2023-08-15 07:09:11 +03:00
|
|
|
# Edit this configuration file to define what should be installed on
|
|
|
|
# your system. Help is available in the configuration.nix(5) man page
|
|
|
|
# and in the NixOS manual (accessible by running `nixos-help`).
|
|
|
|
{
|
|
|
|
config,
|
|
|
|
pkgs,
|
|
|
|
myData,
|
|
|
|
...
|
|
|
|
}: {
|
|
|
|
# previously:
|
|
|
|
# imports = [(modulesPath + "/installer/scan/not-detected.nix")];
|
|
|
|
# as of 23.05 that is:
|
|
|
|
|
|
|
|
boot.initrd.availableKernelModules = ["usbhid"];
|
2023-08-15 16:20:41 +03:00
|
|
|
boot.initrd.kernelModules = ["vc4" "bcm2835_dma" "i2c_bcm2835"];
|
2023-08-15 07:09:11 +03:00
|
|
|
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
|
|
|
boot.kernelModules = [];
|
|
|
|
boot.extraModulePackages = [];
|
2023-08-17 14:38:51 +03:00
|
|
|
boot.loader.grub.enable = false;
|
|
|
|
boot.loader.generic-extlinux-compatible.enable = true;
|
|
|
|
|
2023-09-11 15:51:33 +03:00
|
|
|
boot.supportedFilesystems = ["zfs"];
|
2023-09-11 11:01:33 +03:00
|
|
|
boot.zfs.forceImportRoot = false;
|
|
|
|
|
2023-08-17 14:38:51 +03:00
|
|
|
powerManagement.cpuFreqGovernor = "ondemand";
|
2023-08-15 07:09:11 +03:00
|
|
|
|
|
|
|
fileSystems."/" = {
|
|
|
|
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
|
|
|
|
fsType = "ext4";
|
|
|
|
};
|
|
|
|
|
2023-09-11 13:25:46 +03:00
|
|
|
fileSystems."/data" = {
|
|
|
|
device = "datapool/root";
|
|
|
|
fsType = "zfs";
|
|
|
|
};
|
2023-09-11 14:20:07 +03:00
|
|
|
fileSystems."/data/borg" = {
|
|
|
|
device = "datapool/root/borg";
|
|
|
|
fsType = "zfs";
|
|
|
|
};
|
|
|
|
fileSystems."/data/shared" = {
|
|
|
|
device = "datapool/root/shared";
|
|
|
|
fsType = "zfs";
|
|
|
|
};
|
2023-09-11 13:25:46 +03:00
|
|
|
|
2023-08-15 07:09:11 +03:00
|
|
|
swapDevices = [];
|
|
|
|
|
|
|
|
mj = {
|
|
|
|
stateVersion = "23.05";
|
|
|
|
timeZone = "Europe/Vilnius";
|
|
|
|
base = {
|
2023-09-14 21:38:29 +03:00
|
|
|
zfs.enable = true;
|
2023-08-15 07:09:11 +03:00
|
|
|
users.passwd = {
|
|
|
|
root.passwordFile = config.age.secrets.root-passwd-hash.path;
|
|
|
|
motiejus.passwordFile = config.age.secrets.motiejus-passwd-hash.path;
|
|
|
|
};
|
|
|
|
unitstatus = {
|
|
|
|
enable = true;
|
|
|
|
email = "motiejus+alerts@jakstys.lt";
|
|
|
|
};
|
2023-09-21 20:04:16 +03:00
|
|
|
|
|
|
|
snapshot = {
|
|
|
|
enable = true;
|
|
|
|
mountpoints = ["/data/shared"];
|
|
|
|
};
|
2023-08-15 07:09:11 +03:00
|
|
|
};
|
|
|
|
|
|
|
|
services = {
|
2023-08-18 09:31:19 +03:00
|
|
|
node_exporter.enable = true;
|
2023-09-14 06:41:16 +03:00
|
|
|
sshguard.enable = true;
