nix/hosts/servers/trenderhoof.nix at 3dffec6422a644407a175f3d81271e8762d6b300 · ocf/nix · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
{
  networking.hostName = "trenderhoof";

  ocf.network = {
    enable = true;
    lastOctet = 128;
  };

  ocf.nfs = {
    enable = true;
    # https://github.com/ocf/puppet/blob/a081b2210691bd46d585accc8548c985188486a0/modules/ocf_filehost/manifests/init.pp#L10-L16
    exports = [
      {
        directory = "/opt/homes";
        hosts = [
          "admin"
          "www"
          "ssh"
          "apphost"
          "adenine"
          "guanine"
          "cytosine"
          "thymine"
          "fluttershy"
          "rainbowdash"
        ];
        options = [
          "rw"
          "fsid=0"
          "no_subtree_check"
          "no_root_squash"
        ];
      }
    ];
  };


  boot.loader = {
    grub.enable = true;
    systemd-boot.enable = false;
  };

  # FIXME remove and make sure it still boots
  hardware.enableAllHardware = true;

  disko.devices = {
    disk = {
      main = {
        device = "/dev/disk/by-id/ata-Micron_5100_MTFDDAK960TBY_1725190CE6F0";
        type = "disk";
        content = {
          type = "gpt";
          partitions = {
            MBR = {
              type = "EF02";
              size = "1M";
              priority = 1;
            };
            ESP = {
              size = "1G";
              type = "EF00";
              content = {
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
                mountOptions = [ "umask=0077" ];
              };
            };
            root = {
              size = "100%";
              content = {
                type = "filesystem";
                format = "ext4";
                mountpoint = "/";
              };
            };
          };
        };
      };
    };
  };

  boot.swraid = {
    enable = true;
    mdadmConf = ''
      MAILADDR postmaster@ocf.berkeley.edu
      ARRAY /dev/md/nfs metadata=1.2 UUID=46b10914:9f84099b:dd54304a:917d7898 name=dataloss:nfs
    '';
  };

  fileSystems = {
    "/opt/homes" = {
      device = "/dev/md/nfs";
      fsType = "ext4";
      options = [
        "noacl"
        "noatime"
        "nodev"
        "usrquota"
      ];
    };

    # Bind mount /opt/homes/home to /home. This allows running
    #     mount trenderhoof:/home /home
    # In fact, since home is CNAMEd to filehost is CNAMEd to trenderhoof, even
    #     mount homes:/home /home
    # works and that's what the Puppet config in modules/ocf/manifests/nfs.pp does.
    "/home" = {
      device = "/opt/homes/home";
      fsType = "none";
      options = [ "bind" ];
    };
    "/services" = {
      device = "/opt/homes/services";
      fsType = "none";
      options = [ "bind" ];
    };
  };

  nixpkgs.hostPlatform = "x86_64-linux";

  system.stateVersion = "25.11";
}