Convert lewis to kubernetes node

Install tmux on servers
Mount jellyfin media locally
This commit is contained in:
Pim Kunis 2024-05-26 14:34:19 +02:00
parent 266d7d905c
commit 007ff1e438
12 changed files with 39 additions and 153 deletions

View file

@ -80,6 +80,7 @@
fio
libva-utils
jq
tmux
];
boot = lib.mkIf (! machine.isRaspberryPi) {

View file

@ -49,7 +49,7 @@
defaultDataPath = "/mnt/longhorn";
storageMinimalAvailablePercentage = 0;
allowRecurringJobWhileVolumeDetached = true;
backupTarget = "nfs://lewis.dmz:/mnt/data/nfs/longhorn-backup";
backupTarget = "nfs://lewis.dmz:/mnt/longhorn/persistent/longhorn-backup";
};
persistence = {

View file

@ -26,7 +26,7 @@ in
nfs = {
server = "lewis.dmz";
path = "/mnt/data/nfs/${nfsVolume.path}";
path = "/mnt/longhorn/persistent/${nfsVolume.path}";
};
};
})

View file

@ -77,13 +77,24 @@
volumes = {
config.persistentVolumeClaim.claimName = "jellyfin";
media.persistentVolumeClaim.claimName = "media";
media.hostPath = {
path = "/mnt/longhorn/persistent/media";
type = "Directory";
};
};
securityContext = {
fsGroup = 0;
fsGroupChangePolicy = "OnRootMismatch";
};
affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms = [{
matchExpressions = [{
key = "hasMedia";
operator = "In";
values = [ "true" ];
}];
}];
};
};
};

View file

@ -4,10 +4,6 @@
kubernetesNodeLabels.storageType = "slow";
nixosModule.lab = {
storage = {
kubernetesNode = true;
};
k3s = {
enable = true;
serverAddr = "https://jefke.dmz:6443";

View file

@ -4,10 +4,6 @@
kubernetesNodeLabels.storageType = "fast";
nixosModule.lab = {
storage = {
kubernetesNode = true;
};
k3s = {
enable = true;
clusterInit = true;

View file

@ -1,15 +1,19 @@
{
machines.lewis = {
arch = "x86_64-linux";
kubernetesNodeLabels = {
storageType = "fast";
hasMedia = "true";
};
nixosModule = {
lab = {
backups.enable = true;
data-sharing.enable = true;
storage = {
osDisk = "/dev/sda";
dataPartition = "/dev/nvme0n1p1";
k3s = {
enable = true;
serverAddr = "https://jefke.dmz:6443";
};
};
};

View file

@ -1,19 +1,12 @@
{ pkgs, lib, config, ... }:
let
cfg = config.lab.backups;
beforeEverything = pkgs.writeShellScriptBin "beforeEverything" ''
if [ -d "${cfg.snapshotLocation}" ]; then
${pkgs.btrfs-progs}/bin/btrfs subvolume delete ${cfg.snapshotLocation}
fi
${pkgs.btrfs-progs}/bin/btrfs subvolume snapshot -r ${cfg.subvolumeLocation} ${cfg.snapshotLocation}
'';
borgmaticConfig = pkgs.writeTextFile {
name = "borgmatic-config.yaml";
text = lib.generators.toYAML { } {
source_directories = [ cfg.snapshotLocation ];
source_directories = [ "/mnt/longhorn/persistent/longhorn-backup" ];
repositories = [
{
@ -26,16 +19,12 @@ let
}
];
exclude_patterns = [ "${cfg.snapshotLocation}/media" ];
ssh_command = "${pkgs.openssh}/bin/ssh -i ${config.age.secrets."borgbase.pem".path} -o StrictHostKeychecking=no";
keep_daily = 7;
keep_weekly = 4;
keep_monthly = 12;
keep_yearly = -1;
encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets."borg_passphrase".path}";
before_everything = [ "${beforeEverything}/bin/beforeEverything" ];
postgresql_databases = [ ];
};
};
in
@ -50,32 +39,16 @@ in
};
repoLocation = lib.mkOption {
default = "${config.lab.storage.dataMountPoint}/backups/nfs.borg";
default = "/mnt/longhorn/persistent/nfs.borg";
type = lib.types.str;
description = ''
Location of the Borg repository to back up to.
'';
};
subvolumeLocation = lib.mkOption {
default = "${config.lab.storage.dataMountPoint}/nfs";
type = lib.types.str;
description = ''
Location of the btrfs subvolume holding the data.
'';
};
snapshotLocation = lib.mkOption {
default = "${config.lab.storage.dataMountPoint}/snapshot-nfs";
type = lib.types.str;
description = ''
Location to (temporary) create a snapshot of the subvolume.
'';
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ borgbackup postgresql ];
environment.systemPackages = with pkgs; [ borgbackup ];
# Converted from:
# https://github.com/borgmatic-collective/borgmatic/tree/84823dfb912db650936e3492f6ead7e0e0d32a0f/sample/systemd
systemd.services.borgmatic = {
@ -84,7 +57,6 @@ in
after = [ "network-online.target" ];
unitConfig.ConditionACPower = true;
preStart = "${pkgs.coreutils}/bin/sleep 10s";
path = with pkgs; [ postgresql ];
serviceConfig = {
Type = "oneshot";
@ -95,7 +67,6 @@ in
IOWeight = 100;
Restart = "no";
LogRateLimitIntervalSec = 0;
EnvironmentFile = config.age.secrets."database_passwords.env".path;
Environment = "BORG_PASSPHRASE_FILE=${config.age.secrets."borg_passphrase".path}";
};
@ -113,7 +84,6 @@ in
};
age.secrets = {
"database_passwords.env".file = ../secrets/database_passwords.env.age;
"borg_passphrase".file = ../secrets/borg_passphrase.age;
"borgbase.pem".file = ../secrets/borgbase.pem.age;
};

