From ac1ce583f1720433e2c92ce8bfdd7a054d312193 Mon Sep 17 00:00:00 2001 From: ArgentumCation Date: Tue, 1 Oct 2024 00:16:29 -0400 Subject: [PATCH] (common) ceph stuff? --- auxin/configuration.nix | 116 ++++++++++++++++++++++--------- auxin/hardware-configuration.nix | 43 +++--------- common.nix | 5 ++ flake.lock | 60 ++++++++-------- 4 files changed, 126 insertions(+), 98 deletions(-) diff --git a/auxin/configuration.nix b/auxin/configuration.nix index 44e3234..ae9aedd 100644 --- a/auxin/configuration.nix +++ b/auxin/configuration.nix @@ -28,6 +28,9 @@ let 8842 # Crowdsec (-> 8842) 8888 # Kodi 9000 # Portainer (-> 9443) + 3300 # Ceph monitors + 6789 # Ceph monitors + 6800 # Ceph OSD ]; in { @@ -40,21 +43,6 @@ in kodi.enableAdvancedLauncher = true; pulseaudio = true; }; - # overlays = [ - # (final: prev: { - # seaweedfs = prev.seaweedfs.overrideAttrs - # (old: { - # doCheck = false; - # postInstall = /*old.postInstall ++*/ '' - # mkdir -p $out/sbin - # cp -r $out/bin/weed $out/sbin/weed - # cp -r $out/bin/weed $out/sbin/mount.weed - # - # ''; - # }); - # } - # ) - # ]; }; networking = { @@ -65,23 +53,6 @@ in allowedUDPPorts = ports; allowedTCPPorts = ports; }; - bridges = { - "br0" = { - interfaces = [ - "enp9s0" - - "enp0s20f0u4" - ]; - }; - }; - interfaces.br0.ipv4.addresses = [ - { - address = "192.168.1.153"; - prefixLength = 24; - } - ]; - interfaces.br0.macAddress = "0a:d5:3b:e0:88:bd"; - interfaces.enp9s0.macAddress = "0a:d5:3b:e0:88:bd"; defaultGateway = { address = "192.168.1.1"; }; @@ -107,7 +78,10 @@ in ]; # Define a user account. Don't forget to set a password with ‘passwd’. users = { + groups.ceph = { }; users = { + # mesh = { isNormalUser = true; extraGroups = [ "wheel" "docker" ]; }; + ceph = { isNormalUser = true; extraGroups = [ "wheel" "ceph" ]; }; dockremap = { isSystemUser = true; uid = 100000; @@ -163,6 +137,20 @@ in }; services = { + # ceph = { + # global.fsid = "7c57bbc5-fdbf-4023-bc45-2e708ebc8e3e"; + # osd = { + # enable = true; + # daemons = [ "0" ]; + # }; + # mon = { + # enable = false; + # extraConfig = { + # "mon initial members" = "auxin"; + # "mon host" = "192.168.1.153"; + # }; + # }; + # }; nfs = { idmapd.settings = { Mapping = { @@ -252,7 +240,7 @@ in # TODO: check security settings samba = { enable = true; - shares = { + settings = { public = { path = "/"; browseable = "yes"; @@ -329,6 +317,68 @@ in }; wantedBy = [ "multi-user.target" ]; }; + ceph-mon = { + enable = true; + description = "Ceph cluster monitor daemon"; + unitConfig = { + partOf = "ceph-mon.target"; + # # According to: + # # http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget + # # these can be removed once ceph-mon will dynamically change network + # # configuration. + after = [ "network-online.target" "local-fs.target" "time-sync.target" ]; + before = [ "remote-fs-pre.target" "ceph-mon.target" ]; + wants = [ "network-online.target" "local-fs.target" "time-sync.target" "remote-fs-pre.target" "ceph-mon.target" ]; + }; + serviceConfig = { + # Environment=CLUSTER=ceph + # EnvironmentFile=-/etc/default/ceph + # ExecReload=/bin/kill -HUP $MAINPID + ExecStart="/run/current/system/sw/bin/ceph-mon -f --cluster ceph --id auxin --setuser ceph --setgroup ceph"; + # LimitNOFILE=1048576 + # LimitNPROC=1048576 + # LockPersonality=true + # MemoryDenyWriteExecute=true + # # Need NewPrivileges via `sudo smartctl` + NoNewPrivileges = false; + # # We need access to block devices to check the health of the disk backing the + # # monitor DB store. It can be set to `true` if you're not interested in that + # # feature. + PrivateDevices=false; + # PrivateTmp=true + # ProtectControlGroups=true + # ProtectHome=true + # ProtectHostname=true + # ProtectKernelLogs=true + # ProtectKernelModules=true + # ProtectKernelTunables=true + # ProtectSystem=full + # Restart=on-failure + # RestartSec=10 + # RestrictSUIDSGID=true + # StartLimitBurst=5 + # StartLimitInterval=30min + # TasksMax=infinity + }; + wantedBy = [ "ceph-mon.target" ]; + }; + # ceph-mesh = { + # enable = true; + # description = "Ceph OSD Bindings"; + # unitConfig = { + # After = "local-fs.target"; + # Wants = "local-fs.target"; + # }; + # serviceConfig = { + # Type = "oneshot"; + # KillMode = "none"; + # Environment = "CEPH_VOLUME_TIMEOUT=10000 PATH=$PATH:/run/current-system/sw/bin/"; + # ExecStart = "/bin/sh -c 'timeout $CEPH_VOLUME_TIMEOUT /run/current-system/sw/bin/ceph-volume lvm activate --all --no-systemd'"; + # TimeoutSec = 0; + # }; + # wantedBy = [ "multi-user.target" ]; + # }; + }; }; # Copy the NixOS configuration file and link it from the resulting system diff --git a/auxin/hardware-configuration.nix b/auxin/hardware-configuration.nix index 636c25b..1fe566b 100644 --- a/auxin/hardware-configuration.nix +++ b/auxin/hardware-configuration.nix @@ -17,36 +17,36 @@ systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; - initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; + initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "uas" "usbcore"]; initrd.kernelModules = [ ]; - kernelModules = [ "kvm-intel" ]; + kernelModules = [ "kvm-amd" ]; extraModulePackages = [ ]; }; fileSystems."/" = { - device = "/dev/disk/by-uuid/b6931dc5-1ccb-4d81-abf6-38b6febc6176"; + device = "/dev/disk/by-label/SYSTEM"; fsType = "btrfs"; options = [ "subvol=@nixos" "noatime" ]; }; fileSystems."/nix" = { - device = "/dev/disk/by-uuid/b6931dc5-1ccb-4d81-abf6-38b6febc6176"; + device = "/dev/disk/by-label/SYSTEM"; fsType = "btrfs"; options = [ "subvol=@nix" "noatime" ]; }; fileSystems."/home" = { - device = "/dev/disk/by-uuid/b6931dc5-1ccb-4d81-abf6-38b6febc6176"; + device = "/dev/disk/by-label/SYSTEM"; fsType = "btrfs"; options = [ "subvol=@home" "noatime" "compress=zstd" ]; }; fileSystems."/swap" = { - device = "/dev/disk/by-uuid/b6931dc5-1ccb-4d81-abf6-38b6febc6176"; + device = "/dev/disk/by-label/SYSTEM"; fsType = "btrfs"; options = [ "subvol=@swap" ]; }; fileSystems."/boot" = { - device = "/dev/disk/by-uuid/34E4-E112"; + device = "/dev/disk/by-label/ESP"; fsType = "vfat"; }; @@ -56,13 +56,6 @@ options = [ "noatime" "space_cache=v2" "compress=zstd" ]; }; - # 96 │ localhost:4208:/ /weed fuse.seaweedfs rw,nosuid,nodev,relatime,user_id=1000,group_id=1000,default_permissions,allow_other,max_read=1048576 0 0 - # 31 │ /dev/sda1 /raid btrfs rw,noatime,compress=zstd:3,discard=async,space_cache=v2,subvolid=5,subvol=/ 0 0 - # fileSystems."