poweredge pro hostpoweredge-pro

author: Tim Keller <tjk@tjkeller.xyz> 2026-06-22 22:57:47 -0500
committer: Tim Keller <tjk@tjkeller.xyz> 2026-06-22 22:57:47 -0500
commit: 7b5ac391f38c8e382b654086c95504e3e178f4e9 (patch)
tree: 465b2fef363e234690331cd3e2a6449a725c8045
parent: 671ba3d42f6c9017fc57876f3c26d22227b1ffef (diff)
download: nixos-poweredge-pro.tar.xz
nixos-poweredge-pro.zip
2 files changed, 180 insertions, 0 deletions
diff --git a/hosts/poweredge-pro/configuration.nix b/hosts/poweredge-pro/configuration.nix
new file mode 100644
index 0000000..691dedb
--- /dev/null
+++ b/hosts/poweredge-pro/configuration.nix
@@ -0,0 +1,47 @@
+{ config, ... }: {
+	# Setup bootloader
+	boot._loader.enable = true;
+
+	# Enable common options
+	_archetypes = {
+		profiles = {
+			headless = {
+				enable = true;
+				home.users.timmy.enable = true;
+			};
+      #zfs.enable = true;
+		};
+	};
+
+	# Import zfs pools
+  #boot.zfs.extraPools = [ "storage" ];
+
+	# Enable user timmy
+	_users.timmy.enable = true;
+
+	# Without this, "ZFS requires networking.hostId to be set" will be raised
+  #networking.hostId = "4d9e002f";
+
+
+	nixpkgs.config.allowUnfree = true;
+	nixpkgs.config.cudaSupport = true;
+
+	# NVIDIA
+	services.xserver.videoDrivers = [ "nvidia" ];  # xserver.videoDrivers does not imply X
+	hardware.graphics.enable = true;
+	hardware.nvidia = {
+		modesetting.enable = true;  # Required
+		nvidiaSettings = false;  # Don't need gui
+		open = false;
+		package = config.boot.kernelPackages.nvidiaPackages.legacy_580;  # Support for Tesla P100
+		powerManagement.enable = false;  # Can cause bugs
+		powerManagement.finegrained = false;  # Only works on turing and newer
+	};
+
+	# Packages
+	environment.systemPackages = with pkgs; [
+		config.hardware.nvidia.package  # nvidia-smi
+	];
+
+	system.stateVersion = "26.05";
+}
diff --git a/hosts/poweredge-pro/networking.nix b/hosts/poweredge-pro/networking.nix
new file mode 100644
index 0000000..6f70ac8
--- /dev/null
+++ b/hosts/poweredge-pro/networking.nix
@@ -0,0 +1,133 @@
+let
+  hostIp = "192.168.1.10";
+in { config, ... }: {
+  networking = {
+    # Label lan and wan interfaces
+    _interfaceLabels = {
+      enable = true;
+      interfaces.lan0 = "50:9a:4c:5d:c3:7a";
+      interfaces.lan1 = "50:9a:4c:5d:c3:7a";
+      interfaces.lan2 = "50:9a:4c:5d:c3:7a";
+      interfaces.wan0 = "50:9a:4c:5d:c3:7b";
+    };
+    # Create bridged lan interface for all containers
+    bridges.br-lan0.interfaces = [ "lan0" ];
+    # Disable dhcp on router interfaces
+    interfaces = {
+      veth-router-lan.useDHCP = false;
+      vb-router-lan0.useDHCP = false;
+    };
+    # Configure network
+    defaultGateway = "10.255.255.1";  # Read explaination for veth-router-lan below
+    nameservers = [ "192.168.1.1" ];  # DNS will only be available from this ip address THROUGH the default gateway
+    # br-lan0 will be the interface used for networking on poweredge host
+    interfaces.br-lan0.ipv4.addresses = [{
+      address = hostIp;
+      prefixLength = 24;
+    }];
+  };
+
+  # Router container
+  containers.router = {
+    autoStart = true;
+    ephemeral = true;
+    privateNetwork = true;
+    # Pass wan0 directly into container since it isn't needed elsewhere
+    interfaces = [ "wan0" ];
+    # Setup router lan0
+    # NOTE: Host/container communication is not possible through a hostBridge interface
+    extraVeths.vb-router-lan0.hostBridge = "br-lan0";
+    # Setup virtual host-router bridge interface.
