diff --git a/hosts/base.nix b/hosts/base.nix index f022cf7..faebf79 100644 --- a/hosts/base.nix +++ b/hosts/base.nix @@ -75,10 +75,16 @@ git pciutils sysstat + xfsprogs ]; services.openssh.enable = true; + services.openiscsi = { + enable = true; + name = "iqn.2026-01.dev.nyxerinys:${config.networking.hostName}"; + }; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/servers/poseidon/shares.nix b/hosts/servers/poseidon/shares.nix index 9400df0..bfa190a 100644 --- a/hosts/servers/poseidon/shares.nix +++ b/hosts/servers/poseidon/shares.nix @@ -1,20 +1,89 @@ { ... }: -{ - networking.firewall.allowedTCPPorts = [ 111 2049 4000 4001 4002 20048 ]; - networking.firewall.allowedUDPPorts = [ 111 2049 4000 4001 4002 20048 ]; +let + # ports + nfs3 = [ + 111 + 4000 + 4001 + 4002 + 20048 + ]; + + nfs4 = [ + 2049 + ]; + + iscsi = [ + 3260 + ]; + + tcpPorts = nfs3 ++ nfs4 ++ iscsi; + udpPorts = nfs3; + # --- + + # iscsi info + nasBase = "iqn.2026-01.dev.nyxerinys:poseidon"; + + initiators = [ + { node_wwn = "iqn.2026-01.dev.nyxerinys:gamma" } + { node_wwn = "iqn.2026-01.dev.nyxerinys:delta" } + { node_wwn = "iqn.2026-01.dev.nyxerinys:epsilon" } + ]; + + targets = [ + { name = "authentik"; zvol = "Velaris/Containers/Authentik"; lun = 0; } + ]; + +in { + networking.firewall.allowedTCPPorts = tcpPorts; + networking.firewall.allowedUDPPorts = udpPorts; fileSystems."/export/containers" = { device = "/Velaris/Containers"; options = [ "bind" ]; }; - services.nfs.server = { - enable = true; - createMountPoints = true; - lockdPort = 4001; - mountdPort = 4002; - statdPort = 4000; - exports = '' - /export 10.5.0.0/24(rw,fsid=0,no_subtree_check,no_root_squash) - /export/containers 10.5.0.0/24(rw,nohide,insecure,no_subtree_check,no_root_squash) - ''; + services = { + nfs.server = { + enable = true; + createMountPoints = true; + lockdPort = 4001; + mountdPort = 4002; + statdPort = 4000; + exports = '' + /export 10.5.0.0/24(rw,fsid=0,no_subtree_check,no_root_squash) + /export/containers 10.5.0.0/24(rw,nohide,insecure,no_subtree_check,no_root_squash) + ''; + }; + target = { + enable = true; + config = { + storage_objects = map (t: { + dev = "/dev/zvol/${t.zvol}"; + name = t.name; + plugin = "block"; + wwn = "${nasBase}.${t.name}"; + }) targets; + + targets = map (t: { + fabric = "iscsi"; + wwn = "${nasBase}.${t.name}"; + tpgs = [{ + enable = true; + portals = [ + { + ip_address = "0.0.0.0"; + port = 3260; + } + ]; + luns = [ + { + index = t.lun; + storage_object = "/backstores/block/${t.name}"; + } + ]; + acls = initiators; + }]; + }) targets; + }; + }; }; } \ No newline at end of file diff --git a/modules/k3s/deployments/authentik.nix b/modules/k3s/deployments/authentik.nix new file mode 100644 index 0000000..07c0d73 --- /dev/null +++ b/modules/k3s/deployments/authentik.nix @@ -0,0 +1,34 @@ +{ ... }: +{ + authentik.content = [ + { + apiVersion = "v1"; + kind = "Pod"; + metadata.name = "ubuntu-test"; + spec = { + containers = [ + { + name = "ubuntu-test"; + image = "ubuntu:latest"; + command = [ "tail" "-f" "/dev/null" ]; + volumeMounts = [ + { + mountPath = "/test"; + name = "test"; + subPath = "ubuntu-test"; + } + ]; + } + ]; + volumes = [ + { + name = "test"; + persistentVolumeClaim = { + claimName = "nfs-main-pvc"; + }; + } + ]; + }; + } + ]; +} \ No newline at end of file