From f8852486adea7b378ca6ee53f34c13bf3dc9b3e0 Mon Sep 17 00:00:00 2001 From: Matt Layher Date: Fri, 15 Sep 2023 20:03:32 -0400 Subject: [PATCH] nixos/servnerr-4: set up libvirtd and br0 --- nixos/servnerr-4/configuration.nix | 2 -- nixos/servnerr-4/containers.nix | 22 +++++----------------- nixos/servnerr-4/networking.nix | 18 +++++++++++++----- nixos/servnerr-4/prometheus.nix | 3 +-- 4 files changed, 19 insertions(+), 26 deletions(-) diff --git a/nixos/servnerr-4/configuration.nix b/nixos/servnerr-4/configuration.nix index 1e94359..090d832 100644 --- a/nixos/servnerr-4/configuration.nix +++ b/nixos/servnerr-4/configuration.nix @@ -108,8 +108,6 @@ in { }; }; - virtualisation.libvirtd.enable = true; - # root SSH key for remote builds. users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP3+HUx05h15g95ID/lWbU5uvF6TLr2XESmthQjU7qvR NixOS distributed build" diff --git a/nixos/servnerr-4/containers.nix b/nixos/servnerr-4/containers.nix index 747133a..5b119c1 100644 --- a/nixos/servnerr-4/containers.nix +++ b/nixos/servnerr-4/containers.nix @@ -1,7 +1,7 @@ { pkgs, ... }: { - # These services are proprietary and run containerized for confinement from + # These services are proprietary and run in systemd containers for confinement from # the rest of the system and on unstable for faster update cycles. containers = { plex = { @@ -32,21 +32,9 @@ }; }; - virtualisation.oci-containers = { - backend = "podman"; - containers = { - home-assistant = { - image = "ghcr.io/home-assistant/home-assistant:stable"; - extraOptions = [ - # Expose on the host. - "--network=host" - # Pass in Home Assistant SkyConnect device. - "--device=/dev/serial/by-id/usb-Nabu_Casa_SkyConnect_v1.0_4c34810ea196ed11a365c698a7669f5d-if00-port0" - ]; - ports = [ "8123:8123" ]; - volumes = - [ "/etc/localtime:/etc/localtime:ro" "/var/lib/hass:/config" ]; - }; - }; + # libvirtd hypervisor. + virtualisation.libvirtd = { + enable = true; + onBoot = "start"; }; } diff --git a/nixos/servnerr-4/networking.nix b/nixos/servnerr-4/networking.nix index c24d4a9..a1dcdc1 100644 --- a/nixos/servnerr-4/networking.nix +++ b/nixos/servnerr-4/networking.nix @@ -44,17 +44,25 @@ in { ipv6AcceptRAConfig.UseDomains = true; }; - # 10GbE management LAN. + # 10GbE management LAN with bridge. + netdevs."11-br0".netdevConfig = { + Name = "br0"; + Kind = "bridge"; + }; + networks."11-br0" = { + matchConfig.Name = "br0"; + networkConfig.DHCP = "ipv4"; + dhcpV4Config.ClientIdentifier = "mac"; + }; + + # 10GbE NIC tied to bridge. links."11-mgmt1" = { matchConfig.MACAddress = "8c:dc:d4:ac:96:24"; linkConfig.Name = "mgmt1"; }; networks."11-mgmt1" = { matchConfig.Name = "mgmt1"; - networkConfig.DHCP = "ipv4"; - dhcpV4Config.ClientIdentifier = "mac"; - # Only accept DNS search on this interface. - ipv6AcceptRAConfig.UseDomains = true; + bridge = ["br0"]; }; }; } diff --git a/nixos/servnerr-4/prometheus.nix b/nixos/servnerr-4/prometheus.nix index 77d689a..4f9a953 100644 --- a/nixos/servnerr-4/prometheus.nix +++ b/nixos/servnerr-4/prometheus.nix @@ -122,7 +122,6 @@ in { ]) (staticScrape "obs" [ "nerr-4:9407" ]) (staticScrape "windows" [ "theatnerr-2:9182" ]) - (staticScrape "wireguard" [ "routnerr-3:9586" ]) (staticScrape "zrepl" [ "servnerr-4:9811" ]) # Home Assistant requires a more custom configuration. @@ -130,7 +129,7 @@ in { job_name = "homeassistant"; metrics_path = "/api/prometheus"; bearer_token = "${secrets.prometheus.homeassistant_token}"; - static_configs = [{ targets = [ "servnerr-4:8123" ]; }]; + static_configs = [{ targets = [ "hass:8123" ]; }]; } # Blackbox exporter and associated targets.