/weed" = { - # device = "fuse"; - # fsType = "weed"; - # options = [ "filer=localhost:4208" "filer.path=/" "nofail" "_netdev" "x-systemd.mount-timeout=5" "x-systemd.automount" ]; - # }; systemd.services."seaweedfs-mount" = { wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; @@ -78,27 +71,7 @@ Restart = "on-failure"; }; }; - # swapDevices = [ "/swap/swapfile" ]; - # systemd.mounts = [{ - # # what = "fuse"; - # where = "/weed"; - # type = "fuse.seaweedfs"; - # options = "defaults"; - # unitConfig = { - # Requires = [ "seaweedfs-default-filer-main.service" ]; - # After = [ "network.target" ]; - # ExecMount = "${pkgs.seaweedfs}/bin/weed mount -dir=/weed -filer=localhost:4208"; - # - # }; - # - # }]; - # systemd.automounts = [{ - # wantedBy = [ "multi-user.target" ]; - # automountConfig = { - # TimeoutIdleSec = "5"; - # }; - # where = "/weed"; - # }]; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction diff --git a/common.nix b/common.nix index 42f7985..de7b038 100644 --- a/common.nix +++ b/common.nix @@ -6,6 +6,7 @@ ... }: let sshKeys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCZ87vi3BF+Mtb8Pv1Gqc9wyeXQCncJrg3lq4dwl15bkHUw4BlR2h1z8payBpGiKMnZy/NtWCclt3Jh562YhjLYHy9VtlTUlADGTvIPtczizZYPCzceC3fP1zCh2N8pUluR8J9Y+EvYWvSQkvSpwD8hhpLXeuOtFjjg0stLliI2YuVk4TJrXNmF8UNweeiBvaJW4Nye5no9h+IKTU8FPehB5BrWhTi9aTiTSxzgX3anOaTzRL1x+Lbeoo27AfZXwQJDlYHdg93csXyAP4l2g4lvtU98W3AlG7ZsipUgRWClfe4OBz1l2rT5F+l28daOFae+THOf2iG6kymesCeJiLBILWk45hmiA8Vv3XAdWxtqPJhQKrqtfm5GMm3cNZPc6N3CJe6gVw75eBCG1TjFhSVXmrHQgbmN0nFs6HU3+ghSnPmDI8A7DvWdRAKceWP39pb3g5kp/pTg+Lj+yFV2ll4/MvbN1wcSdW5azDAYLVnMCS6b8ikO16tpnLT1bbUN4M0= ceph-f4745d24-7f5e-11ef-b66f-14ac604688a3" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMggnmTj7KL409V2mtbPgKERbmyJAeCGBcyzxWW+arRZAAAABHNzaDo= yubikey-black" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAltYcKHavkQBJFlogNuT3JhX6ob30V3EYje4pOQBLgq gpg\\mira.kristipati@gmail.com" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEKT/rbUu87QyRD7L/QSr+lQMJz2m/mdqlqyCQEMwUJj gpgssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEw3/9inZC/MRPkuOF6T5LiFoOlgo5HZVIM36IC+hlzJ gpg\\mira-yubikey-black" @@ -133,6 +134,7 @@ in { fd file fzf + ceph gdu hyfetch killall @@ -140,6 +142,7 @@ in { mcfly neovim nushell + python3 starship ripgrep sheldon @@ -152,6 +155,8 @@ in { zoxide zsh lsof + unzip + ]; programs = { tmux.enable = true; diff --git a/flake.lock b/flake.lock index d8999be..73b54c6 100644 --- a/flake.lock +++ b/flake.lock @@ -40,11 +40,11 @@ ] }, "locked": { - "lastModified": 1722555600, - "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", + "lastModified": 1726153070, + "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", + "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", "type": "github" }, "original": { @@ -88,11 +88,11 @@ ] }, "locked": { - "lastModified": 1724857454, - "narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=", + "lastModified": 1726745158, + "narHash": "sha256-D5AegvGoEjt4rkKedmxlSEmC+nNLMBPWFxvmYnVLhjk=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6", + "rev": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74", "type": "github" }, "original": { @@ -155,11 +155,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1724996444, - "narHash": "sha256-bgDfNsVPleUyx6vNr5INJTLfkLycNmL3yvSBv1OguLs=", + "lastModified": 