From 88ef04def8ee867f8529b6107821b845edefd1c0 Mon Sep 17 00:00:00 2001 From: Nikolaos Karaolidis Date: Tue, 1 Jul 2025 01:30:15 +0100 Subject: [PATCH] Add jupiter storage Signed-off-by: Nikolaos Karaolidis --- hosts/jupiter/configs/btrbk/default.nix | 29 +++++ hosts/jupiter/default.nix | 27 ++--- hosts/jupiter/format.nix | 112 ++++++++++-------- hosts/jupiter/users/nick/default.nix | 9 +- .../storm/configs/console/podman/default.nix | 8 +- hosts/jupiter/users/storm/default.nix | 9 +- 6 files changed, 123 insertions(+), 71 deletions(-) create mode 100644 hosts/jupiter/configs/btrbk/default.nix diff --git a/hosts/jupiter/configs/btrbk/default.nix b/hosts/jupiter/configs/btrbk/default.nix new file mode 100644 index 0000000..fa83831 --- /dev/null +++ b/hosts/jupiter/configs/btrbk/default.nix @@ -0,0 +1,29 @@ +{ ... }: +{ + systemd.tmpfiles.rules = [ + "d /mnt/storage/private.bak 0755 root root" + "d /mnt/storage/public.bak 0755 root root" + ]; + + services.btrbk.instances = { + mnt-storage-private = { + onCalendar = "hourly"; + settings.volume."/mnt/storage" = { + subvolume = "private"; + snapshot_dir = "private.bak"; + snapshot_preserve_min = "latest"; + snapshot_preserve = "48h 14d 4w 6m"; + }; + }; + + mnt-storage-public = { + onCalendar = "hourly"; + settings.volume."/mnt/storage" = { + subvolume = "public"; + snapshot_dir = "public.bak"; + snapshot_preserve_min = "latest"; + snapshot_preserve = "48h 14d 4w 6m"; + }; + }; + }; +} diff --git a/hosts/jupiter/default.nix b/hosts/jupiter/default.nix index be9d89e..cae25a6 100644 --- a/hosts/jupiter/default.nix +++ b/hosts/jupiter/default.nix @@ -31,34 +31,33 @@ ../common/configs/system/users ../common/configs/system/zsh + ./configs/btrbk ./configs/wireguard ./users/storm ./users/nick ]; - # TODO: DNS for .local networking.hostName = "jupiter"; boot.initrd = { - luks.devices.main.keyFile = "/usb/keyfile"; + luks.devices = { + main.keyFile = "/usb/keyfile"; + storage0.keyFile = "/usb/keyfile"; + storage1.keyFile = "/usb/keyfile"; + }; + systemd.contents."/etc/fstab".text = '' UUID=8E50-CD43 /usb vfat ro,umask=0377 ''; }; - # TODO: Enable - # fileSystems."/mnt/storage" = { - # label = "storage"; - # fsType = "btrfs"; - # options = [ - # "x-initrd.mount" - # "defaults" - # "subvol=@" - # "compress=zstd:5" - # "noatime" - # ]; - # }; + users.groups.storage = { }; + + systemd.tmpfiles.rules = [ + "v /mnt/storage/public 0770 root storage" + "v /mnt/storage/private 0755 root root" + ]; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEWDA5vnIB7KE2VG28Ovg5rXtQqxFwMXsfozLsH0BNZS nick@karaolidis.com" diff --git a/hosts/jupiter/format.nix b/hosts/jupiter/format.nix index 96eb80b..fec3464 100644 --- a/hosts/jupiter/format.nix +++ b/hosts/jupiter/format.nix @@ -85,60 +85,68 @@ }; }; - # TODO: Set to correct device - # storage0 = { - # device = "/dev/vdb"; - # type = "disk"; - # content = { - # type = "gpt"; - # partitions = { - # root = { - # name = "root"; - # size = "100%"; - # content = { - # name = "storage0"; - # type = "luks"; - # passwordFile = "/tmp/keyfile"; - # settings = { - # allowDiscards = true; - # }; - # }; - # }; - # }; - # }; - # }; + storage0 = { + device = "/dev/disk/by-id/ata-TOSHIBA_MG08ACA16TE_51K0A2KEFWTG"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + root = { + name = "root"; + size = "100%"; + content = { + name = "storage0"; + type = "luks"; + passwordFile = "/tmp/keyfile"; + settings = { + allowDiscards = true; + }; + }; + }; + }; + }; + }; - # TODO: Set to correct device - # storage1 = { - # device = "/dev/vdc"; - # type = "disk"; - # content = { - # type = "gpt"; - # partitions = { - # root = { - # name = "root"; - # size = "100%"; - # content = { - # name = "storage1"; - # type = "luks"; - # passwordFile = "/tmp/keyfile"; - # settings = { - # allowDiscards = true; - # }; + storage1 = { + device = "/dev/disk/by-id/ata-TOSHIBA_MG08ACA16TE_51K0A1WVFWTG"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + root = { + name = "root"; + size = "100%"; + content = { + name = "storage1"; + type = "luks"; + passwordFile = "/tmp/keyfile"; + settings = { + allowDiscards = true; + }; - # # storageN content must be placed on last alphabetical drive - # content = { - # type = "btrfs"; - # extraArgs = [ "-f -L storage -m raid1 -d raid1 /dev/mapper/storage0" ]; - # subvolumes = { - # "@" = { }; - # }; - # }; - # }; - # }; - # }; - # }; - # }; + content = { + type = "btrfs"; + extraArgs = [ "-f -L storage -m raid1 -d raid1 /dev/mapper/storage0" ]; + subvolumes = + let + mountOptions = [ + "compress=zstd:5" + "noatime" + "user_subvol_rm_allowed" + ]; + in + { + "@" = { + mountpoint = "/mnt/storage"; + inherit mountOptions; + }; + }; + }; + }; + }; + }; + }; + }; }; }; } diff --git a/hosts/jupiter/users/nick/default.nix b/hosts/jupiter/users/nick/default.nix index efcae25..aff8255 100644 --- a/hosts/jupiter/users/nick/default.nix +++ b/hosts/jupiter/users/nick/default.nix @@ -50,7 +50,10 @@ in fullName = "Nikolaos Karaolidis"; description = "Nikolaos Karaolidis"; hashedPasswordFile = config.sops.secrets."${user}-password".path; - extraGroups = [ "wheel" ]; + extraGroups = [ + "wheel" + "storage" + ]; linger = true; uid = lib.strings.toInt (builtins.readFile ./uid); openssh.authorizedKeys.keys = [ @@ -62,4 +65,8 @@ in username = user; homeDirectory = home; }; + + systemd.tmpfiles.rules = [ + "d /mnt/storage/private/${user} 0700 ${user} ${config.users.users.${user}.group}" + ]; } diff --git a/hosts/jupiter/users/storm/configs/console/podman/default.nix b/hosts/jupiter/users/storm/configs/console/podman/default.nix index 945c369..0c34d51 100644 --- a/hosts/jupiter/users/storm/configs/console/podman/default.nix +++ b/hosts/jupiter/users/storm/configs/console/podman/default.nix @@ -28,9 +28,11 @@ in }; home-manager.users.${user} = { - virtualisation.quadlet = { - autoUpdate.enable = true; - }; + virtualisation.quadlet.autoUpdate.enable = true; + + systemd.user.tmpfiles.rules = [ + "d /mnt/storage/private/storm/containers/storage/volumes 700 storm storm" + ]; sops = { secrets."registry/docker.io".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; diff --git a/hosts/jupiter/users/storm/default.nix b/hosts/jupiter/users/storm/default.nix index a264329..77d89fc 100644 --- a/hosts/jupiter/users/storm/default.nix +++ b/hosts/jupiter/users/storm/default.nix @@ -33,7 +33,10 @@ in createHome = true; description = "Container Runner"; hashedPasswordFile = config.sops.secrets."${user}-password".path; - extraGroups = [ "wheel" ]; + extraGroups = [ + "wheel" + "storage" + ]; linger = true; uid = lib.strings.toInt (builtins.readFile ./uid); group = user; @@ -51,4 +54,8 @@ in username = user; homeDirectory = home; }; + + systemd.tmpfiles.rules = [ + "d /mnt/storage/private/${user} 0700 ${user} ${config.users.users.${user}.group}" + ]; }