numbus/numbus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Migrated from multi repos to monorepo architecture.

Browse Source
This commit is contained in:
Raphaël Numbus
2026-05-02 12:52:08 +02:00
parent 72668492f5
commit 73adb395c0
218 changed files with 9639 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/common/hardware/cpu.nix
+9
View File
@@ -0,0 +1,9 @@
{ config, ... }:
{
config = {
hardware.enableRedistributableFirmware = true;
hardware.cpu.intel.updateMicrocode = true;
hardware.cpu.amd.updateMicrocode = true;
};
}
modules/common/hardware/default.nix
+9
View File
@@ -0,0 +1,9 @@
{ ... }:
{
imports = [
# To test
./disks/default.nix
./cpu.nix
];
}
modules/common/hardware/disks/boot.nix
+192
View File
@@ -0,0 +1,192 @@
{ config, lib, ... }:
with lib;
let
cfg = config.numbus.hardware.disks.boot;
bootCount = builtins.length cfg.list;
singleDiskConfig = {
disko.devices.disk.main = {
type = "disk";
device = head cfg.list;
content = {
type = cfg.partitionTableScheme;
partitions = {
ESP = {
size = cfg.partition.boot.size;
type = cfg.partition.boot.esp;
content = {
type = "filesystem";
format = cfg.partition.boot.filesystem;
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
swap = {
size = cfg.partition.swap.size;
content = {
type = "swap";
randomEncryption = cfg.partition.swap.encrypt;
};
};
luks = {
size = cfg.partition.root.size;
content = {
type = "luks";
name = "boot";
settings.keyFile = "/run/secrets/disks/boot";
content = {
type = "filesystem";
format = cfg.partition.root.filesystem;
mountpoint = "/";
};
};
};
};
};
};
};
raid1DiskConfig = {
disko.devices.disk = lib.listToAttrs (lib.imap0 (i: device: {
name = "boot-${toString i}";
value = {
type = "disk";
inherit device;
content = {
type = cfg.partitionTableScheme;
partitions = {
ESP = { size = cfg.partition.boot.size; type = cfg.partition.boot.esp; content = { type = "mdraid"; name = "boot"; }; };
swap = { size = cfg.partition.swap.size; content = { type = "mdraid"; name = "swap"; }; };
mdadm = { size = cfg.partition.root.size; content = { type = "mdraid"; name = "raid1"; }; };
};
};
};
}) cfg.list);
disko.devices.mdadm = {
boot = {
type = "mdadm";
level = 1;
metadata = "1.0";
content = {
type = "filesystem";
format = cfg.partition.boot.filesystem;
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
swap = {
type = "mdadm";
level = 1;
content = {
type = "swap";
randomEncryption = cfg.partition.swap.encrypt;
};
};
raid1 = {
type = "mdadm";
level = 1;
content = {
type = "luks";
name = "boot";
settings.keyFile = "/run/secrets/disks/boot";
content = {
type = "filesystem";
format = cfg.partition.root.filesystem;
mountpoint = "/";
};
};
};
};
};
in
{
options.numbus.hardware.disks = {
boot = {
list = mkOption {
type = types.listOf types.str;
example = [ "/dev/disk/by-id/nvme_SAMSUNG_MZVPYEHCO_159Ejz224G0000" "/dev/disk/by-id/ata-San_Disk_159Ejz224G" ];
description = "A set of by-id path of disk(s) that will be used as boot disk(s). At least one disk must be set.";
};
partitionTableScheme = mkOption {
type = types.enum [ "gpt" "mbr" ];
default = "gpt";
example = "gpt";
description = "The scheme of the partition table. Use \"gpt\" for modern devices and \"mbr\" for legacy ones.";
};
partition = {
root = {
filesystem = mkOption {
type = types.enum [ "ext4" "btrfs" "xfs" ];
default = "ext4";
example = "ext4";
description = "The filesystem to use for the root partition of the boot disk(s).";
};
size = mkOption {
type = types.str;
default = "100%";
example = "100%";
description = "The size of the root partition. Use G for GBs and M for MBs.";
};
};
boot = {
filesystem = mkOption {
