NyxErinys/Nix-Config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

setup iscsi zvol

Browse source
This commit is contained in:
NyxErinys 2026-05-26 02:44:27 -05:00
parent 94fad0432d
commit 1787680c4a
3 changed files with 122 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

6
hosts/base.nix
View file

@ -75,10 +75,16 @@
git git
pciutils pciutils
sysstat sysstat
xfsprogs
]; ];
services.openssh.enable = true; services.openssh.enable = true;
services.openiscsi = {
enable = true;
name = "iqn.2026-01.dev.nyxerinys:${config.networking.hostName}";
};
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave

77
hosts/servers/poseidon/shares.nix
View file

@ -1,12 +1,48 @@
{ ... }: { ... }:
{ let
networking.firewall.allowedTCPPorts = [ 111 2049 4000 4001 4002 20048 ]; # ports
networking.firewall.allowedUDPPorts = [ 111 2049 4000 4001 4002 20048 ]; nfs3 = [
111
4000
4001
4002
20048
];
nfs4 = [
2049
];
iscsi = [
3260
];
tcpPorts = nfs3 ++ nfs4 ++ iscsi;
udpPorts = nfs3;
# ---
# iscsi info
nasBase = "iqn.2026-01.dev.nyxerinys:poseidon";
initiators = [
{ node_wwn = "iqn.2026-01.dev.nyxerinys:gamma" }
{ node_wwn = "iqn.2026-01.dev.nyxerinys:delta" }
{ node_wwn = "iqn.2026-01.dev.nyxerinys:epsilon" }
];
targets = [
{ name = "authentik"; zvol = "Velaris/Containers/Authentik"; lun = 0; }
];
in {
networking.firewall.allowedTCPPorts = tcpPorts;
networking.firewall.allowedUDPPorts = udpPorts;
fileSystems."/export/containers" = { fileSystems."/export/containers" = {
device = "/Velaris/Containers"; device = "/Velaris/Containers";
options = [ "bind" ]; options = [ "bind" ];
}; };
services.nfs.server = { services = {
nfs.server = {
enable = true; enable = true;
createMountPoints = true; createMountPoints = true;
lockdPort = 4001; lockdPort = 4001;
@ -17,4 +53,37 @@
/export/containers 10.5.0.0/24(rw,nohide,insecure,no_subtree_check,no_root_squash) /export/containers 10.5.0.0/24(rw,nohide,insecure,no_subtree_check,no_root_squash)
''; '';
}; };
target = {
enable = true;
config = {
storage_objects = map (t: {
dev = "/dev/zvol/${t.zvol}";
name = t.name;
plugin = "block";
wwn = "${nasBase}.${t.name}";
}) targets;
targets = map (t: {
fabric = "iscsi";
wwn = "${nasBase}.${t.name}";
tpgs = [{
enable = true;
portals = [
{
ip_address = "0.0.0.0";
port = 3260;
}
];
luns = [
{
index = t.lun;
storage_object = "/backstores/block/${t.name}";
}
];
acls = initiators;
}];
}) targets;
};
};
};
} }

34
modules/k3s/deployments/authentik.nix Normal file
View file

@ -0,0 +1,34 @@
{ ... }:
{
authentik.content = [
{
apiVersion = "v1";
kind = "Pod";
metadata.name = "ubuntu-test";
spec = {
containers = [
{
name = "ubuntu-test";
image = "ubuntu:latest";
command = [ "tail" "-f" "/dev/null" ];
volumeMounts = [
{
mountPath = "/test";
name = "test";
subPath = "ubuntu-test";
}
];
}
];
volumes = [
{
name = "test";
persistentVolumeClaim = {
claimName = "nfs-main-pvc";
};
}
];
};
}
];
}