summaryrefslogtreecommitdiffstats
path: root/krebs/1systems
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2020-01-10 19:37:56 +0100
committerlassulus <lassulus@lassul.us>2020-01-10 19:37:56 +0100
commit4104b5d6d8e0acb80308e44e436a9cbe8863961a (patch)
treeb753694bb258edace7269bce688ced3bbd4b0133 /krebs/1systems
parentf491fac2025b2e99788be8e26181da1b26995e84 (diff)
parent5d3fbb2af9c1c7d166ca45cd9d119bd77a3acd80 (diff)
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'krebs/1systems')
-rw-r--r--krebs/1systems/filebitch/config.nix48
-rw-r--r--krebs/1systems/filebitch/hardware-configuration.nix96
-rw-r--r--krebs/1systems/wolf/config.nix4
3 files changed, 148 insertions, 0 deletions
diff --git a/krebs/1systems/filebitch/config.nix b/krebs/1systems/filebitch/config.nix
new file mode 100644
index 000000000..9c6a9da08
--- /dev/null
+++ b/krebs/1systems/filebitch/config.nix
@@ -0,0 +1,48 @@
+{ config, pkgs, ... }:
+let
+ shack-ip = config.krebs.build.host.nets.shack.ip4.addr;
+in
+{
+ imports = [
+ ./hardware-configuration.nix
+ <stockholm/krebs>
+ <stockholm/krebs/2configs>
+ # <stockholm/krebs/2configs/secret-passwords.nix>
+
+ # <stockholm/krebs/2configs/binary-cache/nixos.nix>
+ # <stockholm/krebs/2configs/binary-cache/prism.nix>
+ <stockholm/krebs/2configs/shack/ssh-keys.nix>
+ <stockholm/krebs/2configs/shack/prometheus/node.nix>
+ # provides access to /home/share for smbuser via smb
+ <stockholm/krebs/2configs/shack/share.nix>
+ {
+ fileSystems."/home/share" =
+ { device = "/serve";
+ options = [ "bind" "nofail" ];
+ };
+ }
+
+ ## Collect local statistics via collectd and send to collectd
+ <stockholm/krebs/2configs/stats/shack-client.nix>
+ <stockholm/krebs/2configs/stats/shack-debugging.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.filebitch;
+ sound.enable = false;
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="60:a4:4c:3d:52:cf", NAME="et0"
+ '';
+ networking = {
+ firewall.enable = true;
+ interfaces.et0.ipv4.addresses = [
+ {
+ address = shack-ip;
+ prefixLength = 20;
+ }
+ ];
+
+ defaultGateway = "10.42.0.1";
+ nameservers = [ "10.42.0.100" "10.42.0.200" ];
+ };
+}
diff --git a/krebs/1systems/filebitch/hardware-configuration.nix b/krebs/1systems/filebitch/hardware-configuration.nix
new file mode 100644
index 000000000..574618e39
--- /dev/null
+++ b/krebs/1systems/filebitch/hardware-configuration.nix
@@ -0,0 +1,96 @@
+{ config, lib, pkgs, ... }:
+let
+ byid = dev: "/dev/disk/by-id/" + dev;
+ keyFile = byid "usb-SMI_USB_DISK_AA08061700009650-0:0";
+in
+{
+ imports =
+ [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+ ];
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
+ boot.zfs.forceImportRoot = false;
+ boot.zfs.forceImportAll = false;
+ boot.kernelParams = [
+ "boot.shell_on_fail"
+ "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
+ ];
+ boot.tmpOnTmpfs = true;
+
+
+ boot.initrd.availableKernelModules = [
+ "xhci_pci" "ahci" "ohci_pci" "ehci_pci" "usb_storage" "usbhid" "sd_mod"
+ "raid456"
+ "usbhid"
+ "usb_storage"
+ ];
+ boot.initrd.kernelModules = [
+ "sata_sil"
+ "megaraid_sas"
+ ];
+ boot.kernelModules = [ "kvm-amd" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "tank/root";
+ fsType = "zfs";
+ };
+
+ fileSystems."/home" =
+ { device = "tank/home";
+ fsType = "zfs";
+ };
+
+ fileSystems."/nix" =
+ { device = "tank/nix";
+ fsType = "zfs";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/5266-931D";
+ fsType = "vfat";
+ };
+ fileSystems."/serve" =
+ { device = "/dev/cryptvg/serve";
+ fsType = "ext4";
+ options = [ "nofail" ];
+ };
+ fileSystems."/serve/incoming" =
+ { device = "/dev/cryptvg/incoming";
+ fsType = "ext4";
+ options = [ "nofail" ];
+
+ };
+ fileSystems."/serve/movies" =
+ { device = "/dev/cryptvg/servemovies";
+ fsType = "ext4";
+ options = [ "nofail" ];
+ };
+
+ swapDevices =
+ [ { device = "/dev/disk/by-uuid/3353c76f-50e4-471d-84bc-ff922d22b271"; }
+ ];
+
+ nix.maxJobs = lib.mkDefault 4;
+ boot.loader.grub.device = byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN";
+
+ networking.hostId = "54d97450"; # required for zfs use
+ boot.initrd.luks.devices = let
+ usbkey = name: device: {
+ inherit name device keyFile;
+ keyFileSize = 2048;
+ preLVM = true;
+ };
+ in [
+ ((usbkey "swap" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part2"))
+ // { allowDiscards = true; } )
+ ((usbkey "root" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part3"))
+ // { allowDiscards = true; } )
+ (usbkey "125" "/dev/md125")
+ (usbkey "126" "/dev/md126")
+ (usbkey "127" "/dev/md127")
+ ];
+
+
+}
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index 059e09ac1..7a096cecf 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -69,6 +69,10 @@ in
# grafana.shack
<stockholm/krebs/2configs/shack/grafana.nix>
+ # shackdns.shack
+ # replacement for leases.shack and shackles.shack
+ <stockholm/krebs/2configs/shack/shackDNS.nix>
+
];
# use your own binary cache, fallback use cache.nixos.org (which is used by
# apt-cacher-ng in first place)