+    # This is the default gateway for host/container communication since
+    # communication isn't possible through hostBridge interfaces.
+    # This is essentially equivalent to connecting the host to the
+    # container with a virtual ethernet cable on a separate interface.
+    extraVeths.veth-router-lan = {
+      hostAddress  = "10.255.255.2";
+      localAddress = "10.255.255.1";
+    };
+    # Bind wg0-router secret to container
+    bindMounts."/run/secrets/wg0" = {
+      hostPath = config.sops.secrets.wg0-router.path;
+      isReadOnly = true;
+    };
+
+    config = { lib, config, ... }: {
+      imports = [
+        ../../nixos/services/router
+        ./router-hosts.nix  # Contains dhcp config + static leases + overrides
+      ];
+
+      networking = {
+        # Set ip addresses
+        enableIPv6 = false;
+        interfaces = {
+          vb-router-lan0.ipv4.addresses = [{
+            address = "192.168.1.1";
+            prefixLength = 24;
+          }];
+          wan0.ipv4.addresses = [
+            # .163 address reserved for remote backup access
+            { address = "46.110.173.161"; prefixLength = 29; }  # Gateway
+            { address = "46.110.173.162"; prefixLength = 29; }  # Mail
+            { address = "46.110.173.164"; prefixLength = 29; }  # Web
+            { address = "46.110.173.165"; prefixLength = 29; }  # Wg
+            { address = "46.110.173.166"; prefixLength = 29; }  # Spare
+          ];
+        };
+        defaultGateway = {
+          address = "46.110.173.161";
+          interface = "wan0";
+        };
+        # NAT (port-forwarding) rules
+        nat.forwardPorts =[
+          #{  # Filebrowser
+          #  sourcePort = 19045;
+          #  proto = "tcp";
+          #  destination = "192.168.1.45:9000";
+          #}
+        ];
+      };
+
+      # Setup router
+      services._router = {
+        dnsDhcpConfig.enable = true;
+        routing = {
+          enable = true;
+          interfaces = {
+            lan = [ "vb-router-lan0" "veth-router-lan" ];
+            wan = "wan0";
+          };
+        };
+      };
+
+      services.unbound._blocklists = {
+        enable = true;
+        hageziBlocklists = [ "pro" "nsfw" ];
+      };
+
+      system.stateVersion = "26.05";
+    };
+  };
+
+  # FIXME the following snippet will cause the router container to fail to start:
+  #   networking.defaultGateway = {
+  #     address = "10.255.255.1";
+  #     interface = "veth-router-lan";
+  #   };
+  # Journalctl will report:
+  #   poweredge container router: Bring veth-router-lan up
+  #   poweredge container router: RTNETLINK answers: File exists
+  #   poweredge systemd: container@router.service: Control process exited, code=exited, status=2/INVALIDARGUMENT
+  # So the issue nixos is creating an interface with that same name.
+  # As a temporary workaround, the following service is deployed (after the container starts):
+  systemd.services.router-default-route = {
+    after = [ "container@router.service" ];
+    wants = [ "container@router.service" ];
+    serviceConfig.Type = "oneshot";
+    script = ''
+      /run/current-system/sw/bin/ip route replace default via 10.255.255.1 dev veth-router-lan
+    '';
+    wantedBy = [ "multi-user.target" ];
+  };
+}
author	Tim Keller <tjk@tjkeller.xyz>	2026-06-22 22:57:47 -0500
committer	Tim Keller <tjk@tjkeller.xyz>	2026-06-22 22:57:47 -0500
commit	7b5ac391f38c8e382b654086c95504e3e178f4e9 (patch)
tree	465b2fef363e234690331cd3e2a6449a725c8045
parent	671ba3d42f6c9017fc57876f3c26d22227b1ffef (diff)
download	nixos-poweredge-pro.tar.xz nixos-poweredge-pro.zip