mochi/nixos/hosts/telperion/default.nix

# Do not modify this file!  It was generated by `nixos-generate-config`
# and may be overwritten by future invocations.  Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:

{
  imports =
    [
      (modulesPath + "/installer/scan/not-detected.nix")
    ];

  networking.hostId = "ce196a02";
  networking.hostName = "telperion";
  boot = {
    initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
    initrd.kernelModules = [ ];
    kernelModules = [ "kvm-intel" ];
    extraModulePackages = [ ];
  };

  fileSystems."/" = {
    device = "zroot/root";
    fsType = "zfs";
  };

  fileSystems."/nix" = {
    device = "zroot/nix";
    fsType = "zfs";
  };

  fileSystems."/var" = {
    device = "zroot/var";
    fsType = "zfs";
  };

  fileSystems."/home" = {
    device = "zroot/home";
    fsType = "zfs";
  };

  swapDevices = [ ];

  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

  sops = {
    # Mounts unencrypted sops values at /run/secrets/rndc_keys accessible by root only by default.
    secrets = {
      "bind/rndc-keys/externaldns" = {
        owner = config.users.users.named.name;
        inherit (config.users.users.named) group;
        sopsFile = ./secrets.sops.yaml;
      };
      "bind/zones/jahanson.tech" = {
        owner = config.users.users.named.name;
        inherit (config.users.users.named) group;
        sopsFile = ./secrets.sops.yaml;
      };
      "1password-credentials.json" = {
        mode = "0444";
        sopsFile = ./secrets.sops.yaml;
      };
    };
  };

  # System settings and services.
  mySystem = {
    purpose = "Production";
    system.motd.networkInterfaces = [ "enp2s0" "wlp3s0" ];
    system.resticBackup.local.enable = false;
    system.resticBackup.remote.enable = false;

    services = {
      podman.enable = true;

      onepassword-connect = {
        enable = true;
        credentialsFile = config.sops.secrets."1password-credentials.json".path;
      };

      bind = {
        enable = true;
        extraConfig = import ./config/bind.nix { inherit config; };
      };

      haproxy = {
        enable = true;
        config = import ./config/haproxy.nix { inherit config; };
        tcpPorts = [ 6443 6444 50000 ];
      };
    };
  };
}
Re-add missing file. 2024-07-07 09:45:26 -05:00			# Do not modify this file! It was generated by `nixos-generate-config`
			`# and may be overwritten by future invocations. Please make changes`
			`# to /etc/nixos/configuration.nix instead.`
			`{ config, lib, modulesPath, ... }:`

			`{`
			`imports =`
			`[`
			`(modulesPath + "/installer/scan/not-detected.nix")`
			`];`

			`networking.hostId = "ce196a02";`
			`networking.hostName = "telperion";`
			`boot = {`
			`initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];`
			`initrd.kernelModules = [ ];`
			`kernelModules = [ "kvm-intel" ];`
			`extraModulePackages = [ ];`
			`};`

			`fileSystems."/" = {`
			`device = "zroot/root";`
			`fsType = "zfs";`
			`};`

			`fileSystems."/nix" = {`
			`device = "zroot/nix";`
			`fsType = "zfs";`
			`};`

			`fileSystems."/var" = {`
			`device = "zroot/var";`
			`fsType = "zfs";`
			`};`

			`fileSystems."/home" = {`
			`device = "zroot/home";`
			`fsType = "zfs";`
			`};`

			`swapDevices = [ ];`

			`hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;`

add bind and onepassword-connect services and enable them on telperion 2024-07-07 12:27:41 -05:00			`sops = {`
			`# Mounts unencrypted sops values at /run/secrets/rndc_keys accessible by root only by default.`
			`secrets = {`
			`"bind/rndc-keys/externaldns" = {`
			`owner = config.users.users.named.name;`
			`inherit (config.users.users.named) group;`
			`sopsFile = ./secrets.sops.yaml;`
			`};`
			`"bind/zones/jahanson.tech" = {`
			`owner = config.users.users.named.name;`
			`inherit (config.users.users.named) group;`
			`sopsFile = ./secrets.sops.yaml;`
			`};`
			`"1password-credentials.json" = {`
			`mode = "0444";`
			`sopsFile = ./secrets.sops.yaml;`
			`};`
			`};`
			`};`

Re-add missing file. 2024-07-07 09:45:26 -05:00			`# System settings and services.`
			`mySystem = {`
			`purpose = "Production";`
			`system.motd.networkInterfaces = [ "enp2s0" "wlp3s0" ];`
disable backups for now 2024-07-26 15:23:35 -05:00			`system.resticBackup.local.enable = false;`
			`system.resticBackup.remote.enable = false;`
add bind and onepassword-connect services and enable them on telperion 2024-07-07 12:27:41 -05:00
			`services = {`
			`podman.enable = true;`
Format 2024-07-07 15:15:51 -05:00
add bind and onepassword-connect services and enable them on telperion 2024-07-07 12:27:41 -05:00			`onepassword-connect = {`
			`enable = true;`
			`credentialsFile = config.sops.secrets."1password-credentials.json".path;`
			`};`
Format 2024-07-07 15:15:51 -05:00
add bind and onepassword-connect services and enable them on telperion 2024-07-07 12:27:41 -05:00			`bind = {`
			`enable = true;`
			`extraConfig = import ./config/bind.nix { inherit config; };`
			`};`
Format 2024-07-07 15:15:51 -05:00
Added haproxy module and enabled it for telperion as a talos k8s lb 2024-07-07 15:13:10 -05:00			`haproxy = {`
			`enable = true;`
			`config = import ./config/haproxy.nix { inherit config; };`
Add erebor haproxy 6444 2024-07-15 17:38:21 -05:00			`tcpPorts = [ 6443 6444 50000 ];`
Added haproxy module and enabled it for telperion as a talos k8s lb 2024-07-07 15:13:10 -05:00			`};`
add bind and onepassword-connect services and enable them on telperion 2024-07-07 12:27:41 -05:00			`};`
Re-add missing file. 2024-07-07 09:45:26 -05:00			`};`
			`}`