+ deployment = {
+ targetUser = "root";
+ targetHost = config.hostEnv.ips.main.ip4;
+ substituteOnDestination = true;
+ };
+ # ssh-keyscan dilion | nix-shell -p ssh-to-age --run ssh-to-age
+ secrets.ageKeys = [ "age1x49n6qa0arkdpq8530s7umgm0gqkq90exv4jep97q30rfnzknpaqate06a" ];
+ nixpkgs.system = lib.mkOverride 900 "x86_64-linux";
+ boot = {
+ loader = {
+ grub = {
+ version = 2;
+ devices = [ "/dev/sda" "/dev/sdb" "/dev/sdc" "/dev/sdd" ];
+ };
+ timeout = 1;
+ };
+ blacklistedKernelModules = [ "nvidiafb" ];
+ supportedFilesystems = [ "zfs" ];
+ kernelPackages = pkgs.linuxPackages_latest;
+ kernelModules = [ "kvm-intel" ];
+ initrd.availableKernelModules = [ "ahci" "sd_mod" ];
+ initrd.secrets = {
+ "/boot/pass.key" = "/boot/pass.key";
+ };
+ kernel.sysctl."vm.nr_hugepages" = 256; # for xmr-stak
+ # available in nixos-20.09
+ #zfs.requestEncryptionCredentials = [ "zpool/root" ];
+ };
+ nix.maxJobs = 8;
+ powerManagement.cpuFreqGovernor = "powersave";
+ hardware.enableRedistributableFirmware = true;
+
+ myEnv = import ../../../nixops/secrets/environment.nix;
+
+ swapDevices = [ { label = "swap"; } ];
+ fileSystems = {
+ "/" = { fsType = "zfs"; device = "zpool/root"; };
+ "/boot" = { fsType = "ext4"; device = "/dev/disk/by-uuid/fd1c511e-2bc0-49d5-b8bb-95e7e8c8c816"; };
+ "/etc" = { fsType = "zfs"; device = "zpool/root/etc"; };
+ "/home" = { fsType = "zfs"; device = "zpool/root/home"; };
+ "/home/immae" = { fsType = "zfs"; device = "zpool/root/home/immae"; };
+ "/tmp" = { fsType = "zfs"; device = "zpool/root/tmp"; };
+ "/var" = { fsType = "zfs"; device = "zpool/root/var"; };
+ "/data" = { fsType = "ext4"; label = "data"; };
+ "/nix" = { fsType = "ext4"; label = "nix"; };
+ };
+
+ services.udev.extraRules = ''
+ ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="10:bf:48:7f:e6:3b", NAME="eth0"
+ '';