numbus/numbus-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Standardize system disk on LVM-on-LUKS for snapshot support.

Browse Source 
Add dedicated parity disk and correct data disk mountpoints.
Resolve various Nix syntax errors in disk templates.
Set data disk filesystem to XFS for better large-file performance.
This commit is contained in:
Raphaël Billet
2025-11-18 22:35:09 +01:00
parent c666160b4e
commit 6827785db7
12 changed files with 733 additions and 174 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config-files/disks/boot-1-data-0.nix
+62
View File
@@ -0,0 +1,62 @@
{ lib, ... }:
{
disko.devices = {
disk = {
# Boot disk
system = {
type = "disk";
device = "${BOOT_DISK_1}";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
settings = {
allowDiscards = true;
};
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
};
};
# Boot disk LVM configuration
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
swap = {
size = "8G";
content.type = "swap";
};
};
};
};
};
}
config-files/disks/boot-1-data-1.nix
+86
View File
@@ -0,0 +1,86 @@
{ lib, ... }:
{
disko.devices = {
disk = {
# Boot disk
system = {
type = "disk";
device = "${BOOT_DISK_1}";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
settings = {
allowDiscards = true;
};
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
};
# First data disk
data1 = {
type = "disk";
device = "${DATA_DISK_1}";
content = {
type = "gpt";
partitions = {
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted-data-1";
keyFile = "/run/secrets/disks/data-disk-1";
content = {
type = "filesystem";
format = "xfs";
mountpoint = "/mnt/data-1";
};
};
};
};
};
};
};
# Boot disk LVM configuration
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
swap = {
size = "8G";
content.type = "swap";
};
};
};
};
};
}
config-files/disks/boot-1-data-2.nix
+110
View File
@@ -0,0 +1,110 @@
{ lib, ... }:
{
disko.devices = {
disk = {
# Boot disk
system = {
type = "disk";
device = "${BOOT_DISK_1}";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
settings = {
allowDiscards = true;
};
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
};
# First data disk
data1 = {
type = "disk";
device = "${DATA_DISK_1}";
content = {
type = "gpt";
partitions = {
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted-data-1";
keyFile = "/run/secrets/disks/data-disk-1";
content = {
type = "filesystem";
format = "xfs";
mountpoint = "/mnt/data-1";
};
};
};
};
};
};
# Parity disk
parity1 = {
type = "disk";
device = "${PARITY_DISK_1}";
content = {
type = "gpt";
partitions = {
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted-parity-1";
keyFile = "/run/secrets/disks/parity-disk-1";
content = {
type = "filesystem";
format = "xfs";
mountpoint = "/mnt/parity-1";
};
};
};
};
};
};
};
# Boot disk LVM configuration
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
swap = {
size = "8G";
content.type = "swap";
};
};
};
};
};
}
config-files/disks/boot-1-data-3.nix
+134
View File
@@ -0,0 +1,134 @@
{ lib, ... }:
{
disko.devices = {
disk = {
# Boot disk
system = {
type = "disk";
device = "${BOOT_DISK_1}";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
settings = {
allowDiscards = true;
};
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
};
# First data disk
data1 = {
type = "disk";
device = "${DATA_DISK_1}";
content = {
type = "gpt";
partitions = {
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted-data-1";
keyFile = "/run/secrets/disks/data-disk-1";
content = {
type = "filesystem";
format = "xfs";
mountpoint = "/mnt/data-1";
};
};
};
};
};
};
# Second data disk
data2 = {
type = "disk";
device = "${DATA_DISK_2}";
content = {
type = "gpt";
partitions = {
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted-data-2";
keyFile = "/run/secrets/disks/data-disk-2";
content = {
type = "filesystem";
format = "xfs";
mountpoint = "/mnt/data-2";
};
};
};
};
};
};
# Parity disk
parity1 = {
type = "disk";
device = "${PARITY_DISK_1}";
content = {
type = "gpt";
partitions = {
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted-parity-1";
