From 10e8117cea41c8cca3ce5b86034b79f33c954562 Mon Sep 17 00:00:00 2001
From: James Andariese <james@strudelline.net>
Date: Sun, 20 Apr 2025 01:46:26 -0500
Subject: [PATCH] updates for garage

add garage tank mount
open up the firewall on the k3s agents for now
apply this to xerneas (yveltal doesn't have an hdd)
---
 hosts/xerneas.nix           |  1 +
 modules/garage-lvm-data.nix | 14 ++++++++++++++
 modules/k3s-agent.nix       |  4 ++--
 modules/server.nix          |  8 +++++++-
 4 files changed, 24 insertions(+), 3 deletions(-)
 create mode 100644 modules/garage-lvm-data.nix

diff --git a/hosts/xerneas.nix b/hosts/xerneas.nix
index 750ddb3..7d5e3c2 100644
--- a/hosts/xerneas.nix
+++ b/hosts/xerneas.nix
@@ -9,6 +9,7 @@
     [ # Include the results of the hardware scan.
       ../types/server.nix
       ../modules/k3s-agent.nix
+      ../modules/garage-lvm-data.nix
     ];
   config = lib.mkMerge [
     {
diff --git a/modules/garage-lvm-data.nix b/modules/garage-lvm-data.nix
new file mode 100644
index 0000000..df9ac2f
--- /dev/null
+++ b/modules/garage-lvm-data.nix
@@ -0,0 +1,14 @@
+{ config, ... }:
+{
+  # make an LV for the tank.  add VGs to it.
+  #  parted /dev/sda
+  #    stuff to make this for lvm.
+  #  vgcreate xerneas-tank-hdd /dev/sda1
+  #  lvcreate -l 50%FREE xerneas-tank-hdd --name garage-data
+  #  mkfs.xfs -L xerneas-gdat /dev/mapper/xerneas--tank--hdd-garage--data
+
+  fileSystems."/var/lib/garage/data" = {
+      device = "/dev/mapper/xerneas--tank--hdd-garage--data";
+      fsType = "xfs";
+  };
+}
diff --git a/modules/k3s-agent.nix b/modules/k3s-agent.nix
index c112c32..fe2babd 100644
--- a/modules/k3s-agent.nix
+++ b/modules/k3s-agent.nix
@@ -37,12 +37,12 @@ with lib;
     53 80 443 5432 5001 9898 9999 6443 4222 6222 8222 2379 2380 8472 10250
   ];
   networking.firewall.allowedUDPPortRanges = [
-    { from = 5000; to = 32767; }
+    { from = 1; to = 65535; }
   ];
   networking.firewall.allowedTCPPorts = [
     53 80 443 5432 5001 9898 9999 6443 4222 6222 8222 2379 2380 10250
   ];
   networking.firewall.allowedTCPPortRanges = [
-    { from = 5000; to = 32767; }
+    { from = 1; to = 65535; }
   ];
 }
diff --git a/modules/server.nix b/modules/server.nix
index cf0ca02..a47cba5 100644
--- a/modules/server.nix
+++ b/modules/server.nix
@@ -33,7 +33,13 @@
   services.openssh.enable = true;
   networking.firewall.enable = true;
 
-  environment.systemPackages = [ pkgs.nfs-utils ];
+  environment.systemPackages = with pkgs; [
+    neovim
+    htop
+    parted
+    nfs-utils
+    xfsprogs
+  ];
   services.openiscsi = {
     enable = true;
     name = "${config.networking.hostName}-initiatorhost";