toph/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Reorganize beryllium

Browse source
This commit is contained in:
Christopher Mühl 2025-09-22 13:31:12 +02:00
parent 27b0b35774
commit 492dd4fd8a
No known key found for this signature in database
GPG key ID: E919B0F59E14FD47
2 changed files with 67 additions and 78 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

84
systems/x86_64-linux/beryllium/default.nix
View file

@ -1,57 +1,17 @@
# ++ 4_Be: Beryllium
#
# NUC / HomeLab environment
{
lib,
config,
pkgs,
...
}: {
{pkgs, ...}: {
imports = [
./hardware.nix
./disko.nix
./disks.nix
];
# Set up two main drives for RAID 1
disko.devices.disk = {
one.device = "/dev/sda";
two.device = "/dev/sdb";
};
boot = {
loader = {
efi.canTouchEfiVariables = true;
grub = {
enable = true;
efiSupport = true;
device = "nodev";
mirroredBoots = [
{
devices = ["/dev/sda"];
path = "/boot";
}
{
devices = ["/dev/sdb"];
path = "/boot2";
}
];
};
};
# Set up mdmon to notify me when one of the drives fails
swraid.mdadmConf = ''
MAILADDR raid@muehl.dev
'';
};
elements = {
hostname = "beryllium";
users = ["christopher"];
secrets = {
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBUKDCjB0VpQubi8BfnYKbh4MIE1tcvKQesdoPE4NXAf";
needs = {
smbSecrets = "smb-secrets.age";
};
};
};
@ -74,46 +34,14 @@
enable = true;
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMkUPOw28Cu2LMuzfmvjT/L2ToNHcADwGyGvSpJ4wH2T";
};
apcupsd.enable = true;
};
boot.kernel.sysctl = {
# We require this so that a rootless traefik can bind to port 80.
"net.ipv4.ip_unprivileged_port_start" = "80";
};
# virtualisation.quadlet.enable = true;
virtualisation.podman = {
enable = true;
defaultNetwork.settings = {
dns_enabled = true;
# Override the default subnet as it overlaps with my LAN.
subnets = [
{
gateway = "172.16.0.1";
subnet = "172.16.0.0/16";
}
];
};
};
fileSystems."/mnt/nuc/_NAS_Media" = {
device = "//10.1.0.1/_NAS_Media";
fsType = "cifs";
options = let
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in ["${automount_opts},credentials=${config.age.secrets.smbSecrets.path},uid=100999,gid=10999,vers=1.0"];
};
fileSystems."/mnt/nuc/Ix" = {
device = "//10.1.0.1/Ix";
fsType = "cifs";
options = let
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in ["${automount_opts},credentials=${config.age.secrets.smbSecrets.path},uid=100999,gid=10999,vers=1.0"];
};
# Enable privileged ports for rootless pods
boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = "0";
environment.systemPackages = with pkgs; [
cifs-utils
helix
podman-compose
];

61
systems/x86_64-linux/beryllium/disks.nix Normal file
View file

@ -0,0 +1,61 @@
{
config,
pkgs,
...
}: {
imports = [
./disko.nix
];
elements.secrets.needs.smbSecrets = "smb-secrets.age";
# Set up two main drives for RAID 1
disko.devices.disk = {
one.device = "/dev/sda";
two.device = "/dev/sdb";
};
# Install GRUB to both drives (/boot and /boot2) so that we'll be able to boot
# even if one of them fails
boot = {
loader = {
efi.canTouchEfiVariables = true;
grub = {
enable = true;
efiSupport = true;
device = "nodev";
mirroredBoots = [
{
devices = ["/dev/sda"];
path = "/boot";
}
{
devices = ["/dev/sdb"];
path = "/boot2";
}
];
};
};
# Set up mdmon to notify me when one of the drives fails
swraid.mdadmConf = ''
MAILADDR raid@muehl.dev
'';
};
# Mount the NAS locally via CIFS (Windows share)
fileSystems = builtins.listToAttrs (
map (v: {
name = "/mnt/nuc/${v}";
value = {
device = "//10.1.0.1/${v}";
fsType = "cifs";
options = let
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in ["${automount_opts},credentials=${config.age.secrets.smbSecrets.path},uid=1000,gid=100,vers=1.0"];
};
}) ["_NAS_Media" "Ix"]
);
environment.systemPackages = [pkgs.cifs-utils];
}