keyFile = "/run/secrets/disks/parity-disk-1";
content = {
type = "filesystem";
format = "xfs";
mountpoint = "/mnt/parity-1";
};
};
};
};
};
};
};
# Boot disk LVM configuration
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
swap = {
size = "8G";
content.type = "swap";
};
};
};
};
};
}
config-files/disks/boot-1-data-4.nix
+158
View File
@@ -0,0 +1,158 @@
{ lib, ... }:
{
disko.devices = {
disk = {
# Boot disk
system = {
type = "disk";
device = "${BOOT_DISK_1}";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
settings = {
allowDiscards = true;
};
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
};
# First data disk
data1 = {
type = "disk";
device = "${DATA_DISK_1}";
content = {
type = "gpt";
partitions = {
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted-data-1";
keyFile = "/run/secrets/disks/data-disk-1";
content = {
type = "filesystem";
format = "xfs";
mountpoint = "/mnt/data-1";
};
};
};
};
};
};
# Second data disk
data2 = {
type = "disk";
device = "${DATA_DISK_2}";
content = {
type = "gpt";
partitions = {
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted-data-2";
keyFile = "/run/secrets/disks/data-disk-2";
content = {
type = "filesystem";
format = "xfs";
mountpoint = "/mnt/data-2";
};
};
};
};
};
};
# Third data disk
data3 = {
type = "disk";
device = "${DATA_DISK_3}";
content = {
type = "gpt";
partitions = {
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted-data-3";
keyFile = "/run/secrets/disks/data-disk-3";
content = {
type = "filesystem";
format = "xfs";
mountpoint = "/mnt/data-3";
};
};
};
};
};
};
# Parity disk
parity1 = {
type = "disk";
device = "${PARITY_DISK_1}";
content = {
type = "gpt";
partitions = {
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted-parity-1";
keyFile = "/run/secrets/disks/parity-disk-1";
content = {
type = "filesystem";
format = "xfs";
mountpoint = "/mnt/parity-1";
};
};
};
};
};
};
};
# Boot disk LVM configuration
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
swap = {
size = "8G";
content.type = "swap";
};
};
};
};
};
}
config-files/example/deploy.example.conf
+18
View File
@@ -0,0 +1,18 @@
#TARGET SETTINGS
TARGET_HOST="192.168.1.10"
TARGET_DISK="/dev/yourDisk"
TARGET_GRAPHICS="true"
SSH_PUBLIC_KEY="ssh-ed25519 AAAAoefzefpoipoeCEZJCPEACPAcjapjcpajepcjAPJECJPEJAPJAZ yours@yourdomain.com"
# TRAEFIK SETTINGS
DOMAIN_NAME="yourdomain.com"
EMAIL_ADDRESS="no-reply@yourdomain.com"
CF_DNS_API_TOKEN="yourToken"
#SMTP SETTINGS
SENDER_EMAIL_ADDRESS="youraddress@gmail.com"
SENDER_EMAIL_ADDRESS_PASSWORD="emrp raps vzoi vnoe"
SENDER_EMAIL_DOMAIN="smtp.yourdomain.com"
SENDER_EMAIL_PORT="587"
#NETWORK SETTINGS
HOME_ROUTER_SUBNET="192.168.1.0/24"
HOME_ROUTER_IP="192.168.1.1"
HOME_SERVER_IP="192.168.1.5"
config-files/sops-nix/.sops.yaml
+9
View File
@@ -0,0 +1,9 @@
# .sops.yaml
keys:
- &primary $SOPS_PUBLIC_KEY
creation_rules:
- path_regex: secrets/secrets.yaml$
key_groups:
- age:
- *primary
config-files/sops-nix/secrets.yaml
+35
View File
@@ -0,0 +1,35 @@
ssh-public-keys: $SSH_PUBLIC_KEY
docker:
nextcloud: |
DOMAIN_NAME=$DOMAIN_NAME
NEXTCLOUD_ENABLE_DRI_DEVICE=$TARGET_GRAPHICS
frigate: |
DOMAIN_NAME=$DOMAIN_NAME
FRIGATE_MQTT_USER=$HOME_ASSISTANT_MQTT_USER
FRIGATE_MQTT_PASSWORD=$HOME_ASSISTANT_MQTT_PASSWORD
traefik: |
DOMAIN_NAME=$DOMAIN_NAME
CF_DNS_API_TOKEN=$CF_DNS_API_TOKEN
hass: |
DOMAIN_NAME=$DOMAIN_NAME
HOME_ASSISTANT_MQTT_USER=$HOME_ASSISTANT_MQTT_USER
HOME_ASSISTANT_MQTT_PASSWORD=$HOME_ASSISTANT_MQTT_PASSWORD
passbolt: |
DOMAIN_NAME=$DOMAIN_NAME
TZ="Europe/Paris"
PASSBOLT_MYSQL_DATABASE=$PASSBOLT_MYSQL_DATABASE
PASSBOLT_MYSQL_USER=$PASSBOLT_MYSQL_USER
PASSBOLT_MYSQL_PASSWORD=$PASSBOLT_MYSQL_PASSWORD
SENDER_EMAIL_ADDRESS=$SENDER_EMAIL_ADDRESS
SENDER_EMAIL_ADDRESS_PASSWORD=$SENDER_EMAIL_ADDRESS_PASSWORD
SENDER_EMAIL_DOMAIN=$SENDER_EMAIL_DOMAIN
SENDER_EMAIL_PORT=$SENDER_EMAIL_PORT
EMAIL_ADDRESS=$EMAIL_ADDRESS
pihole: |
DOMAIN_NAME=$DOMAIN_NAME
TZ="Europe/Paris"
HOME_ROUTER_SUBNET=$HOME_ROUTER_SUBNET
HOME_ROUTER_IP=$HOME_ROUTER_IP
HOME_SERVER_IP=$HOME_SERVER_IP
FTLCONF_webserver_api_password=$FTLCONF_WEBSERVER_PASSWORD