Add jupiter storage
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
29
hosts/jupiter/configs/btrbk/default.nix
Normal file
29
hosts/jupiter/configs/btrbk/default.nix
Normal file
@@ -0,0 +1,29 @@
|
|||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d /mnt/storage/private.bak 0755 root root"
|
||||||
|
"d /mnt/storage/public.bak 0755 root root"
|
||||||
|
];
|
||||||
|
|
||||||
|
services.btrbk.instances = {
|
||||||
|
mnt-storage-private = {
|
||||||
|
onCalendar = "hourly";
|
||||||
|
settings.volume."/mnt/storage" = {
|
||||||
|
subvolume = "private";
|
||||||
|
snapshot_dir = "private.bak";
|
||||||
|
snapshot_preserve_min = "latest";
|
||||||
|
snapshot_preserve = "48h 14d 4w 6m";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
mnt-storage-public = {
|
||||||
|
onCalendar = "hourly";
|
||||||
|
settings.volume."/mnt/storage" = {
|
||||||
|
subvolume = "public";
|
||||||
|
snapshot_dir = "public.bak";
|
||||||
|
snapshot_preserve_min = "latest";
|
||||||
|
snapshot_preserve = "48h 14d 4w 6m";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
@@ -31,34 +31,33 @@
|
|||||||
../common/configs/system/users
|
../common/configs/system/users
|
||||||
../common/configs/system/zsh
|
../common/configs/system/zsh
|
||||||
|
|
||||||
|
./configs/btrbk
|
||||||
./configs/wireguard
|
./configs/wireguard
|
||||||
|
|
||||||
./users/storm
|
./users/storm
|
||||||
./users/nick
|
./users/nick
|
||||||
];
|
];
|
||||||
|
|
||||||
# TODO: DNS for .local
|
|
||||||
networking.hostName = "jupiter";
|
networking.hostName = "jupiter";
|
||||||
|
|
||||||
boot.initrd = {
|
boot.initrd = {
|
||||||
luks.devices.main.keyFile = "/usb/keyfile";
|
luks.devices = {
|
||||||
|
main.keyFile = "/usb/keyfile";
|
||||||
|
storage0.keyFile = "/usb/keyfile";
|
||||||
|
storage1.keyFile = "/usb/keyfile";
|
||||||
|
};
|
||||||
|
|
||||||
systemd.contents."/etc/fstab".text = ''
|
systemd.contents."/etc/fstab".text = ''
|
||||||
UUID=8E50-CD43 /usb vfat ro,umask=0377
|
UUID=8E50-CD43 /usb vfat ro,umask=0377
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO: Enable
|
users.groups.storage = { };
|
||||||
# fileSystems."/mnt/storage" = {
|
|
||||||
# label = "storage";
|
systemd.tmpfiles.rules = [
|
||||||
# fsType = "btrfs";
|
"v /mnt/storage/public 0770 root storage"
|
||||||
# options = [
|
"v /mnt/storage/private 0755 root root"
|
||||||
# "x-initrd.mount"
|
];
|
||||||
# "defaults"
|
|
||||||
# "subvol=@"
|
|
||||||
# "compress=zstd:5"
|
|
||||||
# "noatime"
|
|
||||||
# ];
|
|
||||||
# };
|
|
||||||
|
|
||||||
users.users.root.openssh.authorizedKeys.keys = [
|
users.users.root.openssh.authorizedKeys.keys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEWDA5vnIB7KE2VG28Ovg5rXtQqxFwMXsfozLsH0BNZS nick@karaolidis.com"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEWDA5vnIB7KE2VG28Ovg5rXtQqxFwMXsfozLsH0BNZS nick@karaolidis.com"
|
||||||
|
|||||||
@@ -85,60 +85,68 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO: Set to correct device
|
storage0 = {
|
||||||
# storage0 = {
|
device = "/dev/disk/by-id/ata-TOSHIBA_MG08ACA16TE_51K0A2KEFWTG";
|
||||||
# device = "/dev/vdb";
|
type = "disk";
|
||||||
# type = "disk";
|
content = {
|
||||||
# content = {
|
type = "gpt";
|
||||||
# type = "gpt";
|
partitions = {
|
||||||
# partitions = {
|
root = {
|
||||||
# root = {
|
name = "root";
|
||||||
# name = "root";
|
size = "100%";
|
||||||
# size = "100%";
|
content = {
|
||||||
# content = {
|
name = "storage0";
|
||||||
# name = "storage0";
|
type = "luks";
|
||||||
# type = "luks";
|
passwordFile = "/tmp/keyfile";
|
||||||
# passwordFile = "/tmp/keyfile";
|
settings = {
|
||||||
# settings = {
|
allowDiscards = true;
|
||||||
# allowDiscards = true;
|
};
|
||||||
# };
|
};
|
||||||
# };
|
};
|
||||||
# };
|
};
|
||||||
# };
|
};
|
||||||
# };
|
};
|
||||||
# };
|
|
||||||
|
|
||||||
# TODO: Set to correct device
|
storage1 = {
|
||||||
# storage1 = {
|
device = "/dev/disk/by-id/ata-TOSHIBA_MG08ACA16TE_51K0A1WVFWTG";
|
||||||
# device = "/dev/vdc";
|
type = "disk";
|
||||||
# type = "disk";
|
content = {
|
||||||
# content = {
|
type = "gpt";
|
||||||
# type = "gpt";
|
partitions = {
|
||||||
# partitions = {
|
root = {
|
||||||
# root = {
|
name = "root";
|
||||||
# name = "root";
|
size = "100%";
|
||||||
# size = "100%";
|
content = {
|
||||||
# content = {
|
name = "storage1";
|
||||||
# name = "storage1";
|
type = "luks";
|
||||||
# type = "luks";
|
passwordFile = "/tmp/keyfile";
|
||||||
# passwordFile = "/tmp/keyfile";
|
settings = {
|
||||||
# settings = {
|
allowDiscards = true;
|
||||||
# allowDiscards = true;
|
};
|
||||||
# };
|
|
||||||
|
|
||||||
# # storageN content must be placed on last alphabetical drive
|
content = {
|
||||||
# content = {
|
type = "btrfs";
|
||||||
# type = "btrfs";
|
extraArgs = [ "-f -L storage -m raid1 -d raid1 /dev/mapper/storage0" ];
|
||||||
# extraArgs = [ "-f -L storage -m raid1 -d raid1 /dev/mapper/storage0" ];
|
subvolumes =
|
||||||
# subvolumes = {
|
let
|
||||||
# "@" = { };
|
mountOptions = [
|
||||||
# };
|
"compress=zstd:5"
|
||||||
# };
|
"noatime"
|
||||||
# };
|
"user_subvol_rm_allowed"
|
||||||
# };
|
];
|
||||||
# };
|
in
|
||||||
# };
|
{
|
||||||
# };
|
"@" = {
|
||||||
|
mountpoint = "/mnt/storage";
|
||||||
|
inherit mountOptions;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -50,7 +50,10 @@ in
|
|||||||
fullName = "Nikolaos Karaolidis";
|
fullName = "Nikolaos Karaolidis";
|
||||||
description = "Nikolaos Karaolidis";
|
description = "Nikolaos Karaolidis";
|
||||||
hashedPasswordFile = config.sops.secrets."${user}-password".path;
|
hashedPasswordFile = config.sops.secrets."${user}-password".path;
|
||||||
extraGroups = [ "wheel" ];
|
extraGroups = [
|
||||||
|
"wheel"
|
||||||
|
"storage"
|
||||||
|
];
|
||||||
linger = true;
|
linger = true;
|
||||||
uid = lib.strings.toInt (builtins.readFile ./uid);
|
uid = lib.strings.toInt (builtins.readFile ./uid);
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
@@ -62,4 +65,8 @@ in
|
|||||||
username = user;
|
username = user;
|
||||||
homeDirectory = home;
|
homeDirectory = home;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d /mnt/storage/private/${user} 0700 ${user} ${config.users.users.${user}.group}"
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -28,9 +28,11 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
home-manager.users.${user} = {
|
home-manager.users.${user} = {
|
||||||
virtualisation.quadlet = {
|
virtualisation.quadlet.autoUpdate.enable = true;
|
||||||
autoUpdate.enable = true;
|
|
||||||
};
|
systemd.user.tmpfiles.rules = [
|
||||||
|
"d /mnt/storage/private/storm/containers/storage/volumes 700 storm storm"
|
||||||
|
];
|
||||||
|
|
||||||
sops = {
|
sops = {
|
||||||
secrets."registry/docker.io".sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
|
secrets."registry/docker.io".sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
|
||||||
|
|||||||
@@ -33,7 +33,10 @@ in
|
|||||||
createHome = true;
|
createHome = true;
|
||||||
description = "Container Runner";
|
description = "Container Runner";
|
||||||
hashedPasswordFile = config.sops.secrets."${user}-password".path;
|
hashedPasswordFile = config.sops.secrets."${user}-password".path;
|
||||||
extraGroups = [ "wheel" ];
|
extraGroups = [
|
||||||
|
"wheel"
|
||||||
|
"storage"
|
||||||
|
];
|
||||||
linger = true;
|
linger = true;
|
||||||
uid = lib.strings.toInt (builtins.readFile ./uid);
|
uid = lib.strings.toInt (builtins.readFile ./uid);
|
||||||
group = user;
|
group = user;
|
||||||
@@ -51,4 +54,8 @@ in
|
|||||||
username = user;
|
username = user;
|
||||||
homeDirectory = home;
|
homeDirectory = home;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d /mnt/storage/private/${user} 0700 ${user} ${config.users.users.${user}.group}"
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user