John Ogle
bf600987e9
Add fast-cpu and fast-storage labels since this node has a faster CPU than other cluster nodes and is the NFS host with fast local storage. Also add k3s-upgrade=disabled to exclude from system-upgrade-controller.
130 lines
3.0 KiB
Nix
130 lines
3.0 KiB
Nix
# NixOS configuration for john-endesktop (ZFS/NFS server)
|
|
# Migrated from Arch Linux to provide ZFS pools via NFS to k3s cluster
|
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
];
|
|
|
|
# Boot configuration
|
|
boot.loader.systemd-boot.enable = true;
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
# ZFS support
|
|
boot.supportedFilesystems = [ "zfs" ];
|
|
boot.zfs.forceImportRoot = false;
|
|
boot.zfs.extraPools = [ "media" "swarmvols" ];
|
|
|
|
# Set ZFS hostid to match current system (from Arch Linux)
|
|
# This resolves the hostid mismatch warnings
|
|
networking.hostId = "007f0101";
|
|
|
|
# Hostname
|
|
networking.hostName = "john-endesktop";
|
|
|
|
# Network configuration - using DHCP on enp0s31f6
|
|
networking.useDHCP = false;
|
|
networking.interfaces.enp0s31f6.useDHCP = true;
|
|
|
|
# NFS Server configuration
|
|
services.nfs.server = {
|
|
enable = true;
|
|
|
|
# NFS protocol versions
|
|
# v3 for broader compatibility, v4 for better performance
|
|
exports = ''
|
|
# These are managed by ZFS sharenfs properties
|
|
# but we enable the NFS server here
|
|
'';
|
|
};
|
|
|
|
# Enable NFS4 with proper configuration
|
|
services.rpcbind.enable = true;
|
|
|
|
# Firewall configuration for NFS
|
|
networking.firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [
|
|
111 # rpcbind
|
|
2049 # nfs
|
|
4000 # nfs callback
|
|
4001 # nlockmgr
|
|
4002 # mountd
|
|
20048 # mountd
|
|
];
|
|
allowedUDPPorts = [
|
|
111 # rpcbind
|
|
2049 # nfs
|
|
4000 # nfs callback
|
|
4001 # nlockmgr
|
|
4002 # mountd
|
|
20048 # mountd
|
|
];
|
|
# Allow NFS from local network
|
|
extraCommands = ''
|
|
iptables -A nixos-fw -p tcp -s 10.0.0.0/24 -j ACCEPT
|
|
iptables -A nixos-fw -p udp -s 10.0.0.0/24 -j ACCEPT
|
|
'';
|
|
};
|
|
|
|
# ZFS maintenance
|
|
services.zfs = {
|
|
autoScrub = {
|
|
enable = true;
|
|
interval = "monthly";
|
|
};
|
|
trim = {
|
|
enable = true;
|
|
interval = "weekly";
|
|
};
|
|
};
|
|
|
|
# Basic system packages
|
|
environment.systemPackages = with pkgs; [
|
|
vim
|
|
git
|
|
htop
|
|
tmux
|
|
zfs
|
|
];
|
|
|
|
# Enable SSH
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PermitRootLogin = "no";
|
|
PasswordAuthentication = true;
|
|
};
|
|
};
|
|
|
|
# User configuration
|
|
roles.users.enable = true;
|
|
|
|
# k3s agent configuration
|
|
roles.k3s-node = {
|
|
enable = true;
|
|
role = "agent";
|
|
# serverAddr defaults to https://10.0.0.222:6443
|
|
# tokenFile defaults to /etc/k3s/token
|
|
extraFlags = [
|
|
# Node labels for workload scheduling
|
|
# fast-cpu: This node has a faster CPU than other cluster nodes
|
|
"--node-label=fast-cpu=true"
|
|
# fast-storage: This node is the NFS host with fast local storage access
|
|
"--node-label=fast-storage=true"
|
|
# k3s-upgrade=disabled: NixOS manages k3s upgrades via Nix, not system-upgrade-controller
|
|
"--node-label=k3s-upgrade=disabled"
|
|
];
|
|
};
|
|
|
|
# Time zone
|
|
time.timeZone = "America/Los_Angeles"; # Adjust as needed
|
|
|
|
# NixOS version
|
|
system.stateVersion = "25.11";
|
|
}
|