type = types.enum [ "vfat" ];
default = "vfat";
example = "vfat";
description = "The filesystem to use for the boot partition of the boot disk(s).";
};
esp = mkOption {
type = types.enum [ "EF00" "EF02" ];
default = "EF00";
example = "EF00";
description = "The ESP type to use for the boot partition. Use EF02 for UEFI and EF00 for BIOS.";
};
size = mkOption {
type = types.str;
default = "1G";
example = "1G";
description = "The size of the boot partition.";
};
};
swap = {
enable = mkOption {
type = types.bool;
default = true;
example = true;
description = "Wether to create a swap partition. Useful for servers that don't have a lot of RAM.";
};
encrypt = mkOption {
type = types.bool;
default = true;
example = true;
description = "Wether to encrypt randomly the swap partition. Disable if you need hibernation";
};
size = mkOption {
type = types.str;
default = "16G";
example = "16G";
description = "Size of the swap partition. Use G for GBs and M for MBs.";
};
};
};
};
};
config = mkMerge [
{
sops.secrets."disks/boot" = {
sopsFile = "/etc/nixos/secrets/disks/boot.yaml";
gid = "0";
uid = "0";
mode = "0400";
};
}
(mkIf (bootCount == 1) singleDiskConfig)
(mkIf (bootCount == 2) raid1DiskConfig)
];
}
modules/common/hardware/disks/content.nix
+107
View File
@@ -0,0 +1,107 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.numbus.hardware.disks.content;
contentCount = builtins.length cfg.list;
parityCount = builtins.length config.numbus.hardware.disks.parity.list;
contentDisks = lib.imap0 (i: device: {
name = "content-${toString i}";
value = {
type = "disk";
inherit device;
content = {
type = cfg.partitionTableScheme;
partitions.luks = {
size = cfg.partition.size;
content = {
type = "luks";
name = "content-${toString i}";
settings.keyFile = "/run/secrets/disks/content-${toString i}";
initrdUnlock = false;
content = {
type = "filesystem";
format = cfg.partition.filesystem;
mountpoint = "/mnt/content-${toString i}";
mountOptions = [ "noauto" "nofail" ];
};
};
};
};
};
}) cfg.list;
in
{
options.numbus.hardware.disks = {
content = {
list = mkOption {
type = types.listOf types.str;
example = [ "/dev/disk/by-id/ata_Hitachi_MZVPYEHCO_159Ejz224G0000" "/dev/disk/by-id/ata-WD_159Ejz224G" ];
default = [];
description = "A set of by-id path of disk(s) that will be used as content disk(s).";
};
partitionTableScheme = mkOption {
type = types.enum [ "gpt" "mbr" ];
default = "gpt";
example = "gpt";
description = "The scheme of the partition table. Use \"gpt\" for modern devices and \"mbr\" for legacy ones.";
};
partition = {
filesystem = mkOption {
type = types.enum [ "ext4" "btrfs" "xfs" ];
default = "xfs";
example = "xfs";
description = "The filesystem to use for the main partition of the content disk(s).";
};
size = mkOption {
type = types.str;
default = "100%";
example = "100%";
description = "The size of the main partition. Use G for GBs and M for MBs.";
};
};
};
};
config = mkIf (contentCount > 0 && (parityCount != 1 && contentCount != 1)) {
disko.devices.disk = builtins.listToAttrs contentDisks;
sops.secrets = listToAttrs (map (i:
nameValuePair "disks/content-${toString i}" {
sopsFile = "/etc/nixos/secrets/disks/content.yaml";
gid = "0";
uid = "0";
mode = "0400";
}
) (range 0 (contentCount - 1)));
systemd.services.mount-content-disks = {
description = "Mount content disks.";
before = [ "mnt-data.mount" ];
requiredBy = [ "mnt-data.mount" ];
requires = [ "sops-install-secrets.service" ];
path = [ pkgs.cryptsetup pkgs.util-linux ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = let
mountContentDisk = i: ''
if [ ! -e /dev/mapper/content-${toString i} ]; then
