setup iscsi zvol

2026-05-26 02:44:27 -05:00 · 2026-05-26 02:44:27 -05:00 · 1787680c4a
commit 1787680c4a
parent 94fad0432d
3 changed files with 122 additions and 13 deletions
--- a/hosts/base.nix
+++ b/hosts/base.nix
@ -75,10 +75,16 @@
    git
    pciutils
    sysstat
+    xfsprogs
  ];

  services.openssh.enable = true;

+  services.openiscsi = {
+    enable = true;
+    name = "iqn.2026-01.dev.nyxerinys:${config.networking.hostName}";
+  };
+
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
--- a/hosts/servers/poseidon/shares.nix
+++ b/hosts/servers/poseidon/shares.nix
@ -1,20 +1,89 @@
 { ... }:
-{
-  networking.firewall.allowedTCPPorts = [ 111 2049 4000 4001 4002 20048 ];
-  networking.firewall.allowedUDPPorts = [ 111 2049 4000 4001 4002 20048 ];
+let
+  # ports
+  nfs3 = [
+    111
+    4000
+    4001
+    4002
+    20048
+  ];
+
+  nfs4 = [
+    2049
+  ];
+    
+  iscsi = [
+    3260
+  ];
+
+  tcpPorts = nfs3 ++ nfs4 ++ iscsi;
+  udpPorts = nfs3;
+  # ---
+
+  # iscsi info
+  nasBase = "iqn.2026-01.dev.nyxerinys:poseidon";
+
+  initiators = [
+    { node_wwn = "iqn.2026-01.dev.nyxerinys:gamma" }
+    { node_wwn = "iqn.2026-01.dev.nyxerinys:delta" }
+    { node_wwn = "iqn.2026-01.dev.nyxerinys:epsilon" }
+  ];
+
+  targets = [
+    { name = "authentik"; zvol = "Velaris/Containers/Authentik"; lun = 0; }
+  ];
+
+in {
+  networking.firewall.allowedTCPPorts = tcpPorts;
+  networking.firewall.allowedUDPPorts = udpPorts;
  fileSystems."/export/containers" = {
    device = "/Velaris/Containers";
    options = [ "bind" ];
  };
-  services.nfs.server = {
-    enable = true;
-    createMountPoints = true;
-    lockdPort = 4001;
-    mountdPort = 4002;
-    statdPort = 4000;
-    exports = ''
-      /export 10.5.0.0/24(rw,fsid=0,no_subtree_check,no_root_squash)
-      /export/containers 10.5.0.0/24(rw,nohide,insecure,no_subtree_check,no_root_squash)
-    '';
+  services = {
+    nfs.server = {
+      enable = true;
+      createMountPoints = true;
+      lockdPort = 4001;
+      mountdPort = 4002;
+      statdPort = 4000;
+      exports = ''
+        /export 10.5.0.0/24(rw,fsid=0,no_subtree_check,no_root_squash)
+        /export/containers 10.5.0.0/24(rw,nohide,insecure,no_subtree_check,no_root_squash)
+      '';
+    };
+    target = {
+      enable = true;
+      config = {
+        storage_objects = map (t: {
+          dev = "/dev/zvol/${t.zvol}";
+          name = t.name;
+          plugin = "block";
+          wwn = "${nasBase}.${t.name}";        
+        }) targets;
+
+        targets = map (t: {
+          fabric = "iscsi";
+          wwn = "${nasBase}.${t.name}";
+          tpgs = [{
+            enable = true;
+            portals = [
+              {
+                ip_address = "0.0.0.0";
+                port = 3260;
+              }
+            ];
+            luns = [
+              {
+                index = t.lun;
+                storage_object = "/backstores/block/${t.name}";
+              }
+            ];
+            acls = initiators;
+          }];
+        }) targets;
+      };
+    };
  };
 }
--- a/modules/k3s/deployments/authentik.nix
+++ b/modules/k3s/deployments/authentik.nix
@ -0,0 +1,34 @@
+{ ... }:
+{
+  authentik.content = [
+    {
+      apiVersion = "v1";
+      kind = "Pod";
+      metadata.name = "ubuntu-test";
+      spec = {
+        containers = [
+          {
+            name = "ubuntu-test";
+            image = "ubuntu:latest";
+            command = [ "tail" "-f" "/dev/null" ];
+            volumeMounts = [
+              {
+                mountPath = "/test";
+                name = "test";
+                subPath = "ubuntu-test";
+              }
+            ];
+          }
+        ];
+        volumes = [
+          {
+            name = "test";
+            persistentVolumeClaim = {
+              claimName = "nfs-main-pvc";
+            };
+          }
+        ];
+      };
+    }
+  ];
+}