feat(intel): configure nfs, mdadm, collectd - hashipi - Raspberry Pi home lab with Nomad and OpenBao

commit e80c84930c0207274ccce0cb597729b02a37da6a
parent a40b12d4b79f2b59fe75a909716292d5eb54001f
Author: Andreas Gruhler <agruhl@gmx.ch>
Date:   Fri, 28 Nov 2025 22:27:25 +0100

feat(intel): configure nfs, mdadm, collectd

Diffstat:
M debian_postinstall.sh  | 116 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

1 file changed, 116 insertions(+), 0 deletions(-)
diff --git a/debian_postinstall.sh b/debian_postinstall.sh
@@ -31,6 +31,7 @@ iface br0 inet dhcp
     bridge_maxwait 0
 EOF
 
+# Configure AppArmor profile for nfs mount in lxc container
 cat <<EOF > /etc/apparmor.d/lxc/lxc-gatus
 profile lxc-gatus flags=(attach_disconnected,mediate_deleted) {
   # Include base container profile
@@ -40,3 +41,118 @@ profile lxc-gatus flags=(attach_disconnected,mediate_deleted) {
   mount fstype=nfs -> /etc/nginx/tls/,
 }
 EOF
+
+# Configure Collectd to report file system usage
+cat <<EOF > /etc/collectd/collectd.conf
+LoadPlugin df
+<Plugin df>
+        Device "/dev/md127"
+        ValuesPercentage true
+</Plugin>
+
+LoadPlugin exec
+<Plugin exec>
+        Exec "nobody" "/usr/local/bin/collectd-exec-mdadm.sh"
+</Plugin>
+
+LoadPlugin unixsock
+<Plugin unixsock>
+        SocketFile "/var/run/collectd/query.sock"
+        SocketGroup "nogroup"
+        # allow Nginx in LXC container to write the socket
+        SocketPerms "0666"
+</Plugin>
+EOF
+
+# Set script for reporting the raid health
+cat <<EOF > /usr/local/bin/collectd-exec-mdadm.sh
+#!/usr/bin/env sh
+#
+# Collectd Exec plugin check
+# https://github.com/collectd/collectd/wiki/Plugin-Exec
+
+# Starting with version-4.9 the Exec plugin sets the COLLECTD_INTERVAL and
+# COLLECTD_HOSTNAME environment variables. The former is set to the global
+# interval setting, the latter to the global hostname.
+HOSTNAME="${COLLECTD_HOSTNAME:-localhost}"
+INTERVAL=$(printf "%0.f\n" "${COLLECTD_INTERVAL:-60}")
+
+MD_RAID=md127
+
+while sleep "$INTERVAL"; do
+  echo "PUTVAL intel0/exec-md/md127-degraded N:1"
+  # Check if any of the raid members are degraded
+  # - https://www.kernel.org/doc/html/v4.15/admin-guide/md.html
+  # - https://github.com/TwiN/gatus#external-endpoints
+  if [[ $(cat /sys/block/$MD_RAID/md/degraded) -gt 0 ]]
+  then
+    # At least one raid member is in degraded state
+    # Valid collectd types can be found in /usr/share/collectd/types.db
+    echo "PUTVAL intel0/exec-md127/md_disks-degraded interval=$INTERVAL N:1"
+  else
+    echo "PUTVAL intel0/exec-md127/md_disks-degraded interval=$INTERVAL N:0"
+  fi
+done
+EOF
+
+chmod +x /usr/local/bin/collectd-exec-mdadm.sh
+
+# Ensure that initramfs has an uptodate copy
+# https://wiki.ubuntuusers.de/Software-RAID/#mdadm-conf-aktualisieren
