vidhar: initial

author: Gregor Kleen <gkleen@yggdrasil.li> 2021-06-17 21:20:19 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2021-06-17 21:20:19 +0200
commit: 234c7390e46d1f0e116822e171aa7815d97488c1 (patch)
tree: 722636499ca3b9844ce769667fc8b82fb1f8a1af /hosts/vidhar
parent: 4f68db21acf6a4c0d5274dac8441414f090128d5 (diff)
download: nixos-234c7390e46d1f0e116822e171aa7815d97488c1.tar
nixos-234c7390e46d1f0e116822e171aa7815d97488c1.tar.gz
nixos-234c7390e46d1f0e116822e171aa7815d97488c1.tar.bz2
nixos-234c7390e46d1f0e116822e171aa7815d97488c1.tar.xz
nixos-234c7390e46d1f0e116822e171aa7815d97488c1.zip
2 files changed, 208 insertions, 0 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
new file mode 100644
index 00000000..dc7f620b
--- /dev/null
+++ b/hosts/vidhar/default.nix
@@ -0,0 +1,100 @@
+{ flake, pkgs, lib, ... }:
+{
+  imports = with flake.nixosModules.systemProfiles; [
+    openssh rebuild-machines
+  ];
+  config = {
+    nixpkgs = {
+      system = "x86_64-linux";
+    };
+    networking.hostId = "1e7ddd78";
+    environment.etc."machine-id".text = "1e7ddd784c525bba2a03d7c160c5da4e";
+    boot = {
+      loader.grub = {
+        enable = true;
+        version = 2;
+        device = "/dev/disk/by-id/usb-Intenso_Slim_Line_22010091300228-0:0";
+      };
+      kernelPackages = pkgs.linuxPackages_latest;
+      tmpOnTmpfs = true;
+      supportedFilesystems = [ "zfs" ];
+      zfs = {
+        enableUnstable = true;
+      };
+    };
+    fileSystems = {
+      "/" = {
+        fsType = "tmpfs";
+        options = [ "mode=0755" ];
+      };
+    };
+    networking = {
+      hostName = "vidhar";
+      domain = "asgard.yggdrasil";
+      search = [ "asgard.yggdrasil" "yggdrasil" ];
+      useDHCP = false;
+      useNetworkd = true;
+      interfaces."eno1".useDHCP = true;
+      firewall = {
+        enable = true;
+        allowPing = true;
+        allowedTCPPorts = [
+          22 # ssh
+        ];
+        allowedUDPPortRanges = [
+          { from = 60000; to = 61000; } # mosh
+        ];
+      };
+    };
+    services.timesyncd.enable = false;
+    services.chrony = {
+      enable = true;
+      servers = [];
+      extraConfig = ''
+        pool time.cloudflare.com iburst nts
+        pool nts.ntp.se iburst nts
+        server nts.sth1.ntp.se iburst nts
+        server nts.sth2.ntp.se iburst nts
+        server ptbtime1.ptb.de iburst nts
+        server ptbtime2.ptb.de iburst nts
+        server ptbtime3.ptb.de iburst nts
+        makestep 0.1 3
+        cmdport 0
+      '';
+    };
+    services.openssh = {
+      enable = true;
+      passwordAuthentication = false;
+      challengeResponseAuthentication = false;
+      extraConfig = ''
+        AllowGroups ssh
+      '';
+    };
+    users.groups."ssh" = {
+      members = ["root"];
+    };
+    security.sudo.extraConfig = ''
+      Defaults lecture = never
+    '';
+    nix.gc = {
+      automatic = true;
+      options = "--delete-older-than 30d";
+    };
+  };
+}
diff --git a/hosts/vidhar/zfs.nix b/hosts/vidhar/zfs.nix
new file mode 100644
index 00000000..3beef836
--- /dev/null
+++ b/hosts/vidhar/zfs.nix
@@ -0,0 +1,108 @@
+{ pkgs, config, ... }:
+let
+  snapshotNames = ["frequent" "hourly" "daily" "monthly" "yearly"];
+  snapshotCount = {
+    frequent = 24;
+    hourly = 24;
+    daily = 30;
+    monthly = 12;
+    yearly = 5;
+  };
+  snapshotTimerConfig = {
+    frequent = { OnCalendar = "*:0/5 UTC"; Persistent = true; };
+    hourly = { OnCalendar = "hourly UTC"; Persistent = true; };
+    daily = { OnCalendar = "daily UTC"; Persistent = true; };
+    monthly = { OnCalendar = "monthly UTC"; Persistent = true; };
+    yearly = { OnCalendar = "yearly UTC"; Persistent = true; };
+  };
+  snapshotDescr = {
+    frequent = "few minutes";
+    hourly = "hour";
+    daily = "day";
+    monthly = "month";
+    yearly = "year";
+  };
+  zfs = config.boot.zfs.package;
+  autosnapPackage = pkgs.zfstools.override { inherit zfs; };
+in {
+  config = {
+    fileSystems = {
+      "/boot" =
+        { device = "boot";
+          fsType = "zfs";
+        };
+      "/nix" =
+        { device = "ssd-raid0/local/nix";
+          fsType = "zfs";
+        };
