add scrutiny module and added it to gandalf

2024-09-06 20:26:11 -05:00 · 2024-09-06 20:26:11 -05:00 · 1818f85bdc
commit 1818f85bdc
parent 92175a2020
4 changed files with 110 additions and 8 deletions
--- a/nixos/hosts/gandalf/config/disks.nix
+++ b/nixos/hosts/gandalf/config/disks.nix
@ -0,0 +1,16 @@
+[
+  "/dev/disk/by-id/ata-Seagate_IronWolfPro_ZA240NX10001-2ZH100_7TF002RA"
+  "/dev/disk/by-id/nvme-Samsung_SSD_960_EVO_250GB_S3ESNX0K308438J"
+  "/dev/disk/by-id/scsi-350000c0f01da4b40"
+  "/dev/disk/by-id/scsi-350000c0f01e7d190"
+  "/dev/disk/by-id/scsi-350000c0f01ea443c"
+  "/dev/disk/by-id/scsi-350000c0f01f8230c"
+  "/dev/disk/by-id/scsi-35000c500586e5057"
+  "/dev/disk/by-id/scsi-35000c500624a0ddb"
+  "/dev/disk/by-id/scsi-35000c500624a1a8b"
+  "/dev/disk/by-id/scsi-35000cca046135ad8"
+  "/dev/disk/by-id/scsi-35000cca04613722c"
+  "/dev/disk/by-id/scsi-35000cca0461810f8"
+  "/dev/disk/by-id/scsi-35000cca04618b930"
+  "/dev/disk/by-id/scsi-35000cca04618cec4"
+]
--- a/nixos/hosts/gandalf/default.nix
+++ b/nixos/hosts/gandalf/default.nix
@ -1,9 +1,12 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# Do not modify this file!  It was generated by 'nixos-generate-config'
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, modulesPath, inputs, ... }:
 let
  sanoidConfig = import ./config/sanoid.nix { };
+  disks = import ./config/disks.nix;
+  smartdDevices = map (device: { inherit device; }) disks;
+
 in
 {
  imports =
@ -86,12 +89,9 @@ in
    };
  };

-  # no de
  services = {
-    xserver = {
-      enable = false;
-      displayManager.gdm.enable = false;
-      desktopManager.gnome.enable = false;
+    smartd = {
+      devices = smartdDevices;
    };
  };

@ -128,14 +128,21 @@ in
      podman.enable = true;
      libvirt-qemu.enable = true;

+      # Scrutiny
+      scrutiny = {
+        enable = true;
+        devices = disks;
+        extraCapabilities = [ "SYS_RAWIO" ];
+        containerVolumeLocation = "/eru/containers/volumes/scrutiny";
+      };
+
      # Sanoid
      sanoid = {
        enable = true;
        inherit (sanoidConfig.outputs) templates datasets;
      };

-      # Unifi & Lego-Auto
-      # unifi.enable = true;
+      # Lego-Auto for SSL Certificates
      lego-auto = {
        enable = true;
        dnsimpleTokenPath = "${config.sops.secrets."lego/dnsimple/token".path}";
--- a/nixos/modules/nixos/containers/default.nix
+++ b/nixos/modules/nixos/containers/default.nix
@ -3,5 +3,6 @@
    ./backrest
    ./lego-auto
    ./unifi
+    ./scrutiny
  ];
 }
--- a/nixos/modules/nixos/containers/scrutiny/default.nix
+++ b/nixos/modules/nixos/containers/scrutiny/default.nix
@ -0,0 +1,78 @@
+{ lib, config, ... }:
+with lib;
+let
+  app = "scrutiny";
+  # renovate: depName=AnalogJ/scrutiny datasource=github-releases
+  version = "v0.8.1";
+  cfg = config.mySystem.services.${app};
+in
+{
+  options.mySystem.services.${app} = {
+    enable = mkEnableOption "${app}";
+
+    containerVolumeLocation = mkOption {
+      type = types.str;
+      default = "/mnt/data/containers/${app}";
+      description = ''
+        The location where the container will store its data.
+      '';
+      example = "/mnt/data/containers/${app}";
+    };
+    # podman equivalent:
+    # --device /dev/disk/by-id/nvme-XXXXXXXXXXXXXXXXXXXXXXXXXXXX
+    devices = mkOption {
+      type = types.listOf types.str;
+      default = [ ];
+      description = ''
+        Devices to monitor on Scrutiny.
+      '';
+      example = [
+        "/dev/disk/by-id/nvme-XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+      ];
+    };
+
+    # podman equivalent:
+    # --cap-add SYS_RAWIO
+    extraCapabilities = mkOption {
+      type = types.listOf types.str;
+      default = [
+        "SYS_RAWIO"
+      ];
+      description = ''
+        Extra capabilities to add to the container.
+      '';
+      example = [
+        "SYS_RAWIO"
+      ];
+    };
+  };
+
+  config = mkIf cfg.enable {
+    virtualisation.oci-containers.containers.${app} = {
+      image = "ghcr.io/AnalogJ/scrutiny:${version}-omnibus";
+      autoStart = true;
+
+      ports = [
+        "8585:8585" # web ui
+        "8086:8086" # influxdb2
+      ];
+
+      environment = {
+        TZ = "America/Chicago";
+      };
+
+      volumes = [
+        "${cfg.containerVolumeLocation}:/opt/scrutiny/config"
+        "${cfg.containerVolumeLocation}/influxdb2:/opt/scrutiny/influxdb"
+        "/run/udev:/run/udev:ro"
+      ];
+
+      # Merge the devices and extraCapabilities into the extraOptions property
+      # using the --device and --cap-add flags
+      extraOptions =
+        (map (disk: "--device=${toString disk}") cfg.devices)
+        ++
+        (map (cap: "--cap-add=${cap}") cfg.extraCapabilities);
+    };
+  };
+}