cryptsetup luksOpen --key-file /run/secrets/disks/content-${toString i} /dev/disk/by-partlabel/disk-content-${toString i}-luks content-${toString i}
fi
mkdir -p /mnt/content-${toString i}
if ! mountpoint -q /mnt/content-${toString i}; then
mount -t ${cfg.partition.filesystem} /dev/mapper/content-${toString i} /mnt/content-${toString i}
fi
'';
in ''
${concatMapStrings mountContentDisk (range 0 (contentCount - 1))}
'';
};
};
}
modules/common/hardware/disks/default.nix
+12
View File
@@ -0,0 +1,12 @@
{ ... }:
{
imports = [
./boot.nix
./content.nix
./mergerfs-snapraid.nix
./mirror.nix
./parity.nix
./spindown.nix
];
}
modules/common/hardware/disks/mergerfs-snapraid.nix
+41
View File
@@ -0,0 +1,41 @@
{ config, lib, ... }:
with lib;
let
cfg = config.numbus.hardware.disks;
contentCount = builtins.length cfg.content.list;
parityCount = builtins.length cfg.parity.list;
in
{
config = mkIf (contentCount >= 2 && parityCount >= 1) {
services.snapraid = {
enable = true;
contentFiles = map (i: "/mnt/content-${toString i}/snapraid.content") (range 0 (contentCount - 1));
parityFiles = map (i: "/mnt/parity-${toString i}/snapraid.parity") (range 0 (parityCount - 1));
dataDisks = listToAttrs (imap0 (i: _: nameValuePair "d${toString i}" "/mnt/content-${toString i}") cfg.content.list);
};
fileSystems."/mnt/data" = {
device = concatStringsSep ":" (map (i: "/mnt/content-${toString i}") (range 0 (contentCount - 1)));
fsType = "fuse.mergerfs";
options = [
"category.create=ff"
"cache.files=partial"
"dropcacheonclose=true"
"defaults"
"noauto"
"nofail"
"allow_other"
"moveonenospc=1"
"minfreespace=50G"
"func.getattr=newest"
"fsname=mergerfs_data"
"x-mount.mkdir"
"x-systemd.automount"
];
};
};
}
modules/common/hardware/disks/mirror.nix
+75
View File
@@ -0,0 +1,75 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.numbus.hardware.disks;
contentCount = builtins.length cfg.content.list;
parityCount = builtins.length cfg.parity.list;
dataMirror = {
disko.devices.disk = listToAttrs (imap0 (i: device: {
name = "mirror-${toString i}";
value = {
type = "disk";
inherit device;
content = {
type = cfg.partitionTableScheme;
partitions.raid = {
size = cfg.content.partition.size;
content = {
type = "mdraid";
name = "mirror";
};
};
};
};
}) (cfg.content.list ++ cfg.parity.list));
disko.devices.mdadm.mirror = {
type = "mdadm";
level = 1;
content = {
type = "luks";
name = "mirror";
settings.keyFile = "/run/secrets/disks/mirror";
initrdUnlock = false;
content = {
type = "filesystem";
format = cfg.content.partition.filesystem;
mountpoint = "/mnt/data";
mountOptions = [ "noauto" "nofail" ];
};
};
};
};
in
{
config = mkIf (contentCount == 1 && parityCount == 1) (mkMerge [
dataMirror
{
systemd.services.mount-mirror = {
description = "Mount the disks mirror.";
before = [ "mnt-data.mount" ];
requiredBy = [ "mnt-data.mount" ];
requires = [ "sops-install-secrets.service" ];
path = [ pkgs.cryptsetup pkgs.util-linux ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
if [ ! -e /dev/mapper/mirror ]; then
cryptsetup open /dev/md/mirror mirror --key-file /run/secrets/disks/mirror
fi
mkdir -p /mnt/data
if ! mountpoint -q /mnt/data; then
mount -t ${cfg.content.partition.filesystem} /dev/mapper/mirror /mnt/data
fi
'';
};
}
]);
}
modules/common/hardware/disks/parity.nix
+107
View File
@@ -0,0 +1,107 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.numbus.hardware.disks.parity;
parityCount = builtins.length cfg.list;
parityDisks = lib.imap0 (i: device: {
name = "parity-${toString i}";
value = {
type = "disk";
inherit device;
content = {
type = cfg.partitionTableScheme;
partitions.luks = {
size = cfg.partition.size;
content = {
