summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--hosts/poweredge-pro/configuration.nix47
-rw-r--r--hosts/poweredge-pro/networking.nix133
2 files changed, 180 insertions, 0 deletions
diff --git a/hosts/poweredge-pro/configuration.nix b/hosts/poweredge-pro/configuration.nix
new file mode 100644
index 0000000..691dedb
--- /dev/null
+++ b/hosts/poweredge-pro/configuration.nix
@@ -0,0 +1,47 @@
+{ config, ... }: {
+ # Setup bootloader
+ boot._loader.enable = true;
+
+ # Enable common options
+ _archetypes = {
+ profiles = {
+ headless = {
+ enable = true;
+ home.users.timmy.enable = true;
+ };
+ #zfs.enable = true;
+ };
+ };
+
+ # Import zfs pools
+ #boot.zfs.extraPools = [ "storage" ];
+
+ # Enable user timmy
+ _users.timmy.enable = true;
+
+ # Without this, "ZFS requires networking.hostId to be set" will be raised
+ #networking.hostId = "4d9e002f";
+
+
+ nixpkgs.config.allowUnfree = true;
+ nixpkgs.config.cudaSupport = true;
+
+ # NVIDIA
+ services.xserver.videoDrivers = [ "nvidia" ]; # xserver.videoDrivers does not imply X
+ hardware.graphics.enable = true;
+ hardware.nvidia = {
+ modesetting.enable = true; # Required
+ nvidiaSettings = false; # Don't need gui
+ open = false;
+ package = config.boot.kernelPackages.nvidiaPackages.legacy_580; # Support for Tesla P100
+ powerManagement.enable = false; # Can cause bugs
+ powerManagement.finegrained = false; # Only works on turing and newer
+ };
+
+ # Packages
+ environment.systemPackages = with pkgs; [
+ config.hardware.nvidia.package # nvidia-smi
+ ];
+
+ system.stateVersion = "26.05";
+}
diff --git a/hosts/poweredge-pro/networking.nix b/hosts/poweredge-pro/networking.nix
new file mode 100644
index 0000000..6f70ac8
--- /dev/null
+++ b/hosts/poweredge-pro/networking.nix
@@ -0,0 +1,133 @@
+let
+ hostIp = "192.168.1.10";
+in { config, ... }: {
+ networking = {
+ # Label lan and wan interfaces
+ _interfaceLabels = {
+ enable = true;
+ interfaces.lan0 = "50:9a:4c:5d:c3:7a";
+ interfaces.lan1 = "50:9a:4c:5d:c3:7a";
+ interfaces.lan2 = "50:9a:4c:5d:c3:7a";
+ interfaces.wan0 = "50:9a:4c:5d:c3:7b";
+ };
+ # Create bridged lan interface for all containers
+ bridges.br-lan0.interfaces = [ "lan0" ];
+ # Disable dhcp on router interfaces
+ interfaces = {
+ veth-router-lan.useDHCP = false;
+ vb-router-lan0.useDHCP = false;
+ };
+ # Configure network
+ defaultGateway = "10.255.255.1"; # Read explaination for veth-router-lan below
+ nameservers = [ "192.168.1.1" ]; # DNS will only be available from this ip address THROUGH the default gateway
+ # br-lan0 will be the interface used for networking on poweredge host
+ interfaces.br-lan0.ipv4.addresses = [{
+ address = hostIp;
+ prefixLength = 24;
+ }];
+ };
+
+ # Router container
+ containers.router = {
+ autoStart = true;
+ ephemeral = true;
+ privateNetwork = true;
+ # Pass wan0 directly into container since it isn't needed elsewhere
+ interfaces = [ "wan0" ];
+ # Setup router lan0
+ # NOTE: Host/container communication is not possible through a hostBridge interface
+ extraVeths.vb-router-lan0.hostBridge = "br-lan0";
+ # Setup virtual host-router bridge interface.
+ # This is the default gateway for host/container communication since
+ # communication isn't possible through hostBridge interfaces.
+ # This is essentially equivalent to connecting the host to the
+ # container with a virtual ethernet cable on a separate interface.
+ extraVeths.veth-router-lan = {
+ hostAddress = "10.255.255.2";
+ localAddress = "10.255.255.1";
+ };
+ # Bind wg0-router secret to container
+ bindMounts."/run/secrets/wg0" = {
+ hostPath = config.sops.secrets.wg0-router.path;
+ isReadOnly = true;
+ };
+
+ config = { lib, config, ... }: {
+ imports = [
+ ../../nixos/services/router
+ ./router-hosts.nix # Contains dhcp config + static leases + overrides
+ ];
+
+ networking = {
+ # Set ip addresses
+ enableIPv6 = false;
+ interfaces = {
+ vb-router-lan0.ipv4.addresses = [{
+ address = "192.168.1.1";
+ prefixLength = 24;
+ }];
+ wan0.ipv4.addresses = [
+ # .163 address reserved for remote backup access
+ { address = "46.110.173.161"; prefixLength = 29; } # Gateway
+ { address = "46.110.173.162"; prefixLength = 29; } # Mail
+ { address = "46.110.173.164"; prefixLength = 29; } # Web
+ { address = "46.110.173.165"; prefixLength = 29; } # Wg
+ { address = "46.110.173.166"; prefixLength = 29; } # Spare
+ ];
+ };
+ defaultGateway = {
+ address = "46.110.173.161";
+ interface = "wan0";
+ };
+ # NAT (port-forwarding) rules
+ nat.forwardPorts =[
+ #{ # Filebrowser
+ # sourcePort = 19045;
+ # proto = "tcp";
+ # destination = "192.168.1.45:9000";
+ #}
+ ];
+ };
+
+ # Setup router
+ services._router = {
+ dnsDhcpConfig.enable = true;
+ routing = {
+ enable = true;
+ interfaces = {
+ lan = [ "vb-router-lan0" "veth-router-lan" ];
+ wan = "wan0";
+ };
+ };
+ };
+
+ services.unbound._blocklists = {
+ enable = true;
+ hageziBlocklists = [ "pro" "nsfw" ];
+ };
+
+ system.stateVersion = "26.05";
+ };
+ };
+
+ # FIXME the following snippet will cause the router container to fail to start:
+ # networking.defaultGateway = {
+ # address = "10.255.255.1";
+ # interface = "veth-router-lan";
+ # };
+ # Journalctl will report:
+ # poweredge container router: Bring veth-router-lan up
+ # poweredge container router: RTNETLINK answers: File exists
+ # poweredge systemd: container@router.service: Control process exited, code=exited, status=2/INVALIDARGUMENT
+ # So the issue nixos is creating an interface with that same name.
+ # As a temporary workaround, the following service is deployed (after the container starts):
+ systemd.services.router-default-route = {
+ after = [ "container@router.service" ];
+ wants = [ "container@router.service" ];
+ serviceConfig.Type = "oneshot";
+ script = ''
+ /run/current-system/sw/bin/ip route replace default via 10.255.255.1 dev veth-router-lan
+ '';
+ wantedBy = [ "multi-user.target" ];
+ };
+}
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-23 12:59:23 +0000