diff --git a/hosts/hel1-a/configuration.nix b/hosts/hel1-a/configuration.nix index c4e6a08..cfdade3 100644 --- a/hosts/hel1-a/configuration.nix +++ b/hosts/hel1-a/configuration.nix @@ -17,25 +17,9 @@ in { stateVersion = "22.11"; timeZone = "UTC"; - services = { - postfix = { - enable = true; - saslPasswdPath = config.age.secrets.sasl-passwd.path; - }; - - zfsunlock = { - enable = true; - targets."vno1-oh2.servers.jakst" = { - sshEndpoint = myData.hosts."vno1-oh2.servers.jakst".publicIP; - pingEndpoint = "vno1-oh2.servers.jakst"; - remotePubkey = myData.hosts."vno1-oh2.servers.jakst".initrdPubKey; - pwFile = config.age.secrets.zfs-passphrase-vno1-oh2.path; - startAt = "*-*-* *:00/5:00"; - }; - }; - }; - base = { + zfs.enable = true; + users.passwd = { root.passwordFile = config.age.secrets.root-passwd-hash.path; motiejus.passwordFile = config.age.secrets.motiejus-passwd-hash.path; @@ -81,7 +65,25 @@ in { unitstatus = { enable = true; email = "motiejus+alerts@jakstys.lt"; - units = ["zfs-scrub" "nixos-upgrade"]; + units = ["nixos-upgrade"]; + }; + }; + + services = { + postfix = { + enable = true; + saslPasswdPath = config.age.secrets.sasl-passwd.path; + }; + + zfsunlock = { + enable = true; + targets."vno1-oh2.servers.jakst" = { + sshEndpoint = myData.hosts."vno1-oh2.servers.jakst".publicIP; + pingEndpoint = "vno1-oh2.servers.jakst"; + remotePubkey = myData.hosts."vno1-oh2.servers.jakst".initrdPubKey; + pwFile = config.age.secrets.zfs-passphrase-vno1-oh2.path; + startAt = "*-*-* *:00/5:00"; + }; }; }; }; @@ -120,12 +122,6 @@ in { }; }; - zfs = { - autoScrub.enable = true; - trim.enable = true; - expandOnBoot = "all"; - }; - openssh = { extraConfig = '' AcceptEnv GIT_PROTOCOL diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix index 066a471..e7ebae0 100644 --- a/hosts/vno1-oh2/configuration.nix +++ b/hosts/vno1-oh2/configuration.nix @@ -29,6 +29,7 @@ timeZone = "Europe/Vilnius"; base = { + zfs.enable = true; users.passwd = { root.passwordFile = config.age.secrets.root-passwd-hash.path; motiejus.passwordFile = config.age.secrets.motiejus-passwd-hash.path; @@ -38,6 +39,12 @@ enable = true; mountpoints = ["/home"]; }; + + unitstatus = { + enable = true; + email = "motiejus+alerts@jakstys.lt"; + units = ["nixos-upgrade"]; + }; }; services = { @@ -97,12 +104,6 @@ "jakstys.lt.".data = myData.jakstysLTZone; }; }; - - zfs = { - autoScrub.enable = true; - trim.enable = true; - expandOnBoot = "all"; - }; }; networking = { diff --git a/modules/base/default.nix b/modules/base/default.nix index 18a6ae1..8f26ae6 100644 --- a/modules/base/default.nix +++ b/modules/base/default.nix @@ -12,6 +12,7 @@ ./sshd ./unitstatus ./users + ./zfs ./zfsborg ]; diff --git a/modules/base/zfs/default.nix b/modules/base/zfs/default.nix new file mode 100644 index 0000000..7f23682 --- /dev/null +++ b/modules/base/zfs/default.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + ... +}: { + options.mj.base.zfs = with lib.types; { + enable = lib.mkEnableOption "Enable common zfs options"; + }; + + config = lib.mkIf config.mj.base.zfs.enable { + services.zfs = assert lib.assertMsg config.mj.base.unitstatus.enable "mj.base.unitstatus must be enabled"; { + autoScrub.enable = true; + trim.enable = true; + expandOnBoot = "all"; + }; + + mj.base.unitstatus.units = ["zfs-scrub"]; + }; +} diff --git a/modules/services/postfix/default.nix b/modules/services/postfix/default.nix index b2afc52..3eba28a 100644 --- a/modules/services/postfix/default.nix +++ b/modules/services/postfix/default.nix @@ -11,7 +11,6 @@ }; config = lib.mkIf config.mj.services.postfix.enable { - environment.systemPackages = [pkgs.mailutils]; services.postfix = { @@ -38,6 +37,5 @@ header_size_limit = 4096000 ''; }; - }; }