nixos/servnerr-4: set up libvirtd and br0

2024-12-14 11:47:32 +00:00 · 2023-09-15 20:03:32 -04:00 · 2023-09-15 20:03:32 -04:00 · f8852486ad
commit f8852486ad
parent d0cb631921
4 changed files with 19 additions and 26 deletions
--- a/nixos/servnerr-4/configuration.nix
+++ b/nixos/servnerr-4/configuration.nix
@ -108,8 +108,6 @@ in {
    };
  };

-  virtualisation.libvirtd.enable = true;
-
  # root SSH key for remote builds.
  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP3+HUx05h15g95ID/lWbU5uvF6TLr2XESmthQjU7qvR NixOS distributed build"
--- a/nixos/servnerr-4/containers.nix
+++ b/nixos/servnerr-4/containers.nix
@ -1,7 +1,7 @@
 { pkgs, ... }:

 {
-  # These services are proprietary and run containerized for confinement from
+  # These services are proprietary and run in systemd containers for confinement from
  # the rest of the system and on unstable for faster update cycles.
  containers = {
    plex = {
@ -32,21 +32,9 @@
    };
  };

-  virtualisation.oci-containers = {
-    backend = "podman";
-    containers = {
-      home-assistant = {
-        image = "ghcr.io/home-assistant/home-assistant:stable";
-        extraOptions = [
-          # Expose on the host.
-          "--network=host"
-          # Pass in Home Assistant SkyConnect device.
-          "--device=/dev/serial/by-id/usb-Nabu_Casa_SkyConnect_v1.0_4c34810ea196ed11a365c698a7669f5d-if00-port0"
-        ];
-        ports = [ "8123:8123" ];
-        volumes =
-          [ "/etc/localtime:/etc/localtime:ro" "/var/lib/hass:/config" ];
-      };
-    };
+  # libvirtd hypervisor.
+  virtualisation.libvirtd = {
+    enable = true;
+    onBoot = "start";
  };
 }
--- a/nixos/servnerr-4/networking.nix
+++ b/nixos/servnerr-4/networking.nix
@ -44,17 +44,25 @@ in {
      ipv6AcceptRAConfig.UseDomains = true;
    };

-    # 10GbE management LAN.
+    # 10GbE management LAN with bridge.
+    netdevs."11-br0".netdevConfig = {
+      Name = "br0";
+      Kind = "bridge";
+    };
+    networks."11-br0" = {
+      matchConfig.Name = "br0";
+      networkConfig.DHCP = "ipv4";
+      dhcpV4Config.ClientIdentifier = "mac";
+    };
+
+    # 10GbE NIC tied to bridge.
    links."11-mgmt1" = {
      matchConfig.MACAddress = "8c:dc:d4:ac:96:24";
      linkConfig.Name = "mgmt1";
    };
    networks."11-mgmt1" = {
      matchConfig.Name = "mgmt1";
-      networkConfig.DHCP = "ipv4";
-      dhcpV4Config.ClientIdentifier = "mac";
-      # Only accept DNS search on this interface.
-      ipv6AcceptRAConfig.UseDomains = true;
+      bridge = ["br0"];
    };
  };
 }
--- a/nixos/servnerr-4/prometheus.nix
+++ b/nixos/servnerr-4/prometheus.nix
@ -122,7 +122,6 @@ in {
      ])
      (staticScrape "obs" [ "nerr-4:9407" ])
      (staticScrape "windows" [ "theatnerr-2:9182" ])
-      (staticScrape "wireguard" [ "routnerr-3:9586" ])
      (staticScrape "zrepl" [ "servnerr-4:9811" ])

      # Home Assistant requires a more custom configuration.
@ -130,7 +129,7 @@ in {
        job_name = "homeassistant";
        metrics_path = "/api/prometheus";
        bearer_token = "${secrets.prometheus.homeassistant_token}";
-        static_configs = [{ targets = [ "servnerr-4:8123" ]; }];
+        static_configs = [{ targets = [ "hass:8123" ]; }];
      }

      # Blackbox exporter and associated targets.