diff options
Diffstat (limited to 'modules/private/system/dilion.nix')
-rw-r--r-- | modules/private/system/dilion.nix | 91 |
1 files changed, 56 insertions, 35 deletions
diff --git a/modules/private/system/dilion.nix b/modules/private/system/dilion.nix index 5c24656..5abaac0 100644 --- a/modules/private/system/dilion.nix +++ b/modules/private/system/dilion.nix | |||
@@ -1,59 +1,81 @@ | |||
1 | { privateFiles }: | 1 | { privateFiles }: |
2 | { config, pkgs, name, lib, ... }: | 2 | { config, pkgs, name, lib, ... }: |
3 | { | 3 | { |
4 | boot.supportedFilesystems = [ "zfs" ]; | 4 | deployment = { |
5 | boot.kernelPackages = pkgs.linuxPackages_latest; | 5 | targetUser = "root"; |
6 | targetHost = config.hostEnv.ips.main.ip4; | ||
7 | substituteOnDestination = true; | ||
8 | }; | ||
9 | nixpkgs.system = lib.mkOverride 900 "x86_64-linux"; | ||
10 | boot = { | ||
11 | loader = { | ||
12 | grub = { | ||
13 | version = 2; | ||
14 | devices = [ "/dev/sda" "/dev/sdb" "/dev/sdc" "/dev/sdd" ]; | ||
15 | }; | ||
16 | timeout = 1; | ||
17 | }; | ||
18 | blacklistedKernelModules = [ "nvidiafb" ]; | ||
19 | supportedFilesystems = [ "zfs" ]; | ||
20 | kernelPackages = pkgs.linuxPackages_latest; | ||
21 | kernelModules = [ "kvm-intel" ]; | ||
22 | initrd.availableKernelModules = [ "ahci" "sd_mod" ]; | ||
23 | initrd.secrets = { | ||
24 | "/boot/pass.key" = "/boot/pass.key"; | ||
25 | }; | ||
26 | kernel.sysctl."vm.nr_hugepages" = 256; # for xmr-stak | ||
27 | }; | ||
28 | nix.maxJobs = 8; | ||
29 | powerManagement.cpuFreqGovernor = "powersave"; | ||
30 | hardware.enableRedistributableFirmware = true; | ||
31 | |||
6 | myEnv = import "${privateFiles}/environment.nix" // { inherit privateFiles; }; | 32 | myEnv = import "${privateFiles}/environment.nix" // { inherit privateFiles; }; |
7 | 33 | ||
34 | swapDevices = [ { label = "swap"; } ]; | ||
8 | fileSystems = { | 35 | fileSystems = { |
9 | "/" = lib.mkForce { fsType = "zfs"; device = "zpool/root"; }; | 36 | "/" = { fsType = "zfs"; device = "zpool/root"; }; |
10 | "/boot" = { fsType = "ext4"; device = "/dev/disk/by-uuid/fd1c511e-2bc0-49d5-b8bb-95e7e8c8c816"; }; | 37 | "/boot" = { fsType = "ext4"; device = "/dev/disk/by-uuid/fd1c511e-2bc0-49d5-b8bb-95e7e8c8c816"; }; |
11 | "/etc" = { fsType = "zfs"; device = "zpool/root/etc"; }; | 38 | "/etc" = { fsType = "zfs"; device = "zpool/root/etc"; }; |
12 | "/home" = { fsType = "zfs"; device = "zpool/root/home"; }; | 39 | "/home" = { fsType = "zfs"; device = "zpool/root/home"; }; |
13 | "/home/immae" = { fsType = "zfs"; device = "zpool/root/home/immae"; }; | 40 | "/home/immae" = { fsType = "zfs"; device = "zpool/root/home/immae"; }; |
14 | "/tmp" = { fsType = "zfs"; device = "zpool/root/tmp"; }; | 41 | "/tmp" = { fsType = "zfs"; device = "zpool/root/tmp"; }; |
15 | "/var" = { fsType = "zfs"; device = "zpool/root/var"; }; | 42 | "/var" = { fsType = "zfs"; device = "zpool/root/var"; }; |
43 | "/data" = { fsType = "ext4"; label = "data"; }; | ||
44 | "/nix" = { fsType = "ext4"; label = "nix"; }; | ||
16 | }; | 45 | }; |
17 | boot.initrd.secrets = { | 46 | |
18 | "/boot/pass.key" = "/boot/pass.key"; | 47 | services.udev.extraRules = '' |
19 | }; | 48 | ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="10:bf:48:7f:e6:3b", NAME="eth0" |
49 | ''; | ||
20 | 50 | ||
21 | networking = { | 51 | networking = { |
