# SPDX-FileCopyrightText: 2020 Luke Granger-Brown # # SPDX-License-Identifier: Apache-2.0 { depot, lib, pkgs, rebuilder, config, ... }: let inherit (depot.ops) secrets; in { imports = [ ../lib/zfs.nix ]; boot.initrd.availableKernelModules = [ "ahci" "ohci_pci" "ehci_pci" "pata_atiixp" "uhci_hcd" "be2iscsi" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; boot.kernelModules = [ "kvm-amd" "acpi_power_meter" "acpi_ipmi" "ipmi_si" ]; boot.kernelParams = [ "mitigations=off" ]; fileSystems = let zfs = device: { device = device; fsType = "zfs"; }; in { "/" = zfs "tank/local/root"; "/tmp" = zfs "tank/local/tmp"; "/nix" = zfs "tank/local/nix"; "/var" = zfs "tank/safe/var"; "/home" = zfs "tank/safe/home"; "/boot" = { device = "/dev/disk/by-label/boot"; fsType = "ext4"; }; }; boot.loader.grub.enable = true; boot.loader.grub.version = 2; # Networking! networking = { domain = "house.as205479.net"; nameservers = ["8.8.8.8" "8.8.4.4"]; useDHCP = false; bridges = let br = interfaces: { interfaces = lib.mkDefault interfaces; rstp = false; }; in { br-mgmt = br [ "enp4s0f0" ]; br-storage = br [ "enp4s0f1" ]; br-ext = br [ "enp4s0f2" ]; }; defaultGateway = "192.168.1.5"; firewall.allowedTCPPorts = lib.mkIf config.services.ceph.enable [ 6789 3300 ]; firewall.allowedTCPPortRanges = lib.mkIf config.services.ceph.enable [{ from = 6800; to = 7300; }]; }; virtualisation.podman.enable = true; environment.systemPackages = with pkgs; [ ceph xfsprogs ]; services.ceph = { enable = true; global.fsid = "521a59a5-a597-4432-b248-1ecd3c76ca4c"; global.monHost = "192.168.1.180, 192.168.1.181, 192.168.1.184"; global.monInitialMembers = "blade-janeway, blade-tuvok, blade-paris"; mon.daemons = [ config.networking.hostName ]; mds.daemons = [ config.networking.hostName ]; rgw.daemons = [ config.networking.hostName ]; mgr.daemons = [ config.networking.hostName ]; mgr.enable = config.services.ceph.mon.enable; rgw.enable = true; }; systemd.services.ceph-osd-lvm-activate = lib.mkIf config.services.ceph.osd.enable { enable = true; description = "Ceph OSD pre-start"; before = [ "network-online.target" "ceph-osd.target" ]; wantedBy = [ "ceph-osd.target" ]; path = [ pkgs.lvm2.bin pkgs.util-linux pkgs.coreutils ]; serviceConfig = { Type = "oneshot"; ExecStart = "${pkgs.ceph.out}/bin/ceph-volume lvm activate --all --no-systemd"; }; }; virtualisation.libvirtd = { enable = true; qemuRunAsRoot = false; qemuPackage = pkgs.qemu_full; package = pkgs.libvirt.override { enableCeph = true; enableIscsi = true; }; }; security.polkit.enable = true; users.users.lukegb.extraGroups = lib.mkAfter [ "libvirtd" ]; system.stateVersion = "21.05"; }