enableAdvancedLauncher = true;
pulseaudio = true;
};
# overlays = [
# (final: prev: {
# seaweedfs = prev.seaweedfs.overrideAttrs
# (old: {
# doCheck = false;
# postInstall = /*old.postInstall ++*/ ''
# mkdir -p $out/sbin
# cp -r $out/bin/weed $out/sbin/weed
# cp -r $out/bin/weed $out/sbin/mount.weed
#
# '';
# });
# }
# )
# ];
};
networking = {
@ -65,23 +53,6 @@ in
allowedUDPPorts = ports;
allowedTCPPorts = ports;
};
bridges = {
"br0" = {
interfaces = [
"enp9s0"
"enp0s20f0u4"
];
};
};
interfaces.br0.ipv4.addresses = [
{
address = "192.168.1.153";
prefixLength = 24;
}
];
interfaces.br0.macAddress = "0a:d5:3b:e0:88:bd";
interfaces.enp9s0.macAddress = "0a:d5:3b:e0:88:bd";
defaultGateway = {
address = "192.168.1.1";
};
@ -107,7 +78,10 @@ in
];
# Define a user account. Don't forget to set a password with passwd.
users = {
groups.ceph = { };
users = {
# mesh = { isNormalUser = true; extraGroups = [ "wheel" "docker" ]; };
ceph = { isNormalUser = true; extraGroups = [ "wheel" "ceph" ]; };
dockremap = {
isSystemUser = true;
uid = 100000;
@ -163,6 +137,20 @@ in
};
services = {
# ceph = {
# global.fsid = "7c57bbc5-fdbf-4023-bc45-2e708ebc8e3e";
# osd = {
# enable = true;
# daemons = [ "0" ];
# };
# mon = {
# enable = false;
# extraConfig = {
# "mon initial members" = "auxin";
# "mon host" = "192.168.1.153";
# };
# };
# };
nfs = {
idmapd.settings = {
Mapping = {
@ -252,7 +240,7 @@ in
# TODO: check security settings
samba = {
enable = true;
shares = {
settings = {
public = {
path = "/";
browseable = "yes";
@ -329,6 +317,68 @@ in
};
wantedBy = [ "multi-user.target" ];
};
ceph-mon = {
enable = true;
description = "Ceph cluster monitor daemon";
unitConfig = {
partOf = "ceph-mon.target";
# # According to:
# # http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget
# # these can be removed once ceph-mon will dynamically change network
# # configuration.
after = [ "network-online.target" "local-fs.target" "time-sync.target" ];
before = [ "remote-fs-pre.target" "ceph-mon.target" ];
wants = [ "network-online.target" "local-fs.target" "time-sync.target" "remote-fs-pre.target" "ceph-mon.target" ];
};
serviceConfig = {
# Environment=CLUSTER=ceph
# EnvironmentFile=-/etc/default/ceph
# ExecReload=/bin/kill -HUP $MAINPID
ExecStart="/run/current/system/sw/bin/ceph-mon -f --cluster ceph --id auxin --setuser ceph --setgroup ceph";
# LimitNOFILE=1048576
# LimitNPROC=1048576
# LockPersonality=true
# MemoryDenyWriteExecute=true
# # Need NewPrivileges via `sudo smartctl`
NoNewPrivileges = false;
# # We need access to block devices to check the health of the disk backing the
# # monitor DB store. It can be set to `true` if you're not interested in that
# # feature.
PrivateDevices=false;
# PrivateTmp=true
# ProtectControlGroups=true
# ProtectHome=true
# ProtectHostname=true
# ProtectKernelLogs=true
# ProtectKernelModules=true
# ProtectKernelTunables=true
# ProtectSystem=full
# Restart=on-failure
# RestartSec=10
# RestrictSUIDSGID=true
# StartLimitBurst=5
# StartLimitInterval=30min
# TasksMax=infinity
};
wantedBy = [ "ceph-mon.target" ];
};
# ceph-mesh = {
# enable = true;
# description = "Ceph OSD Bindings";
# unitConfig = {
# After = "local-fs.target";
# Wants = "local-fs.target";
# };
# serviceConfig = {
# Type = "oneshot";
# KillMode = "none";
# Environment = "CEPH_VOLUME_TIMEOUT=10000 PATH=$PATH:/run/current-system/sw/bin/";
# ExecStart = "/bin/sh -c 'timeout $CEPH_VOLUME_TIMEOUT /run/current-system/sw/bin/ceph-volume lvm activate --all --no-systemd'";
# TimeoutSec = 0;
# };
# wantedBy = [ "multi-user.target" ];
# };
};
};
# Copy the NixOS configuration file and link it from the resulting system