type = "luks";
name = "parity-${toString i}";
settings.keyFile = "/run/secrets/disks/parity-${toString i}";
initrdUnlock = false;
content = {
type = "filesystem";
format = cfg.partition.filesystem;
mountpoint = "/mnt/parity-${toString i}";
mountOptions = [ "noauto" "nofail" ];
};
};
};
};
};
}) cfg.list;
in
{
options.numbus.hardware.disks = {
parity = {
list = mkOption {
type = types.listOf types.str;
example = [ "/dev/disk/by-id/ata_WDC_MZVPYEHCO_159Ejz224G0000" "/dev/disk/by-id/ata-San_Disk_159Ejz224G" ];
default = [];
description = "A set of by-id path of disk(s) that will be used as parity disk(s).";
};
partitionTableScheme = mkOption {
type = types.enum [ "gpt" "mbr" ];
default = "gpt";
example = "gpt";
description = "The scheme of the partition table. Use \"gpt\" for modern devices and \"mbr\" for legacy ones.";
};
partition = {
filesystem = mkOption {
type = types.enum [ "ext4" "btrfs" "xfs" ];
default = "xfs";
example = "xfs";
description = "The filesystem to use for the main partition of the parity disk(s).";
};
size = mkOption {
type = types.str;
default = "100%";
example = "100%";
description = "The size of the main partition. Use G for GBs and M for MBs.";
};
};
};
};
config = mkIf (parityCount > 1) {
disko.devices.disk = builtins.listToAttrs parityDisks;
sops.secrets = listToAttrs (map (i:
nameValuePair "disks/parity-${toString i}" {
sopsFile = "/etc/nixos/secrets/disks/parity.yaml";
gid = "0";
uid = "0";
mode = "0400";
}
) (range 0 (parityCount - 1)));
systemd.services.mount-parity-disks = {
description = "Mount parity disks.";
before = [ "mnt-data.mount" ];
requiredBy = [ "mnt-data.mount" ];
requires = [ "sops-install-secrets.service" ];
path = [ pkgs.cryptsetup pkgs.util-linux ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = let
mountparityDisk = i: ''
if [ ! -e /dev/mapper/parity-${toString i} ]; then
cryptsetup luksOpen --key-file /run/secrets/disks/parity-${toString i} /dev/disk/by-partlabel/disk-parity-${toString i}-luks parity-${toString i}
fi
mkdir -p /mnt/parity-${toString i}
if ! mountpoint -q /mnt/parity-${toString i}; then
mount -t ${cfg.partition.filesystem} /dev/mapper/parity-${toString i} /mnt/parity-${toString i}
fi
'';
in
''
${concatMapStrings mountparityDisk (range 0 (parityCount - 1))}
'';
};
};
}
modules/common/hardware/disks/spindown.nix
+46
View File
@@ -0,0 +1,46 @@
{ config, lib, ... }:
with lib;
let
hardDrives = config.numbus.hardware.spindown.list;
cfg = config.numbus.hardware;
in
{
config = mkIf (cfg.HddSpindown.enable == true) {
systemd.services.hd-idle = {
description = "External HD spin down daemon";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
ExecStart =
let
idleTime = toString 1800;
hardDriveParameter = lib.strings.concatMapStringsSep " " (x: "-a ${x} -i ${idleTime}") hardDrives;
in
"${pkgs.hd-idle}/bin/hd-idle -i 0 ${hardDriveParameter}";
};
};
};
options.numbus = {
hardware = {
spindown = {
enable = mkEnableOption "hard drives spin down when inactive in order to save power.";
list = mkOption {
description = "The list of compatible hard drives that will spin down.";
type = types.listOf types.str;
default = [];
example = [ "/dev/disk/by-id/ata_Hitachi_MZVPYEHCO_159Ejz224G0000" "/dev/disk/by-id/ata-WD_159Ejz224G" ];
};
optimize = mkOption {
description = "Optimize services to reduce HDD wakeups when spindown is enabled. Can be set to \"compatible\" to optimize all compatible services, or a list of service names to optimize.";
type = types.nullOr (types.either (types.enum [ "compatible" ]) (types.listOf types.str));
default = "compatible";
example = "[ \"crafty\" \"gitea\" ]";
};
};
};
};
}