22 | hostId = "27c3048d"; # generated with head -c4 /dev/urandom | od -A none -t x4 | 52 | hostId = "27c3048d"; # generated with head -c4 /dev/urandom | od -A none -t x4 |
23 | firewall.enable = false; | 53 | firewall.enable = false; |
24 | interfaces."eth0".ipv4.addresses = pkgs.lib.attrsets.mapAttrsToList | 54 | interfaces."eth0".ipv4.addresses = |
25 | (n: ips: { address = ips.ip4; prefixLength = 32; }) | 55 | [ { address = config.hostEnv.ips.main.ip4; prefixLength = 27; } ] |
26 | (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.hostEnv.ips); | 56 | ++ pkgs.lib.attrsets.mapAttrsToList |
27 | interfaces."eth0".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList | 57 | (n: ips: { address = ips.ip4; prefixLength = 32; }) |
28 | (n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or [])) | 58 | (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.hostEnv.ips); |
29 | config.hostEnv.ips); | 59 | interfaces."eth0".ipv6.addresses = |
60 | [ { address = "2a01:4f8:141:53e7::"; prefixLength = 64; } ] | ||
61 | ++ pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList | ||
62 | (n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or [])) | ||
63 | config.hostEnv.ips); | ||
64 | defaultGateway = { address = "176.9.10.225"; interface = "eth0"; }; | ||
65 | defaultGateway6 = { address = "fe80::1"; interface = "eth0"; }; | ||
66 | nameservers = [ | ||
67 | "213.133.98.98" | ||
68 | "213.133.99.99" | ||
69 | "213.133.100.100" | ||
70 | "2a01:4f8:0:a0a1::add:1010" | ||
71 | "2a01:4f8:0:a102::add:9999" | ||
72 | "2a01:4f8:0:a111::add:9898" | ||
73 | ]; | ||
30 | }; | 74 | }; |
31 | 75 | ||
32 | myServices.ssh.modules = [ config.myServices.ssh.predefinedModules.regular ]; | 76 | myServices.ssh.modules = [ config.myServices.ssh.predefinedModules.regular ]; |
33 | imports = builtins.attrValues (import ../..); | 77 | imports = builtins.attrValues (import ../..); |
34 | 78 | ||
35 | deployment = { | ||
36 | targetEnv = "hetzner"; | ||
37 | hetzner = { | ||
38 | robotUser = config.myEnv.hetzner.user; | ||
39 | robotPass = config.myEnv.hetzner.pass; | ||
40 | mainIPv4 = config.hostEnv.ips.main.ip4; | ||
41 | partitions = '' | ||
42 | clearpart --all --initlabel --drives=sda,sdb,sdc,sdd | ||
43 | |||
44 | part swap --recommended --label=swap --fstype=swap --ondisk=sda | ||
45 | |||
46 | part raid.1 --grow --ondisk=sdc | ||
47 | part raid.2 --grow --ondisk=sdd | ||
48 | |||
49 | raid / --level=1 --device=md0 --fstype=ext4 --label=root raid.1 raid.2 | ||
50 | |||
51 | part /nix --grow --label=nix --ondisk=sda | ||
52 | part /data --grow --label=data --ondisk=sdb | ||
53 | ''; | ||
54 | }; | ||
55 | }; | ||
56 | |||
57 | system.nssModules = [ pkgs.libvirt ]; | 79 | system.nssModules = [ pkgs.libvirt ]; |
58 | system.nssDatabases.hosts = lib.mkForce [ "files" "libvirt_guest" "mymachines" "dns" "myhostname" ]; | 80 | system.nssDatabases.hosts = lib.mkForce [ "files" "libvirt_guest" "mymachines" "dns" "myhostname" ]; |
59 | programs.zsh.enable = true; | 81 | programs.zsh.enable = true; |
@@ -78,7 +100,6 @@ | |||
78 | } | 100 | } |
79 | ]; | 101 | ]; |
80 | 102 | ||
81 | boot.kernel.sysctl."vm.nr_hugepages" = 256; # for xmr-stak | ||
82 | system.activationScripts.libvirtd_exports = '' | 103 | system.activationScripts.libvirtd_exports = '' |
83 | install -m 0755 -o root -g root -d /var/lib/caldance | 104 | install -m 0755 -o root -g root -d /var/lib/caldance |
84 | ''; | 105 | ''; |