mochi/nixos/hosts/gandalf/default.nix

195 lines
4.6 KiB
Nix
Raw Permalink Normal View History

# Do not modify this file! It was generated by 'nixos-generate-config'
2024-07-13 03:13:00 -05:00
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
2024-11-07 17:01:21 -06:00
{
config,
lib,
modulesPath,
inputs,
...
}:
2024-07-26 15:23:35 -05:00
let
sanoidConfig = import ./config/sanoid.nix { };
disks = import ./config/disks.nix;
smartdDevices = map (device: { inherit device; }) disks;
in
2024-07-13 03:13:00 -05:00
{
2024-11-07 17:01:21 -06:00
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
inputs.disko.nixosModules.disko
(import ../../profiles/disko-nixos.nix { disks = [ "/dev/sda" ]; })
];
2024-07-13 03:13:00 -05:00
boot = {
2024-07-13 05:04:49 -05:00
initrd = {
2024-11-07 17:01:21 -06:00
availableKernelModules = [
"ehci_pci"
"ahci"
"mpt3sas"
"isci"
"usbhid"
"usb_storage"
"sd_mod"
];
2024-07-13 05:04:49 -05:00
kernelModules = [ "nfs" ];
supportedFilesystems = [ "nfs" ];
};
2024-11-07 17:01:21 -06:00
kernelModules = [
"kvm-intel"
"vfio"
"vfio_iommu_type1"
"vfio_pci"
"vfio_virqfd"
];
2024-07-13 03:13:00 -05:00
extraModulePackages = [ ];
2024-11-07 17:01:21 -06:00
kernelParams = [
"iommu=pt"
"intel_iommu=on"
"zfs.zfs_arc_max=107374182400"
]; # 100GB
2024-07-13 03:13:00 -05:00
};
2024-07-13 05:04:49 -05:00
2024-10-23 13:51:14 -05:00
swapDevices = [ ];
2024-07-14 07:36:54 -05:00
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos"
2024-07-22 06:58:38 -05:00
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBROTzSefJGJeCNUgNLbE5l4sHHg2fHUO4sCwqvP+zAd root@Gollum"
2024-07-14 07:36:54 -05:00
];
2024-10-23 13:51:14 -05:00
# Network settings
networking = {
hostName = "gandalf";
hostId = "e2fc95cd";
useDHCP = false; # needed for bridge
networkmanager.enable = true;
# TODO: Add ports specifically.
firewall.enable = false;
nftables.enable = false;
interfaces = {
"enp130s0f0".useDHCP = true;
2024-10-28 15:35:44 -05:00
"eno1".useDHCP = true;
2024-10-23 13:51:14 -05:00
};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
2024-09-01 16:39:07 -05:00
# VSCode Compatibility Settings
programs.nix-ld.enable = true;
services.vscode-server = {
enable = true;
};
# Home Manager
home-manager.users.jahanson = {
# Git settings
# TODO: Move to config module.
programs.git = {
enable = true;
userName = "Joseph Hanson";
userEmail = "joe@veri.dev";
extraConfig = {
core.autocrlf = "input";
init.defaultBranch = "main";
pull.rebase = true;
rebase.autoStash = true;
};
};
};
2024-11-07 17:01:21 -06:00
# sops
sops = {
secrets = {
2024-07-26 23:01:01 -05:00
"borg/repository/passphrase" = {
2024-07-26 21:52:12 -05:00
sopsFile = ./secrets.sops.yaml;
};
2024-11-07 17:01:21 -06:00
"syncthing/publicCert" = {
sopsFile = ./secrets.sops.yaml;
owner = "jahanson";
2024-11-07 17:01:21 -06:00
mode = "400";
restartUnits = [ "syncthing.service" ];
};
"syncthing/privateKey" = {
sopsFile = ./secrets.sops.yaml;
owner = "jahanson";
2024-11-07 17:01:21 -06:00
mode = "400";
restartUnits = [ "syncthing.service" ];
};
};
};
2024-07-26 15:23:35 -05:00
2024-08-07 07:21:58 -05:00
services = {
2024-10-23 13:51:14 -05:00
# Smart daemon for monitoring disk health.
smartd = {
devices = smartdDevices;
# Short test every day at 2:00 AM and long test every Sunday at 4:00 AM.
defaults.monitored = "-a -o on -s (S/../.././02|L/../../7/04)";
2024-08-07 07:21:58 -05:00
};
2024-10-23 13:51:14 -05:00
# ZFS Exporter
prometheus.exporters.zfs.enable = true;
2024-08-07 07:21:58 -05:00
};
2024-07-13 03:13:00 -05:00
# System settings and services.
mySystem = {
purpose = "Production";
2024-07-13 05:04:49 -05:00
system = {
2024-11-07 17:01:21 -06:00
motd.networkInterfaces = [
"enp130s0f0"
"eno1"
];
2024-09-01 16:39:07 -05:00
# Incus
incus = {
enable = true;
preseed = import ./config/incus-preseed.nix { };
webuiport = 8445;
2024-09-01 16:39:07 -05:00
};
2024-07-13 05:04:49 -05:00
# ZFS
zfs.enable = true;
zfs.mountPoolsAtBoot = [ "eru" ];
2024-07-13 05:04:49 -05:00
# NFS
nfs.enable = true;
# Samba
2024-07-30 18:47:59 -05:00
samba = {
enable = true;
shares = import ./config/samba-shares.nix { };
extraConfig = import ./config/samba-config.nix { };
};
resticBackup = {
local.enable = false;
remote.enable = false;
local.noWarning = true;
remote.noWarning = true;
};
2024-07-26 22:25:10 -05:00
};
services = {
libvirt-qemu.enable = true;
podman.enable = true;
2024-11-07 17:01:21 -06:00
# Syncthing
syncthing = {
enable = true;
user = "jahanson";
2024-11-07 17:01:21 -06:00
publicCertPath = config.sops.secrets."syncthing/publicCert".path;
privateKeyPath = config.sops.secrets."syncthing/privateKey".path;
};
# Scrutiny
scrutiny = {
enable = true;
devices = disks;
extraCapabilities = [ "SYS_RAWIO" ];
containerVolumeLocation = "/eru/containers/volumes/scrutiny";
2024-09-06 20:59:41 -05:00
port = 8585;
};
2024-07-26 22:25:10 -05:00
# Sanoid
sanoid = {
enable = true;
inherit (sanoidConfig.outputs) templates datasets;
};
};
2024-07-26 22:25:10 -05:00
};
}