diff --git a/systems/x86_64-linux/beryllium/default.nix b/systems/x86_64-linux/beryllium/default.nix index 84c841c..b3d3aaa 100644 --- a/systems/x86_64-linux/beryllium/default.nix +++ b/systems/x86_64-linux/beryllium/default.nix @@ -1,57 +1,17 @@ # ++ 4_Be: Beryllium # # NUC / HomeLab environment -{ - lib, - config, - pkgs, - ... -}: { +{pkgs, ...}: { imports = [ ./hardware.nix - ./disko.nix + ./disks.nix ]; - # Set up two main drives for RAID 1 - disko.devices.disk = { - one.device = "/dev/sda"; - two.device = "/dev/sdb"; - }; - - boot = { - loader = { - efi.canTouchEfiVariables = true; - grub = { - enable = true; - efiSupport = true; - device = "nodev"; - mirroredBoots = [ - { - devices = ["/dev/sda"]; - path = "/boot"; - } - { - devices = ["/dev/sdb"]; - path = "/boot2"; - } - ]; - }; - }; - - # Set up mdmon to notify me when one of the drives fails - swraid.mdadmConf = '' - MAILADDR raid@muehl.dev - ''; - }; - elements = { hostname = "beryllium"; users = ["christopher"]; secrets = { key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBUKDCjB0VpQubi8BfnYKbh4MIE1tcvKQesdoPE4NXAf"; - needs = { - smbSecrets = "smb-secrets.age"; - }; }; }; @@ -74,46 +34,14 @@ enable = true; key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMkUPOw28Cu2LMuzfmvjT/L2ToNHcADwGyGvSpJ4wH2T"; }; + + apcupsd.enable = true; }; - boot.kernel.sysctl = { - # We require this so that a rootless traefik can bind to port 80. - "net.ipv4.ip_unprivileged_port_start" = "80"; - }; - - # virtualisation.quadlet.enable = true; - virtualisation.podman = { - enable = true; - defaultNetwork.settings = { - dns_enabled = true; - # Override the default subnet as it overlaps with my LAN. - subnets = [ - { - gateway = "172.16.0.1"; - subnet = "172.16.0.0/16"; - } - ]; - }; - }; - - fileSystems."/mnt/nuc/_NAS_Media" = { - device = "//10.1.0.1/_NAS_Media"; - fsType = "cifs"; - options = let - automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; - in ["${automount_opts},credentials=${config.age.secrets.smbSecrets.path},uid=100999,gid=10999,vers=1.0"]; - }; - - fileSystems."/mnt/nuc/Ix" = { - device = "//10.1.0.1/Ix"; - fsType = "cifs"; - options = let - automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; - in ["${automount_opts},credentials=${config.age.secrets.smbSecrets.path},uid=100999,gid=10999,vers=1.0"]; - }; + # Enable privileged ports for rootless pods + boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = "0"; environment.systemPackages = with pkgs; [ - cifs-utils helix podman-compose ]; diff --git a/systems/x86_64-linux/beryllium/disks.nix b/systems/x86_64-linux/beryllium/disks.nix new file mode 100644 index 0000000..f38ef77 --- /dev/null +++ b/systems/x86_64-linux/beryllium/disks.nix @@ -0,0 +1,61 @@ +{ + config, + pkgs, + ... +}: { + imports = [ + ./disko.nix + ]; + + elements.secrets.needs.smbSecrets = "smb-secrets.age"; + + # Set up two main drives for RAID 1 + disko.devices.disk = { + one.device = "/dev/sda"; + two.device = "/dev/sdb"; + }; + + # Install GRUB to both drives (/boot and /boot2) so that we'll be able to boot + # even if one of them fails + boot = { + loader = { + efi.canTouchEfiVariables = true; + grub = { + enable = true; + efiSupport = true; + device = "nodev"; + mirroredBoots = [ + { + devices = ["/dev/sda"]; + path = "/boot"; + } + { + devices = ["/dev/sdb"]; + path = "/boot2"; + } + ]; + }; + }; + + # Set up mdmon to notify me when one of the drives fails + swraid.mdadmConf = '' + MAILADDR raid@muehl.dev + ''; + }; + + # Mount the NAS locally via CIFS (Windows share) + fileSystems = builtins.listToAttrs ( + map (v: { + name = "/mnt/nuc/${v}"; + value = { + device = "//10.1.0.1/${v}"; + fsType = "cifs"; + options = let + automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; + in ["${automount_opts},credentials=${config.age.secrets.smbSecrets.path},uid=1000,gid=100,vers=1.0"]; + }; + }) ["_NAS_Media" "Ix"] + ); + + environment.systemPackages = [pkgs.cifs-utils]; +}