+/usr/share/mdadm/mkconf > /etc/mdadm/mdadm.conf
+sed -i 's/^MAILADDR.*/MAILADDR agruhl@gmx.ch/g' /etc/mdadm/mdadm.conf
+update-initramfs -u
+
+# Mount the raid
+mkdir -p /srv/nfs
+cat <<EOF >> /etc/fstab
+/dev/md127      /srv/nfs        ext4 defaults               0       1
+EOF
+
+# Configure NFS exports
+cat <<EOF > /etc/exports
+# - https://linux.die.net/man/5/exports
+# - https://linux.die.net/man/8/exportfs
+# - https://linux.die.net/man/8/rpcinfo
+# - https://linux.die.net/man/8/nfsstat
+# - https://wiki.archlinux.org/title/NFS
+#
+# Mount v4:
+# sudo mount 192.168.1.1:/share /mnt
+#
+# Mount v3:
+# sudo mount -o nfsvers=3 192.168.1.1:/srv/nfs/share /mnt
+#
+# Mount v3 (Gnome Files), https://gitlab.gnome.org/GNOME/gvfs/-/issues/18:
+# nfs://192.168.1.1:/srv/nfs/share
+#
+# insecure: "don't require requests originate on port < IPPORT_RESERVED (1024)"
+# refused mount request from 192.168.1.181 for /srv/nfs (/srv/nfs): illegal port 48172
+#
+# no_root_squash: Don't map 0 uid/gid to anonymous user
+
+/srv/nfs 10.0.0.0/24(fsid=0,rw,insecure,sync,no_root_squash)
+/srv/nfs 10.111.111.0/24(fsid=0,rw,insecure,sync,no_root_squash)
+/srv/nfs/csi-nomad-snapshots 10.0.0.0/24(rw,insecure,sync,no_root_squash)
+/srv/nfs/csi-certbot 10.0.0.0/24(rw,insecure,sync,no_root_squash)
+/srv/nfs/csi-registry 10.0.0.0/24(rw,insecure,sync,no_root_squash)
+/srv/nfs/csi-git 10.0.0.0/24(rw,insecure,sync,no_root_squash)
+/srv/nfs/csi-stagit 10.0.0.0/24(rw,insecure,sync,no_root_squash)
+/srv/nfs/csi-0x0 10.0.0.0/24(rw,insecure,sync,no_root_squash)
+/srv/nfs/csi-diary 10.0.0.0/24(rw,insecure,sync,no_root_squash)
+/srv/nfs/csi-cv 10.0.0.0/24(rw,insecure,sync,no_root_squash)
+/srv/nfs/csi-ampache 10.0.0.0/24(rw,insecure,sync,no_root_squash)
+/srv/nfs/csi-snibox 10.0.0.0/24(rw,insecure,sync,no_root_squash)
+/srv/nfs/csi-writefreely 10.0.0.0/24(rw,insecure,sync,no_root_squash)
+/srv/nfs/csi-kanboard 10.0.0.0/24(rw,insecure,sync,no_root_squash)
+/srv/nfs/csi-hivedav-demo 10.0.0.0/24(rw,insecure,sync,no_root_squash)
+/srv/nfs/csi-jenkins 10.0.0.0/24(rw,insecure,sync,no_root_squash)
+/srv/nfs/csi-freshrss-data 10.0.0.0/24(rw,insecure,sync,no_root_squash)
+/srv/nfs/csi-freshrss-ext 10.0.0.0/24(rw,insecure,sync,no_root_squash)
+/srv/nfs/csi-pico 10.0.0.0/24(rw,insecure,sync,no_root_squash)
+/srv/nfs/csi-silverbullet 10.0.0.0/24(rw,insecure,sync,no_root_squash)
+/srv/nfs/csi-docker-mailserver-data 10.0.0.0/24(rw,insecure,sync,no_root_squash)
+/srv/nfs/csi-docker-mailserver-config 10.0.0.0/24(rw,insecure,sync,no_root_squash)
+/srv/nfs/csi-snac 10.0.0.0/24(rw,insecure,sync,no_root_squash)
+/srv/nfs/csi-thelounge 10.0.0.0/24(rw,insecure,sync,no_root_squash)
+EOF

	hashipi Raspberry Pi home lab with Nomad and OpenBao
	git clone https://git.in0rdr.ch/hashipi.git
	Log \| Files \| Refs \| Pull requests \|Archive \| README