diff options
author | lassulus <lassulus@lassul.us> | 2020-01-10 19:37:56 +0100 |
---|---|---|
committer | lassulus <lassulus@lassul.us> | 2020-01-10 19:37:56 +0100 |
commit | 4104b5d6d8e0acb80308e44e436a9cbe8863961a (patch) | |
tree | b753694bb258edace7269bce688ced3bbd4b0133 /krebs/1systems | |
parent | f491fac2025b2e99788be8e26181da1b26995e84 (diff) | |
parent | 5d3fbb2af9c1c7d166ca45cd9d119bd77a3acd80 (diff) |
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'krebs/1systems')
-rw-r--r-- | krebs/1systems/filebitch/config.nix | 48 | ||||
-rw-r--r-- | krebs/1systems/filebitch/hardware-configuration.nix | 96 | ||||
-rw-r--r-- | krebs/1systems/wolf/config.nix | 4 |
3 files changed, 148 insertions, 0 deletions
diff --git a/krebs/1systems/filebitch/config.nix b/krebs/1systems/filebitch/config.nix new file mode 100644 index 000000000..9c6a9da08 --- /dev/null +++ b/krebs/1systems/filebitch/config.nix @@ -0,0 +1,48 @@ +{ config, pkgs, ... }: +let + shack-ip = config.krebs.build.host.nets.shack.ip4.addr; +in +{ + imports = [ + ./hardware-configuration.nix + <stockholm/krebs> + <stockholm/krebs/2configs> + # <stockholm/krebs/2configs/secret-passwords.nix> + + # <stockholm/krebs/2configs/binary-cache/nixos.nix> + # <stockholm/krebs/2configs/binary-cache/prism.nix> + <stockholm/krebs/2configs/shack/ssh-keys.nix> + <stockholm/krebs/2configs/shack/prometheus/node.nix> + # provides access to /home/share for smbuser via smb + <stockholm/krebs/2configs/shack/share.nix> + { + fileSystems."/home/share" = + { device = "/serve"; + options = [ "bind" "nofail" ]; + }; + } + + ## Collect local statistics via collectd and send to collectd + <stockholm/krebs/2configs/stats/shack-client.nix> + <stockholm/krebs/2configs/stats/shack-debugging.nix> + ]; + + krebs.build.host = config.krebs.hosts.filebitch; + sound.enable = false; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="60:a4:4c:3d:52:cf", NAME="et0" + ''; + networking = { + firewall.enable = true; + interfaces.et0.ipv4.addresses = [ + { + address = shack-ip; + prefixLength = 20; + } + ]; + + defaultGateway = "10.42.0.1"; + nameservers = [ "10.42.0.100" "10.42.0.200" ]; + }; +} diff --git a/krebs/1systems/filebitch/hardware-configuration.nix b/krebs/1systems/filebitch/hardware-configuration.nix new file mode 100644 index 000000000..574618e39 --- /dev/null +++ b/krebs/1systems/filebitch/hardware-configuration.nix @@ -0,0 +1,96 @@ +{ config, lib, pkgs, ... }: +let + byid = dev: "/dev/disk/by-id/" + dev; + keyFile = byid "usb-SMI_USB_DISK_AA08061700009650-0:0"; +in +{ + imports = + [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues + boot.zfs.forceImportRoot = false; + boot.zfs.forceImportAll = false; + boot.kernelParams = [ + "boot.shell_on_fail" + "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues + ]; + boot.tmpOnTmpfs = true; + + + boot.initrd.availableKernelModules = [ + "xhci_pci" "ahci" "ohci_pci" "ehci_pci" "usb_storage" "usbhid" "sd_mod" + "raid456" + "usbhid" + "usb_storage" + ]; + boot.initrd.kernelModules = [ + "sata_sil" + "megaraid_sas" + ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "tank/root"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "tank/home"; + fsType = "zfs"; + }; + + fileSystems."/nix" = + { device = "tank/nix"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/5266-931D"; + fsType = "vfat"; + }; + fileSystems."/serve" = + { device = "/dev/cryptvg/serve"; + fsType = "ext4"; + options = [ "nofail" ]; + }; + fileSystems."/serve/incoming" = + { device = "/dev/cryptvg/incoming"; + fsType = "ext4"; + options = [ "nofail" ]; + + }; + fileSystems."/serve/movies" = + { device = "/dev/cryptvg/servemovies"; + fsType = "ext4"; + options = [ "nofail" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/3353c76f-50e4-471d-84bc-ff922d22b271"; } + ]; + + nix.maxJobs = lib.mkDefault 4; + boot.loader.grub.device = byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN"; + + networking.hostId = "54d97450"; # required for zfs use + boot.initrd.luks.devices = let + usbkey = name: device: { + inherit name device keyFile; + keyFileSize = 2048; + preLVM = true; + }; + in [ + ((usbkey "swap" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part2")) + // { allowDiscards = true; } ) + ((usbkey "root" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part3")) + // { allowDiscards = true; } ) + (usbkey "125" "/dev/md125") + (usbkey "126" "/dev/md126") + (usbkey "127" "/dev/md127") + ]; + + +} diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 059e09ac1..7a096cecf 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -69,6 +69,10 @@ in # grafana.shack <stockholm/krebs/2configs/shack/grafana.nix> + # shackdns.shack + # replacement for leases.shack and shackles.shack + <stockholm/krebs/2configs/shack/shackDNS.nix> + ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) |