2023-08-24 12:30:46 +02:00
|
|
|
{ config, pkgs, lib, modulesPath, ... }:
|
|
|
|
|
|
|
|
{
|
|
|
|
imports = [
|
2024-06-03 09:20:11 +02:00
|
|
|
../common/xeon.nix
|
|
|
|
../module/monitoring.nix
|
2023-08-24 12:30:46 +02:00
|
|
|
];
|
|
|
|
|
2023-08-25 13:40:10 +02:00
|
|
|
boot.loader.grub.device = "/dev/disk/by-id/wwn-0x55cd2e414d53563a";
|
2023-08-24 12:30:46 +02:00
|
|
|
|
2024-07-17 13:10:59 +02:00
|
|
|
boot.kernel.sysctl = {
|
|
|
|
"kernel.yama.ptrace_scope" = lib.mkForce "1";
|
|
|
|
};
|
|
|
|
|
2023-08-24 12:30:46 +02:00
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
ceph
|
|
|
|
];
|
|
|
|
|
2023-08-25 14:44:53 +02:00
|
|
|
services.ceph = {
|
|
|
|
enable = true;
|
|
|
|
global = {
|
|
|
|
fsid = "9c8d06e0-485f-4aaf-b16b-06d6daf1232b";
|
|
|
|
monHost = "10.0.40.40";
|
|
|
|
monInitialMembers = "bay";
|
|
|
|
clusterNetwork = "10.0.40.40/24"; # Use Ethernet only
|
|
|
|
};
|
|
|
|
osd = {
|
|
|
|
enable = true;
|
|
|
|
# One daemon per NVME disk
|
|
|
|
daemons = [ "4" "5" "6" "7" ];
|
|
|
|
extraConfig = {
|
|
|
|
"osd crush chooseleaf type" = "0";
|
|
|
|
"osd journal size" = "10000";
|
|
|
|
"osd pool default min size" = "2";
|
|
|
|
"osd pool default pg num" = "200";
|
|
|
|
"osd pool default pgp num" = "200";
|
|
|
|
"osd pool default size" = "3";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2023-08-24 12:30:46 +02:00
|
|
|
networking = {
|
|
|
|
hostName = "lake2";
|
|
|
|
interfaces.eno1.ipv4.addresses = [ {
|
|
|
|
address = "10.0.40.42";
|
|
|
|
prefixLength = 24;
|
|
|
|
} ];
|
|
|
|
interfaces.ibp5s0.ipv4.addresses = [ {
|
|
|
|
address = "10.0.42.42";
|
|
|
|
prefixLength = 24;
|
|
|
|
} ];
|
2024-04-24 16:55:06 +02:00
|
|
|
firewall = {
|
|
|
|
extraCommands = ''
|
|
|
|
# Accept all incoming TCP traffic from bay
|
|
|
|
iptables -A nixos-fw -p tcp -s bay -j nixos-fw-accept
|
|
|
|
# Accept monitoring requests from hut
|
|
|
|
iptables -A nixos-fw -p tcp -s hut --dport 9002 -j nixos-fw-accept
|
2024-04-30 13:04:45 +02:00
|
|
|
# Accept all Ceph traffic from the local network
|
|
|
|
iptables -A nixos-fw -p tcp -s 10.0.40.0/24 -m multiport --dport 3300,6789,6800:7568 -j nixos-fw-accept
|
2024-04-24 16:55:06 +02:00
|
|
|
'';
|
|
|
|
};
|
2023-08-24 12:30:46 +02:00
|
|
|
};
|
2023-08-29 18:47:25 +02:00
|
|
|
|
|
|
|
# Missing service for volumes, see:
|
|
|
|
# https://www.reddit.com/r/ceph/comments/14otjyo/comment/jrd69vt/
|
|
|
|
systemd.services.ceph-volume = {
|
|
|
|
enable = true;
|
|
|
|
description = "Ceph Volume activation";
|
|
|
|
unitConfig = {
|
|
|
|
Type = "oneshot";
|
|
|
|
After = "local-fs.target";
|
|
|
|
Wants = "local-fs.target";
|
|
|
|
};
|
|
|
|
path = [ pkgs.ceph pkgs.util-linux pkgs.lvm2 pkgs.cryptsetup ];
|
|
|
|
serviceConfig = {
|
|
|
|
KillMode = "none";
|
|
|
|
Environment = "CEPH_VOLUME_TIMEOUT=10000";
|
|
|
|
ExecStart = "/bin/sh -c 'timeout $CEPH_VOLUME_TIMEOUT ${pkgs.ceph}/bin/ceph-volume lvm activate --all --no-systemd'";
|
|
|
|
TimeoutSec = "0";
|
|
|
|
};
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
};
|
2023-08-24 12:30:46 +02:00
|
|
|
}
|