43
auxin/hardware-configuration.nix
View file

@ -17,36 +17,36 @@
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "uas" "usbcore"];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-intel" ];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/b6931dc5-1ccb-4d81-abf6-38b6febc6176";
device = "/dev/disk/by-label/SYSTEM";
fsType = "btrfs";
options = [ "subvol=@nixos" "noatime" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/b6931dc5-1ccb-4d81-abf6-38b6febc6176";
device = "/dev/disk/by-label/SYSTEM";
fsType = "btrfs";
options = [ "subvol=@nix" "noatime" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/b6931dc5-1ccb-4d81-abf6-38b6febc6176";
device = "/dev/disk/by-label/SYSTEM";
fsType = "btrfs";
options = [ "subvol=@home" "noatime" "compress=zstd" ];
};
fileSystems."/swap" = {
device = "/dev/disk/by-uuid/b6931dc5-1ccb-4d81-abf6-38b6febc6176";
device = "/dev/disk/by-label/SYSTEM";
fsType = "btrfs";
options = [ "subvol=@swap" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/34E4-E112";
device = "/dev/disk/by-label/ESP";
fsType = "vfat";
};
@ -56,13 +56,6 @@
options = [ "noatime" "space_cache=v2" "compress=zstd" ];
};
# 96 │ localhost:4208:/ /weed fuse.seaweedfs rw,nosuid,nodev,relatime,user_id=1000,group_id=1000,default_permissions,allow_other,max_read=1048576 0 0
# 31 │ /dev/sda1 /raid btrfs rw,noatime,compress=zstd:3,discard=async,space_cache=v2,subvolid=5,subvol=/ 0 0
# fileSystems."/weed" = {
# device = "fuse";
# fsType = "weed";
# options = [ "filer=localhost:4208" "filer.path=/" "nofail" "_netdev" "x-systemd.mount-timeout=5" "x-systemd.automount" ];
# };
systemd.services."seaweedfs-mount" = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
@ -78,27 +71,7 @@
Restart = "on-failure";
};
};
# swapDevices = [ "/swap/swapfile" ];
# systemd.mounts = [{
# # what = "fuse";
# where = "/weed";
# type = "fuse.seaweedfs";
# options = "defaults";
# unitConfig = {
# Requires = [ "seaweedfs-default-filer-main.service" ];
# After = [ "network.target" ];
# ExecMount = "${pkgs.seaweedfs}/bin/weed mount -dir=/weed -filer=localhost:4208";
#
# };
#
# }];
# systemd.automounts = [{
# wantedBy = [ "multi-user.target" ];
# automountConfig = {
# TimeoutIdleSec = "5";
# };
# where = "/weed";
# }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction

5
common.nix
View file

@ -6,6 +6,7 @@
...
}: let
sshKeys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCZ87vi3BF+Mtb8Pv1Gqc9wyeXQCncJrg3lq4dwl15bkHUw4BlR2h1z8payBpGiKMnZy/NtWCclt3Jh562YhjLYHy9VtlTUlADGTvIPtczizZYPCzceC3fP1zCh2N8pUluR8J9Y+EvYWvSQkvSpwD8hhpLXeuOtFjjg0stLliI2YuVk4TJrXNmF8UNweeiBvaJW4Nye5no9h+IKTU8FPehB5BrWhTi9aTiTSxzgX3anOaTzRL1x+Lbeoo27AfZXwQJDlYHdg93csXyAP4l2g4lvtU98W3AlG7ZsipUgRWClfe4OBz1l2rT5F+l28daOFae+THOf2iG6kymesCeJiLBILWk45hmiA8Vv3XAdWxtqPJhQKrqtfm5GMm3cNZPc6N3CJe6gVw75eBCG1TjFhSVXmrHQgbmN0nFs6HU3+ghSnPmDI8A7DvWdRAKceWP39pb3g5kp/pTg+Lj+yFV2ll4/MvbN1wcSdW5azDAYLVnMCS6b8ikO16tpnLT1bbUN4M0= ceph-f4745d24-7f5e-11ef-b66f-14ac604688a3"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMggnmTj7KL409V2mtbPgKERbmyJAeCGBcyzxWW+arRZAAAABHNzaDo= yubikey-black"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAltYcKHavkQBJFlogNuT3JhX6ob30V3EYje4pOQBLgq gpg\\mira.kristipati@gmail.com"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEKT/rbUu87QyRD7L/QSr+lQMJz2m/mdqlqyCQEMwUJj gpgssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEw3/9inZC/MRPkuOF6T5LiFoOlgo5HZVIM36IC+hlzJ gpg\\mira-yubikey-black"
@ -133,6 +134,7 @@ in {
fd
file
fzf
ceph
gdu
hyfetch
killall
@ -140,6 +142,7 @@ in {
mcfly
neovim
nushell
python3
starship
ripgrep
sheldon
@ -152,6 +155,8 @@ in {
zoxide
zsh
lsof
unzip
];
programs = {
tmux.enable = true;

60
flake.lock generated
View file

@ -40,11 +40,11 @@
]
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"lastModified": 1726153070,
"narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a",
"type": "github"
},
"original": {
@ -88,11 +88,11 @@
]
},
"locked": {
"lastModified": 1724857454,
"narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=",
"lastModified": 1726745158,
"narHash": "sha256-D5AegvGoEjt4rkKedmxlSEmC+nNLMBPWFxvmYnVLhjk=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6",
"rev": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74",
"type": "github"
},
"original": {
@ -155,11 +155,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1724996444,
"narHash": "sha256-bgDfNsVPleUyx6vNr5INJTLfkLycNmL3yvSBv1OguLs=",
"lastModified": 1727528434,
"narHash": "sha256-fzvvCB0hjPPq3BhawZxcHAxY+MQIgJp6fJoa7QN/Sfc=",
"owner": "nix-community",
"repo": "neovim-nightly-overlay",
"rev": "d0f68c980e3a0a3a8e63ccca93a01f87fb77937e",
"rev": "b0e07ef4637357f272a62e6bb7f5f4460766aade",
"type": "github"
},
"original": {
@ -171,11 +171,11 @@
"neovim-src": {
"flake": false,
"locked": {
"lastModified": 1724970905,
"narHash": "sha256-6HqoxweeX3tQbchJpjUNiBKj/2P3oiQBR42B/QuB+a0=",
"lastModified": 1727476305,
"narHash": "sha256-vwwFI1qM0vIBy4H3XrelrUk886+H0sJfWzEREmg2Hb8=",
"owner": "neovim",
"repo": "neovim",
"rev": "4353996d0fa8e5872a334d68196d8088391960cf",
"rev": "0f067cd34d09b38f9aaf2e1732d825e89b573077",
"type": "github"
},
"original": {
@ -189,11 +189,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1724994893,
"narHash": "sha256-yutISDGg6HUaZqCaa54EcsfTwew3vhNtt/FNXBBo44g=",
"lastModified": 1727507295,
"narHash": "sha256-I/FrX1peu4URoj5T5odfuKR2rm4GjYJJpCGF9c0/lDA=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "c8d3157d1f768e382de5526bb38e74d2245cad04",
"rev": "f2e1c4aa29fc211947c3a7113cba1dd707433b70",
"type": "github"
},
"original": {
@ -204,11 +204,11 @@
},
"nixos-unstable": {
"locked": {
"lastModified": 1724819573,
"narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=",
"lastModified": 1727348695,
"narHash": "sha256-J+PeFKSDV+pHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "71e91c409d1e654808b2621f28a327acfdad8dc2",
"rev": "1925c603f17fc89f4c8f6bf6f631a802ad85d784",
"type": "github"
},
"original": {
@ -220,11 +220,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1724840184,
"narHash": "sha256-RXftd9nVNpCKHEaiMhAWiZo3U/SEdRPF0zD7s7u50Oc=",
"lastModified": 1727335715,
"narHash": "sha256-1uw3y94dA4l22LkqHRIsb7qr3rV5XdxQFqctINfx8Cc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4f9cb71da3ec4f76fd406a0d87a1db491eda6870",
"rev": "28b5b8af91ffd2623e995e20aee56510db49001a",
"type": "github"
},
"original": {
@ -236,11 +236,11 @@
},
"nixpkgs-darwin": {
"locked": {
"lastModified": 1725031139,
"narHash": "sha256-ejr32Vf+T7tz3Xo2LtQiQfEsmSEke5npKlhJuhSoY8U=",
"lastModified": 1727546182,
"narHash": "sha256-T2nLZbgDBhx6T2rOgw522f/WwXnXJrBOzCw+q2XgmAc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "33ce3a8d5f8b771344694667912c77233334f487",
"rev": "ced0da1e7e7d50f1352bc6bdd25af8ae55eb3934",
"type": "github"
},
"original": {
@ -252,11 +252,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1725036679,
"narHash": "sha256-Ri79ZOEcZJFLr6+LgS3A0WYyroL/PqEuO+lI7u+G2tE=",
"lastModified": 1727524699,
"narHash": "sha256-k6YxGj08voz9NvuKExojiGXAVd69M8COtqWSKr6sQS4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dac9db29e0e7ff2071ccc47b720aaffc3e74b504",
"rev": "b5b2fecd0cadd82ef107c9583018f381ae70f222",
"type": "github"
},
"original": {
@ -282,11 +282,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1724855419,
"narHash": "sha256-WXHSyOF4nBX0cvHN3DfmEMcLOVdKH6tnMk9FQ8wTNRc=",
"lastModified": 1727540905,
"narHash": "sha256-40J9tW7Y794J7Uw4GwcAKlMxlX2xISBl6IBigo83ih8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ae2fc9e0e42caaf3f068c1bfdc11c71734125e06",
"rev": "fbca5e745367ae7632731639de5c21f29c8744ed",
"type": "github"
},
"original": {