add scrutiny module and added it to gandalf
This commit is contained in:
parent
92175a2020
commit
1818f85bdc
4 changed files with 110 additions and 8 deletions
16
nixos/hosts/gandalf/config/disks.nix
Normal file
16
nixos/hosts/gandalf/config/disks.nix
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
[
|
||||||
|
"/dev/disk/by-id/ata-Seagate_IronWolfPro_ZA240NX10001-2ZH100_7TF002RA"
|
||||||
|
"/dev/disk/by-id/nvme-Samsung_SSD_960_EVO_250GB_S3ESNX0K308438J"
|
||||||
|
"/dev/disk/by-id/scsi-350000c0f01da4b40"
|
||||||
|
"/dev/disk/by-id/scsi-350000c0f01e7d190"
|
||||||
|
"/dev/disk/by-id/scsi-350000c0f01ea443c"
|
||||||
|
"/dev/disk/by-id/scsi-350000c0f01f8230c"
|
||||||
|
"/dev/disk/by-id/scsi-35000c500586e5057"
|
||||||
|
"/dev/disk/by-id/scsi-35000c500624a0ddb"
|
||||||
|
"/dev/disk/by-id/scsi-35000c500624a1a8b"
|
||||||
|
"/dev/disk/by-id/scsi-35000cca046135ad8"
|
||||||
|
"/dev/disk/by-id/scsi-35000cca04613722c"
|
||||||
|
"/dev/disk/by-id/scsi-35000cca0461810f8"
|
||||||
|
"/dev/disk/by-id/scsi-35000cca04618b930"
|
||||||
|
"/dev/disk/by-id/scsi-35000cca04618cec4"
|
||||||
|
]
|
|
@ -1,9 +1,12 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by 'nixos-generate-config'
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config, lib, modulesPath, inputs, ... }:
|
{ config, lib, modulesPath, inputs, ... }:
|
||||||
let
|
let
|
||||||
sanoidConfig = import ./config/sanoid.nix { };
|
sanoidConfig = import ./config/sanoid.nix { };
|
||||||
|
disks = import ./config/disks.nix;
|
||||||
|
smartdDevices = map (device: { inherit device; }) disks;
|
||||||
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
|
@ -86,12 +89,9 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# no de
|
|
||||||
services = {
|
services = {
|
||||||
xserver = {
|
smartd = {
|
||||||
enable = false;
|
devices = smartdDevices;
|
||||||
displayManager.gdm.enable = false;
|
|
||||||
desktopManager.gnome.enable = false;
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -128,14 +128,21 @@ in
|
||||||
podman.enable = true;
|
podman.enable = true;
|
||||||
libvirt-qemu.enable = true;
|
libvirt-qemu.enable = true;
|
||||||
|
|
||||||
|
# Scrutiny
|
||||||
|
scrutiny = {
|
||||||
|
enable = true;
|
||||||
|
devices = disks;
|
||||||
|
extraCapabilities = [ "SYS_RAWIO" ];
|
||||||
|
containerVolumeLocation = "/eru/containers/volumes/scrutiny";
|
||||||
|
};
|
||||||
|
|
||||||
# Sanoid
|
# Sanoid
|
||||||
sanoid = {
|
sanoid = {
|
||||||
enable = true;
|
enable = true;
|
||||||
inherit (sanoidConfig.outputs) templates datasets;
|
inherit (sanoidConfig.outputs) templates datasets;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Unifi & Lego-Auto
|
# Lego-Auto for SSL Certificates
|
||||||
# unifi.enable = true;
|
|
||||||
lego-auto = {
|
lego-auto = {
|
||||||
enable = true;
|
enable = true;
|
||||||
dnsimpleTokenPath = "${config.sops.secrets."lego/dnsimple/token".path}";
|
dnsimpleTokenPath = "${config.sops.secrets."lego/dnsimple/token".path}";
|
||||||
|
|
|
@ -3,5 +3,6 @@
|
||||||
./backrest
|
./backrest
|
||||||
./lego-auto
|
./lego-auto
|
||||||
./unifi
|
./unifi
|
||||||
|
./scrutiny
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
78
nixos/modules/nixos/containers/scrutiny/default.nix
Normal file
78
nixos/modules/nixos/containers/scrutiny/default.nix
Normal file
|
@ -0,0 +1,78 @@
|
||||||
|
{ lib, config, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
app = "scrutiny";
|
||||||
|
# renovate: depName=AnalogJ/scrutiny datasource=github-releases
|
||||||
|
version = "v0.8.1";
|
||||||
|
cfg = config.mySystem.services.${app};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.mySystem.services.${app} = {
|
||||||
|
enable = mkEnableOption "${app}";
|
||||||
|
|
||||||
|
containerVolumeLocation = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "/mnt/data/containers/${app}";
|
||||||
|
description = ''
|
||||||
|
The location where the container will store its data.
|
||||||
|
'';
|
||||||
|
example = "/mnt/data/containers/${app}";
|
||||||
|
};
|
||||||
|
# podman equivalent:
|
||||||
|
# --device /dev/disk/by-id/nvme-XXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
||||||
|
devices = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = [ ];
|
||||||
|
description = ''
|
||||||
|
Devices to monitor on Scrutiny.
|
||||||
|
'';
|
||||||
|
example = [
|
||||||
|
"/dev/disk/by-id/nvme-XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
# podman equivalent:
|
||||||
|
# --cap-add SYS_RAWIO
|
||||||
|
extraCapabilities = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = [
|
||||||
|
"SYS_RAWIO"
|
||||||
|
];
|
||||||
|
description = ''
|
||||||
|
Extra capabilities to add to the container.
|
||||||
|
'';
|
||||||
|
example = [
|
||||||
|
"SYS_RAWIO"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
virtualisation.oci-containers.containers.${app} = {
|
||||||
|
image = "ghcr.io/AnalogJ/scrutiny:${version}-omnibus";
|
||||||
|
autoStart = true;
|
||||||
|
|
||||||
|
ports = [
|
||||||
|
"8585:8585" # web ui
|
||||||
|
"8086:8086" # influxdb2
|
||||||
|
];
|
||||||
|
|
||||||
|
environment = {
|
||||||
|
TZ = "America/Chicago";
|
||||||
|
};
|
||||||
|
|
||||||
|
volumes = [
|
||||||
|
"${cfg.containerVolumeLocation}:/opt/scrutiny/config"
|
||||||
|
"${cfg.containerVolumeLocation}/influxdb2:/opt/scrutiny/influxdb"
|
||||||
|
"/run/udev:/run/udev:ro"
|
||||||
|
];
|
||||||
|
|
||||||
|
# Merge the devices and extraCapabilities into the extraOptions property
|
||||||
|
# using the --device and --cap-add flags
|
||||||
|
extraOptions =
|
||||||
|
(map (disk: "--device=${toString disk}") cfg.devices)
|
||||||
|
++
|
||||||
|
(map (cap: "--cap-add=${cap}") cfg.extraCapabilities);
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue