From f024159742df9f3b1dabc2e4fa9091f9a702235b Mon Sep 17 00:00:00 2001 From: Felix Albrigtsen Date: Sun, 20 Oct 2024 01:50:24 +0200 Subject: [PATCH] WIP: Init new backup server; bakke --- flake.nix | 5 ++ hosts/bakke/configuration.nix | 25 +++++++ hosts/bakke/disks.nix | 90 ++++++++++++++++++++++++++ hosts/bakke/filesystems.nix | 28 ++++++++ hosts/bakke/hardware-configuration.nix | 22 +++++++ values.nix | 4 ++ 6 files changed, 174 insertions(+) create mode 100644 hosts/bakke/configuration.nix create mode 100644 hosts/bakke/disks.nix create mode 100644 hosts/bakke/filesystems.nix create mode 100644 hosts/bakke/hardware-configuration.nix diff --git a/flake.nix b/flake.nix index b09a986..771f21e 100644 --- a/flake.nix +++ b/flake.nix @@ -79,6 +79,11 @@ stableNixosConfig = nixosConfig nixpkgs; unstableNixosConfig = nixosConfig nixpkgs-unstable; in { + bakke = stableNixosConfig "bakke" { + modules = [ + disko.nixosModules.disko + ]; + }; bicep = stableNixosConfig "bicep" { modules = [ inputs.matrix-next.nixosModules.default diff --git a/hosts/bakke/configuration.nix b/hosts/bakke/configuration.nix new file mode 100644 index 0000000..29435ce --- /dev/null +++ b/hosts/bakke/configuration.nix @@ -0,0 +1,25 @@ +{ config, pkgs, values, ... }: +{ + imports = [ + ./hardware-configuration.nix + ../../base + ../../misc/metrics-exporters.nix + ./filesystems.nix + ]; + + sops.defaultSopsFile = ../../secrets/bakke/bakke.yaml; + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + sops.age.keyFile = "/var/lib/sops-nix/key.txt"; + sops.age.generateKey = true; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "bakke"; + systemd.network.networks."30-enp2s0" = values.defaultNetworkConfig // { + matchConfig.Name = "enp2s0"; + address = with values.hosts.bakke; [ (ipv4 + "/25") (ipv6 + "/64") ]; + }; + + system.stateVersion = "23.05"; +} diff --git a/hosts/bakke/disks.nix b/hosts/bakke/disks.nix new file mode 100644 index 0000000..08a2c98 --- /dev/null +++ b/hosts/bakke/disks.nix @@ -0,0 +1,90 @@ +{ + # https://github.com/nix-community/disko/blob/master/example/boot-raid1.nix + disko.devices = { + disk = { + one = { + type = "disk"; + device = "/dev/disk/by-id/ata-WDC_WD40EFRX-68WT0N0_WD-WCC4E2EER6N6"; + content = { + type = "gpt"; + partitions = { + BOOT = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + ESP = { + size = "500M"; + type = "EF00"; + content = { + type = "mdraid"; + name = "boot"; + }; + }; + mdadm = { + size = "100%"; + content = { + type = "mdraid"; + name = "raid1"; + }; + }; + }; + }; + }; + two = { + type = "disk"; + device = "/dev/disk/by-id/ata-WDC_WD40EFRX-68WT0N0_WD-WCC4E7LPLU71"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + ESP = { + size = "500M"; + type = "EF00"; + content = { + type = "mdraid"; + name = "boot"; + }; + }; + mdadm = { + size = "100%"; + content = { + type = "mdraid"; + name = "raid1"; + }; + }; + }; + }; + }; + }; + mdadm = { + boot = { + type = "mdadm"; + level = 1; + metadata = "1.0"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + raid1 = { + type = "mdadm"; + level = 1; + content = { + type = "gpt"; + partitions.primary = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/bakke/filesystems.nix b/hosts/bakke/filesystems.nix new file mode 100644 index 0000000..8648924 --- /dev/null +++ b/hosts/bakke/filesystems.nix @@ -0,0 +1,28 @@ +{ config, pkgs, lib, ... }: +{ + # Boot drives: + imports = [ + ./boot-disks.nix + ]; + + # ZFS Data pool: + environment.systemPackages = with pkgs; [ zfs ]; + boot = { + zfs = { + extraPools = [ "tank" ]; + requestEncryptionCredentials = false; + }; + supportedFilesystems = [ "zfs" ]; + kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + }; + services.zfs.autoScrub = { + enable = true; + interval = "Wed *-*-8..14 00:00:00"; + }; + + # NFS Exports: + #TODO + + # NFS Import mounts: + #TODO +} diff --git a/hosts/bakke/hardware-configuration.nix b/hosts/bakke/hardware-configuration.nix new file mode 100644 index 0000000..2c5e7b1 --- /dev/null +++ b/hosts/bakke/hardware-configuration.nix @@ -0,0 +1,22 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + swapDevices = [ ]; #TODO + + networking.useDHCP = lib.mkDefault false; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/values.nix b/values.nix index 2e9d266..7ccf30b 100644 --- a/values.nix +++ b/values.nix @@ -27,6 +27,10 @@ in rec { gateway = pvv-ipv4 129; gateway6 = pvv-ipv6 1; + bakke = { + ipv4 = pvv-ipv4 173; + ipv6 = pvv-ipv6 173; + }; bekkalokk = { ipv4 = pvv-ipv4 168; ipv6 = pvv-ipv6 168;