chvp/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Basic configuration for new servers and start modularizing config

Browse source
This commit is contained in:
Charlotte Van Petegem 2020-12-01 19:23:28 +01:00
parent 82bb5b401c
commit ca93d09059
No known key found for this signature in database
GPG key ID: 019E764B7184435A
38 changed files with 622 additions and 316 deletions
Download patch file Download diff file Expand all files Collapse all files

24
machines/kharbranth/default.nix
View file

@ -3,7 +3,6 @@
{
imports = [
./hardware.nix
./secret.nix
../../configurations/eid.nix
../../profiles/bluetooth.nix
../../profiles/common.nix
@ -17,24 +16,23 @@
time.timeZone = "Europe/Brussels";
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "20.09";
home-manager.users.charlotte = { ... }: {
home.stateVersion = "20.09";
};
# Machine-specific application settings
chvp = {
stateVersion = "20.09";
graphical = true;
docker.enable = true;
git.email = "charlotte.vanpetegem@ugent.be";
zfs = {
enable = true;
encrypted = true;
backups = [
{
path = "rpool/safe/data";
remotePath = "zdata/recv/kharbranth/safe/data";
fast = true;
location = "lasting-integrity.vanpetegem.me";
}
];
};
};
}

1
machines/kharbranth/hardware.nix
View file

@ -4,7 +4,6 @@
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
# Use the systemd-boot EFI boot loader.
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;

BIN
machines/kharbranth/secret.nix
View file

Binary file not shown.

24
machines/kholinar/default.nix
View file

@ -3,7 +3,6 @@
{
imports = [
./hardware.nix
./secret.nix
../../configurations/eid.nix
../../profiles/bluetooth.nix
../../profiles/common.nix
@ -17,24 +16,23 @@
time.timeZone = "Europe/Brussels";
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "20.09";
home-manager.users.charlotte = { ... }: {
home.stateVersion = "20.09";
};
# Machine-specific settings
chvp = {
stateVersion = "20.09";
graphical = true;
docker.enable = true;
git.email = "charlotte@vanpetegem.me";
zfs = {
enable = true;
encrypted = true;
backups = [
{
path = "rpool/safe/data";
remotePath = "zdata/recv/kholinar/safe/data";
fast = true;
location = "lasting-integrity.vanpetegem.me";
}
];
};
};
}

2
machines/kholinar/hardware.nix
View file

@ -4,7 +4,6 @@
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
# Use the systemd-boot EFI boot loader.
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
@ -46,7 +45,6 @@
fsType = "vfat";
};
swapDevices = [
{ device = "/dev/disk/by-uuid/6c09b90f-8971-4702-a18a-f06dfb3d8dcd"; }
];

BIN
machines/kholinar/secret.nix
View file

Binary file not shown.

51
machines/lasting-integrity/default.nix
View file

@ -6,49 +6,28 @@
./secret.nix
];
boot.loader = {
grub = {
enable = true;
efiSupport = true;
mirroredBoots = [
{ devices = [ "nodev" ]; path = "/boot/ESP0"; }
{ devices = [ "nodev" ]; path = "/boot/ESP1"; }
];
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/EFI";
};
};
time.timeZone = "Europe/Berlin";
networking = {
hostName = "lasting-integrity";
hostId = "b352adfe";
useDHCP = false;
interfaces = {
eno1.useDHCP = false;
eno2.useDHCP = false;
eno3.useDHCP = false;
eno4.useDHCP = false;
};
};
users = {
mutableUsers = false;
defaultUserShell = pkgs.zsh;
users.charlotte = {
isNormalUser = true;
extraGroups = [ "wheel" "systemd-journal" ];
chvp = {
stateVersion = "20.09";
docker.enable = true;
nginx.enable = true;
ovh.enable = true;
sshd.enable = true;
syncthing-server.enable = true;
zfs = {
enable = true;
backups = [{
path = "zroot/safe/data";
remotePath = "zdata/recv/lasting-integrity/safe/data";
fast = true;
location = "192.168.0.1";
}];
};
};
services.openssh.enable = true;
services.openssh.permitRootLogin = "prohibit-password";
services.zfs.autoScrub.enable = true;
services.zfs.trim.enable = true;
system.stateVersion = "20.09";
}

22
machines/lasting-integrity/hardware.nix
View file

@ -4,16 +4,21 @@
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
loader = {
grub = {
enable = true;
efiSupport = true;
mirroredBoots = [
{ devices = [ "nodev" ]; path = "/boot/ESP0"; }
{ devices = [ "nodev" ]; path = "/boot/ESP1"; }
];
};
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
kernelModules = [ ];
postDeviceCommands = lib.mkAfter ''
zfs rollback -r zroot/local/root@blank
'';
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
supportedFilesystems = [ "zfs" ];
};
fileSystems = {
@ -59,4 +64,9 @@
];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware = {
cpu.intel.updateMicrocode = true;
enableRedistributableFirmware = true;
};
services.fstrim.enable = true;
}

BIN
machines/lasting-integrity/secret.nix
View file

Binary file not shown.

58
machines/urithiru/default.nix
View file

@ -6,49 +6,35 @@
./secret.nix
];
boot.loader = {
grub = {
enable = true;
efiSupport = true;
mirroredBoots = [
{ devices = [ "nodev" ]; path = "/boot/ESP0"; }
{ devices = [ "nodev" ]; path = "/boot/ESP1"; }
];
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/EFI";
};
};
time.timeZone = "Europe/Berlin";
networking = {
hostName = "urithiru";
hostId = "079e60ba";
useDHCP = false;
interfaces = {
eno1.useDHCP = false;
eno2.useDHCP = false;
eno3.useDHCP = false;
eno4.useDHCP = false;
};
};
users = {
mutableUsers = false;
defaultUserShell = pkgs.zsh;
users.charlotte = {
isNormalUser = true;
extraGroups = [ "wheel" "systemd-journal" ];
chvp = {
stateVersion = "20.09";
docker.enable = true;
nginx.enable = true;
ovh.enable = true;
sshd.enable = true;
zfs = {
enable = true;
backups = [
{
path = "zroot/safe/data";
remotePath = "zdata/recv/urithiru/safe/data";
fast = true;
location = "192.168.0.2";
}
{
path = "zdata/data";
remotePath = "zdata/data";
fast = false;
location = "192.168.0.2";
}
];
};
};
services.openssh.enable = true;
services.openssh.permitRootLogin = "prohibit-password";
services.zfs.autoScrub.enable = true;
services.zfs.trim.enable = true;
system.stateVersion = "20.09";
}

22
machines/urithiru/hardware.nix
View file

@ -4,16 +4,21 @@
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
loader = {
grub = {
enable = true;
efiSupport = true;
mirroredBoots = [
{ devices = [ "nodev" ]; path = "/boot/ESP0"; }
{ devices = [ "nodev" ]; path = "/boot/ESP1"; }
];
};
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
kernelModules = [ ];
postDeviceCommands = lib.mkAfter ''
zfs rollback -r zroot/local/root@blank
'';
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
supportedFilesystems = [ "zfs" ];
};
fileSystems = {
@ -59,4 +64,9 @@
];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware = {
cpu.intel.updateMicrocode = true;
enableRedistributableFirmware = true;
};
services.fstrim.enable = true;
}

BIN
machines/urithiru/secret.nix
View file

Binary file not shown.