|
2023-09-14 14:37:55 +03:00
|
|
|
tailscale = {
|
|
|
|
enable = true;
|
|
|
|
silenceLogs = true;
|
|
|
|
};
|
2023-08-18 09:31:19 +03:00
|
|
|
|
2023-09-23 22:56:23 +03:00
|
|
|
certget = {
|
|
|
|
enable = true;
|
|
|
|
uidgid = myData.uidgid.certget;
|
|
|
|
sshKeys = [myData.hosts."vno1-oh2.servers.jakst".publicKey];
|
|
|
|
};
|
|
|
|
|
2023-09-11 15:51:33 +03:00
|
|
|
borgstor = {
|
|
|
|
enable = true;
|
|
|
|
dataDir = "/data/borg";
|
2023-09-15 11:17:40 +03:00
|
|
|
sshKeys = [
|
|
|
|
myData.hosts."vno1-oh2.servers.jakst".publicKey
|
|
|
|
myData.people_pubkeys.motiejus
|
|
|
|
];
|
2023-09-11 15:51:33 +03:00
|
|
|
};
|
|
|
|
|
2023-08-15 07:09:11 +03:00
|
|
|
postfix = {
|
|
|
|
enable = true;
|
|
|
|
saslPasswdPath = config.age.secrets.sasl-passwd.path;
|
|
|
|
};
|
2023-08-16 16:54:17 +03:00
|
|
|
|
2023-08-16 20:06:09 +03:00
|
|
|
deployerbot = {
|
|
|
|
follower = {
|
|
|
|
enable = true;
|
2023-09-18 20:49:17 +03:00
|
|
|
sshAllowSubnets = [myData.subnets.tailscale.sshPattern];
|
2023-08-16 20:06:09 +03:00
|
|
|
uidgid = myData.uidgid.updaterbot-deployee;
|
|
|
|
publicKey = myData.hosts."vno1-oh2.servers.jakst".publicKey;
|
|
|
|
};
|
|
|
|
};
|
2023-09-12 13:31:46 +03:00
|
|
|
|
|
|
|
jakstpub = {
|
|
|
|
enable = true;
|
|
|
|
dataDir = "/data/shared";
|
|
|
|
requires = ["data-shared.mount"];
|
|
|
|
uidgid = myData.uidgid.jakstpub;
|
2023-09-12 23:18:46 +03:00
|
|
|
hostname = "hdd.jakstys.lt";
|
2023-09-12 13:31:46 +03:00
|
|
|
};
|
2023-08-15 07:09:11 +03:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2023-08-24 15:11:19 +03:00
|
|
|
services.journald.extraConfig = "Storage=volatile";
|
2023-08-17 15:10:17 +03:00
|
|
|
|
2023-09-11 13:02:15 +03:00
|
|
|
environment.etc = {
|
|
|
|
"datapool-passphrase.txt".source = config.age.secrets.datapool-passphrase.path;
|
|
|
|
};
|
|
|
|
|
2023-08-17 15:10:17 +03:00
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
libraspberrypi
|
2023-09-15 10:49:27 +03:00
|
|
|
borgbackup
|
2023-08-17 15:10:17 +03:00
|
|
|
];
|
2023-08-17 15:07:26 +03:00
|
|
|
|
2023-08-15 07:09:11 +03:00
|
|
|
networking = {
|
|
|
|
hostId = "4bd17751";
|
2023-09-14 13:27:05 +03:00
|
|
|
hostName = "vno3-rp3b";
|
2023-08-15 07:09:11 +03:00
|
|
|
domain = "servers.jakst";
|
2023-09-14 13:24:40 +03:00
|
|
|
dhcpcd.enable = true;
|
2023-09-21 15:08:26 +03:00
|
|
|
firewall.rejectPackets = true;
|
2023-08-15 07:09:11 +03:00
|
|
|
};
|
|
|
|
|
2023-08-15 17:14:40 +03:00
|
|
|
nixpkgs.hostPlatform = "aarch64-linux";
|
|
|
|
|
2023-08-15 07:09:11 +03:00
|
|
|
security.rtkit.enable = true;
|
|
|
|
}
|