1727528434, + "narHash": "sha256-fzvvCB0hjPPq3BhawZxcHAxY+MQIgJp6fJoa7QN/Sfc=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "d0f68c980e3a0a3a8e63ccca93a01f87fb77937e", + "rev": "b0e07ef4637357f272a62e6bb7f5f4460766aade", "type": "github" }, "original": { @@ -171,11 +171,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1724970905, - "narHash": "sha256-6HqoxweeX3tQbchJpjUNiBKj/2P3oiQBR42B/QuB+a0=", + "lastModified": 1727476305, + "narHash": "sha256-vwwFI1qM0vIBy4H3XrelrUk886+H0sJfWzEREmg2Hb8=", "owner": "neovim", "repo": "neovim", - "rev": "4353996d0fa8e5872a334d68196d8088391960cf", + "rev": "0f067cd34d09b38f9aaf2e1732d825e89b573077", "type": "github" }, "original": { @@ -189,11 +189,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1724994893, - "narHash": "sha256-yutISDGg6HUaZqCaa54EcsfTwew3vhNtt/FNXBBo44g=", + "lastModified": 1727507295, + "narHash": "sha256-I/FrX1peu4URoj5T5odfuKR2rm4GjYJJpCGF9c0/lDA=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "c8d3157d1f768e382de5526bb38e74d2245cad04", + "rev": "f2e1c4aa29fc211947c3a7113cba1dd707433b70", "type": "github" }, "original": { @@ -204,11 +204,11 @@ }, "nixos-unstable": { "locked": { - "lastModified": 1724819573, - "narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=", + "lastModified": 1727348695, + "narHash": "sha256-J+PeFKSDV+pHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "71e91c409d1e654808b2621f28a327acfdad8dc2", + "rev": "1925c603f17fc89f4c8f6bf6f631a802ad85d784", "type": "github" }, "original": { @@ -220,11 +220,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1724840184, - "narHash": "sha256-RXftd9nVNpCKHEaiMhAWiZo3U/SEdRPF0zD7s7u50Oc=", + "lastModified": 1727335715, + "narHash": "sha256-1uw3y94dA4l22LkqHRIsb7qr3rV5XdxQFqctINfx8Cc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4f9cb71da3ec4f76fd406a0d87a1db491eda6870", + "rev": "28b5b8af91ffd2623e995e20aee56510db49001a", "type": "github" }, "original": { @@ -236,11 +236,11 @@ }, "nixpkgs-darwin": { "locked": { - "lastModified": 1725031139, - "narHash": "sha256-ejr32Vf+T7tz3Xo2LtQiQfEsmSEke5npKlhJuhSoY8U=", + "lastModified": 1727546182, + "narHash": "sha256-T2nLZbgDBhx6T2rOgw522f/WwXnXJrBOzCw+q2XgmAc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "33ce3a8d5f8b771344694667912c77233334f487", + "rev": "ced0da1e7e7d50f1352bc6bdd25af8ae55eb3934", "type": "github" }, "original": { @@ -252,11 +252,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1725036679, - "narHash": "sha256-Ri79ZOEcZJFLr6+LgS3A0WYyroL/PqEuO+lI7u+G2tE=", + "lastModified": 1727524699, + "narHash": "sha256-k6YxGj08voz9NvuKExojiGXAVd69M8COtqWSKr6sQS4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dac9db29e0e7ff2071ccc47b720aaffc3e74b504", + "rev": "b5b2fecd0cadd82ef107c9583018f381ae70f222", "type": "github" }, "original": { @@ -282,11 +282,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1724855419, - "narHash": "sha256-WXHSyOF4nBX0cvHN3DfmEMcLOVdKH6tnMk9FQ8wTNRc=", + "lastModified": 1727540905, + "narHash": "sha256-40J9tW7Y794J7Uw4GwcAKlMxlX2xISBl6IBigo83ih8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ae2fc9e0e42caaf3f068c1bfdc11c71734125e06", + "rev": "fbca5e745367ae7632731639de5c21f29c8744ed", "type": "github" }, "original": {