more configuration for shadowfax.

This commit is contained in:
Joseph Hanson 2024-09-03 21:46:29 -05:00
parent 0e304182af
commit 0cf24b2cff
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
3 changed files with 33 additions and 50 deletions

View file

@ -0,0 +1,17 @@
{ ... }:
{
outputs = {
# ZFS automated snapshots
templates = {
"production" = {
recursive = true;
autoprune = true;
autosnap = true;
hourly = 24;
daily = 7;
monthly = 12;
};
};
datasets = { };
};
}

View file

@ -2,6 +2,9 @@
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, inputs, ... }: { config, lib, inputs, ... }:
let
sanoidConfig = import ./config/sanoid.nix { };
in
{ {
imports = imports =
[ [
@ -26,6 +29,7 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBROTzSefJGJeCNUgNLbE5l4sHHg2fHUO4sCwqvP+zAd root@Gollum" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBROTzSefJGJeCNUgNLbE5l4sHHg2fHUO4sCwqvP+zAd root@Gollum"
]; ];
# VSCode Compatibility Settings # VSCode Compatibility Settings
programs.nix-ld.enable = true; programs.nix-ld.enable = true;
services.vscode-server = { services.vscode-server = {
@ -52,39 +56,23 @@
# Network settings # Network settings
networking = { networking = {
hostName = "gandalf"; hostName = "shadowfax";
hostId = "e2fc95cd"; hostId = "a885fabe";
useDHCP = false; # needed for bridge useDHCP = false; # needed for bridge
networkmanager.enable = true; networkmanager.enable = true;
# TODO: Add ports specifically.
firewall.enable = false; firewall.enable = false;
interfaces = { interfaces = {
"enp130s0f0".useDHCP = true; "enp36s0f0".useDHCP = true;
"enp130s0f1".useDHCP = true; "enp36s0f1".useDHCP = true;
}; };
# For VMs
# bridges = {
# "br0" = {
# interfaces = [ "enp130s0f1" ];
# };
# };
}; };
swapDevices = [ ]; swapDevices = [ ];
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
sops = { sops = {
secrets = { secrets = { };
"lego/dnsimple/token" = {
mode = "0444";
sopsFile = ./secrets.sops.yaml;
};
"borg/repository/passphrase" = {
sopsFile = ./secrets.sops.yaml;
};
};
}; };
# no de # no de
@ -100,38 +88,27 @@
mySystem = { mySystem = {
purpose = "Production"; purpose = "Production";
system = { system = {
motd.networkInterfaces = [ "enp130s0f0" "enp130s0f1" ]; motd.networkInterfaces = [ "enp36s0f0" "enp36s0f1" ];
# Incus # Incus
incus = { incus = {
enable = true; enable = true;
}; };
# ZFS # ZFS
zfs.enable = true; zfs.enable = true;
zfs.mountPoolsAtBoot = [ "eru" ]; # zfs.mountPoolsAtBoot = [ "eru" ];
# NFS # NFS
nfs.enable = true; nfs.enable = true;
# Samba
samba = {
enable = true;
shares = import ./config/samba-shares.nix { };
extraConfig = import ./config/samba-config.nix { };
};
resticBackup = { resticBackup = {
local.enable = false; local.enable = false;
remote.enable = false; remote.enable = false;
local.noWarning = true; local.noWarning = true;
remote.noWarning = true; remote.noWarning = true;
}; };
# Borg
# My only borg backup was for the Unifi controller. I've since installed a UDM SE.
# borgbackup = {
# enable = true;
# paths = [ "/eru/containers/volumes/unifi/" ];
# exclude = [ ];
# repo = "ssh://t3zvn0dd@t3zvn0dd.repo.borgbase.com/./repo";
# repoKeyPath = config.sops.secrets."borg/repository/passphrase".path;
# };
}; };
services = { services = {
podman.enable = true; podman.enable = true;
libvirt-qemu.enable = true; libvirt-qemu.enable = true;
@ -141,16 +118,6 @@
enable = true; enable = true;
inherit (sanoidConfig.outputs) templates datasets; inherit (sanoidConfig.outputs) templates datasets;
}; };
# Unifi & Lego-Auto
# unifi.enable = true;
lego-auto = {
enable = true;
dnsimpleTokenPath = "${config.sops.secrets."lego/dnsimple/token".path}";
domains = "gandalf.jahanson.tech";
email = "joe@veri.dev";
provider = "dnsimple";
};
}; };
}; };
} }

View file

@ -28,5 +28,4 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
# not supported # not supported
services.smartd.enable = false; services.smartd.enable = false;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }