karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add jupiter storage

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-07-01 01:30:15 +01:00
parent 68e6eddd22
commit 88ef04def8
6 changed files with 123 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
hosts/jupiter/configs/btrbk/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{ ... }:
{
systemd.tmpfiles.rules = [
"d /mnt/storage/private.bak 0755 root root"
"d /mnt/storage/public.bak 0755 root root"
];
services.btrbk.instances = {
mnt-storage-private = {
onCalendar = "hourly";
settings.volume."/mnt/storage" = {
subvolume = "private";
snapshot_dir = "private.bak";
snapshot_preserve_min = "latest";
snapshot_preserve = "48h 14d 4w 6m";
};
};
mnt-storage-public = {
onCalendar = "hourly";
settings.volume."/mnt/storage" = {
subvolume = "public";
snapshot_dir = "public.bak";
snapshot_preserve_min = "latest";
snapshot_preserve = "48h 14d 4w 6m";
};
};
};
}

27
hosts/jupiter/default.nix
View File

@@ -31,34 +31,33 @@
../common/configs/system/users
../common/configs/system/zsh
./configs/btrbk
./configs/wireguard
./users/storm
./users/nick
];
# TODO: DNS for .local
networking.hostName = "jupiter";
boot.initrd = {
luks.devices.main.keyFile = "/usb/keyfile";
luks.devices = {
main.keyFile = "/usb/keyfile";
storage0.keyFile = "/usb/keyfile";
storage1.keyFile = "/usb/keyfile";
};
systemd.contents."/etc/fstab".text = ''
UUID=8E50-CD43 /usb vfat ro,umask=0377
'';
};
# TODO: Enable
# fileSystems."/mnt/storage" = {
# label = "storage";
# fsType = "btrfs";
# options = [
# "x-initrd.mount"
# "defaults"
# "subvol=@"
# "compress=zstd:5"
# "noatime"
# ];
# };
users.groups.storage = { };
systemd.tmpfiles.rules = [
"v /mnt/storage/public 0770 root storage"
"v /mnt/storage/private 0755 root root"
];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEWDA5vnIB7KE2VG28Ovg5rXtQqxFwMXsfozLsH0BNZS nick@karaolidis.com"

112
hosts/jupiter/format.nix
View File

@@ -85,60 +85,68 @@
};
};
# TODO: Set to correct device
# storage0 = {
# device = "/dev/vdb";
# type = "disk";
# content = {
# type = "gpt";
# partitions = {
# root = {
# name = "root";
# size = "100%";
# content = {
# name = "storage0";
# type = "luks";
# passwordFile = "/tmp/keyfile";
# settings = {
# allowDiscards = true;
# };
# };
# };
# };
# };
# };
storage0 = {
device = "/dev/disk/by-id/ata-TOSHIBA_MG08ACA16TE_51K0A2KEFWTG";
type = "disk";
content = {
type = "gpt";
partitions = {
root = {
name = "root";
size = "100%";
content = {
name = "storage0";
type = "luks";
passwordFile = "/tmp/keyfile";
settings = {
allowDiscards = true;
};
};
};
};
};
};
# TODO: Set to correct device
# storage1 = {
# device = "/dev/vdc";
# type = "disk";
# content = {
# type = "gpt";
# partitions = {
# root = {
# name = "root";
# size = "100%";
# content = {
# name = "storage1";
# type = "luks";
# passwordFile = "/tmp/keyfile";
# settings = {
# allowDiscards = true;
# };
storage1 = {
device = "/dev/disk/by-id/ata-TOSHIBA_MG08ACA16TE_51K0A1WVFWTG";
type = "disk";
content = {
type = "gpt";
partitions = {
root = {
name = "root";
size = "100%";
content = {
name = "storage1";
type = "luks";
passwordFile = "/tmp/keyfile";
settings = {
allowDiscards = true;
};
# # storageN content must be placed on last alphabetical drive
# content = {
# type = "btrfs";
# extraArgs = [ "-f -L storage -m raid1 -d raid1 /dev/mapper/storage0" ];
# subvolumes = {
# "@" = { };
# };
# };
# };
# };
# };
# };
# };
content = {
type = "btrfs";
extraArgs = [ "-f -L storage -m raid1 -d raid1 /dev/mapper/storage0" ];
subvolumes =
let
mountOptions = [
"compress=zstd:5"
"noatime"
"user_subvol_rm_allowed"
];
in
{
"@" = {
mountpoint = "/mnt/storage";
inherit mountOptions;
};
};
};
};
};
};
};
};
};
};
}

9
hosts/jupiter/users/nick/default.nix
View File

@@ -50,7 +50,10 @@ in
fullName = "Nikolaos Karaolidis";
description = "Nikolaos Karaolidis";
hashedPasswordFile = config.sops.secrets."${user}-password".path;
extraGroups = [ "wheel" ];
extraGroups = [
"wheel"
"storage"
];
linger = true;
uid = lib.strings.toInt (builtins.readFile ./uid);
openssh.authorizedKeys.keys = [
@@ -62,4 +65,8 @@ in
username = user;
homeDirectory = home;
};
systemd.tmpfiles.rules = [
"d /mnt/storage/private/${user} 0700 ${user} ${config.users.users.${user}.group}"
];
}

8
hosts/jupiter/users/storm/configs/console/podman/default.nix
View File

@@ -28,9 +28,11 @@ in
};
home-manager.users.${user} = {
virtualisation.quadlet = {
autoUpdate.enable = true;
};
virtualisation.quadlet.autoUpdate.enable = true;
systemd.user.tmpfiles.rules = [
"d /mnt/storage/private/storm/containers/storage/volumes 700 storm storm"
];
sops = {
secrets."registry/docker.io".sopsFile = ../../../../../../../secrets/personal/secrets.yaml;

9
hosts/jupiter/users/storm/default.nix
View File

@@ -33,7 +33,10 @@ in
createHome = true;
description = "Container Runner";
hashedPasswordFile = config.sops.secrets."${user}-password".path;
extraGroups = [ "wheel" ];
extraGroups = [
"wheel"
"storage"
];
linger = true;
uid = lib.strings.toInt (builtins.readFile ./uid);
group = user;
@@ -51,4 +54,8 @@ in
username = user;
homeDirectory = home;
};
systemd.tmpfiles.rules = [
"d /mnt/storage/private/${user} 0700 ${user} ${config.users.users.${user}.group}"
];
}