View file

@ -3,18 +3,18 @@ let
cfg = config.lab.data-sharing;
nfsShares = [
"/media"
"/media/books"
"/media/movies"
"/media/music"
"/media/shows"
"/longhorn-backup"
"/mnt/longhorn/persistent/media"
"/mnt/longhorn/persistent/media/books"
"/mnt/longhorn/persistent/media/movies"
"/mnt/longhorn/persistent/media/music"
"/mnt/longhorn/persistent/media/shows"
"/mnt/longhorn/persistent/longhorn-backup"
];
nfsExports = lib.strings.concatLines (
builtins.map
(share:
"${cfg.nfsRoot}${share} 192.168.30.0/16(rw,sync,no_subtree_check,no_root_squash)"
"${share} 192.168.30.0/16(rw,sync,no_subtree_check,no_root_squash) 127.0.0.1/8(rw,sync,no_subtree_check,no_root_squash)"
)
nfsShares
);
@ -28,20 +28,11 @@ in
Configure this server to serve our data using NFS and PostgreSQL.
'';
};
nfsRoot = lib.mkOption {
default = "/mnt/data/nfs";
type = lib.types.str;
description = ''
Root directory of NFS data.
'';
};
};
config = lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [
2049 # NFS
5432 # PostgeSQL
111 # NFS
20048 # NFS
];

View file

@ -8,47 +8,16 @@ in {
The disk to be used for the machine's operating system.
'';
};
dataPartition = lib.mkOption {
default = null;
type = lib.types.nullOr lib.types.str;
description = ''
Partition to be used for data storage on this machine.
'';
};
dataMountPoint = lib.mkOption {
default = "/mnt/data";
type = lib.types.str;
description = ''
Mount point of the machine's data partition.
'';
};
kubernetesNode = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Whether to apply the Kubernetes disk setup.
'';
};
};
config = {
fileSystems = lib.attrsets.mergeAttrsList [
(lib.optionalAttrs ((! machine.isRaspberryPi) && (! cfg.kubernetesNode)) {
"${cfg.dataMountPoint}".device = cfg.dataPartition;
})
(lib.optionalAttrs machine.isRaspberryPi {
"/" = {
fileSystems."/" = lib.mkIf machine.isRaspberryPi {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
options = [ "noatime" ];
};
})
];
disko = lib.mkIf (! machine.isRaspberryPi) (if cfg.kubernetesNode then {
disko = lib.mkIf (! machine.isRaspberryPi) {
devices = {
disk = {
nvme = {
@ -148,41 +117,6 @@ in {
};
};
};
} else {
# TODO: Rename this to 'osDisk'. Unfortunately, we would need to run nixos-anywhere again then.
devices.disk.vdb = {
device = cfg.osDisk;
type = "disk";
content = {
type = "gpt";
partitions = {
swap.size = "100%";
ESP = {
type = "EF00";
size = "500M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
end = "-4G";
content = {
type = "filesystem";
format = "btrfs";
mountpoint = "/";
};
};
};
};
};
});
};
}

View file

@ -1,16 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 UwNSRQ XKuX/onJklTJ1ws0svIwJy1PZN1MHsf5+N3z7XGvCyY
JkyemSdV/ZcbjWLrwYLhKCE4Ln2seLR0WyYXGMepgBw
-> ssh-ed25519 JJ7S4A 9wzkTABOPcmTG7LNWvZa7dKG0Ingf+KDckZ1tL2c3QQ
IkxcStI4kwXkWj+j3PWl7FdyoVMVsiH9SZBnyffbcYQ
-> ssh-ed25519 aqswPA 3i/v1qWLseD+FrPrnAXtSoK98a6Nrb3XrHinp2QPTn0
RxuPM1oICEoF5oZAyQlCm+fOivI9sfZenZSlOGBIZK8
-> ssh-ed25519 LAPUww MkvAMN/fZiV66+ub4Q/CDTIxJ3N3cMWBT0SQajespR0
uh6SGtxR3BvsU/fTTTOnsNXD+bHNYMhTAFoc3QUtMr8
-> ssh-ed25519 vBZj5g Jiu1sEmlws4eFPriuL2oS99Q9tFCyf4Zkv/khLONvT0
cLLHcvmIb1Nb7eVmKJyYdvfulgbcZ73N0x6GWyKeJPs
-> ssh-ed25519 QP0PgA A1Raf1CiVJ5tnJXRIeS0VpCUNX/iYNzGozQxApY9KGM
998c6IZfPNW8uMttkK8xGp1hgKXBcrwuBOgOpXWPCu8
--- /Qv6sfhphlYb9WtWdmPt6RZJPHxBO4jCSgauazsHIt8
1kYiL7¸<37>Áª-Ç}—`ýŠƒÇNƒVoäCñ'ÞÛ§ýhßô[øvDŠU€pv×½¶Òõ¦~e‰Â0yœ¦ÿ—ÑÄ2`•Ý<E280A2>ºîƱŽïÑ¥ÂÔåú8/´ª ¸
÷MEÐŽh·sÈqÌâ¤|ß kتí<Ó°¡+ÊÍ9eË0óŸ¸;­)Ï?IL-ëÓJY¾gðpk+ÛíúˆHRûé5ÔÍÉÛ¥ú”§„Ø× :8·ùo©þ1¥zâs—`•_MSÒí«Q˜;Q_o]·

View file

@ -8,7 +8,6 @@ let
];
encryptedFileNames = [
"database_passwords.env.age"
"borg_passphrase.age"
"borgbase.pem.age"
"k3s-server-token.age"