+      "/root" =
+        { device = "ssd-raid1/safe/home-root";
+          fsType = "zfs";
+          neededForBoot = true;
+        };
+      "/var/lib/systemd" =
+        { device = "ssd-raid1/local/var-lib-systemd";
+          fsType = "zfs";
+          neededForBoot = true;
+        };
+      
+      "/var/lib/nixos" =
+        { device = "ssd-raid1/local/var-lib-nixos";
+          fsType = "zfs";
+          neededForBoot = true;
+        };
+      "/var/log" =
+        { device = "ssd-raid1/local/var-log";
+          fsType = "zfs";
+        };
+      "/home" =
+        { device = "hdd-raid6/safe/home";
+          fsType = "zfs";
+        };
+    };
+    systemd.services =
+      let mkSnapService = snapName: {
+            name = "zfs-snapshot-${snapName}";
+            value = {
+              description = "ZFS auto-snapshot every ${snapshotDescr.${snapName}}";
+              after = [ "zfs-import.target" ];
+              serviceConfig = {
+                Type = "oneshot";
+                ExecStart = "${autosnapPackage}/bin/zfs-auto-snapshot -k -p -u ${snapName} ${toString snapshotCount.${snapName}}";
+              };
+              restartIfChanged = false;
+              preStart = ''
+                ${zfs}/bin/zfs set com.sun:auto-snapshot=true hdd-raid6/safe
+                ${zfs}/bin/zfs set com.sun:auto-snapshot=true ssd-raid1/safe
+                ${zfs}/bin/zfs set com.sun:auto-snapshot=true boot
+              '';
+            };
+          };
+      in builtins.listToAttrs (map mkSnapService snapshotNames);
+    systemd.timers =
+      let mkSnapTimer = snapName: {
+            name = "zfs-snapshot-${snapName}";
+            value = {
+              wantedBy = [ "timers.target" ];
+              timerConfig = snapshotTimerConfig.${snapName};
+            };
+          };
+      in builtins.listToAttrs (map mkSnapTimer snapshotNames);
+    services.zfs.trim.enable = false;
+    services.zfs.autoScrub = {
+      enable = true;
+      interval = "Sun *-*-1..7 04:00:00";
+    };
+  };
+}
author	Gregor Kleen <gkleen@yggdrasil.li>	2021-06-17 21:20:19 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2021-06-17 21:20:19 +0200
commit	234c7390e46d1f0e116822e171aa7815d97488c1 (patch)
tree	722636499ca3b9844ce769667fc8b82fb1f8a1af /hosts/vidhar
parent	4f68db21acf6a4c0d5274dac8441414f090128d5 (diff)
download	nixos-234c7390e46d1f0e116822e171aa7815d97488c1.tar nixos-234c7390e46d1f0e116822e171aa7815d97488c1.tar.gz nixos-234c7390e46d1f0e116822e171aa7815d97488c1.tar.bz2 nixos-234c7390e46d1f0e116822e171aa7815d97488c1.tar.xz nixos-234c7390e46d1f0e116822e171aa7815d97488c1.zip

diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix new file mode 100644 index 00000000..dc7f620b --- /dev/null +++ b/hosts/vidhar/default.nix
@@ -0,0 +1,100 @@
	1	{ flake, pkgs, lib, ... }:
	2	{
	3	imports = with flake.nixosModules.systemProfiles; [
	4	openssh rebuild-machines
	5	];
	6
	7	config = {
	8	nixpkgs = {
	9	system = "x86_64-linux";
	10	};
	11
	12	networking.hostId = "1e7ddd78";
	13	environment.etc."machine-id".text = "1e7ddd784c525bba2a03d7c160c5da4e";
	14
	15	boot = {
	16	loader.grub = {
	17	enable = true;
	18	version = 2;
	19	device = "/dev/disk/by-id/usb-Intenso_Slim_Line_22010091300228-0:0";
	20	};
	21
	22	kernelPackages = pkgs.linuxPackages_latest;
	23
	24	tmpOnTmpfs = true;
	25
	26	supportedFilesystems = [ "zfs" ];
	27	zfs = {
	28	enableUnstable = true;
	29	};
	30	};
	31
	32	fileSystems = {
	33	"/" = {
	34	fsType = "tmpfs";
	35	options = [ "mode=0755" ];
	36	};
	37	};
	38
	39	networking = {
	40	hostName = "vidhar";
	41	domain = "asgard.yggdrasil";
	42	search = [ "asgard.yggdrasil" "yggdrasil" ];
	43
	44	useDHCP = false;
	45	useNetworkd = true;
	46
	47	interfaces."eno1".useDHCP = true;
	48
	49	firewall = {
	50	enable = true;
	51	allowPing = true;
	52	allowedTCPPorts = [
	53	22 # ssh
	54	];
	55	allowedUDPPortRanges = [
	56	{ from = 60000; to = 61000; } # mosh
	57	];
	58	};
	59	};
	60	services.timesyncd.enable = false;
	61	services.chrony = {
	62	enable = true;
	63	servers = [];
	64	extraConfig = ''
	65	pool time.cloudflare.com iburst nts
	66	pool nts.ntp.se iburst nts
	67	server nts.sth1.ntp.se iburst nts
	68	server nts.sth2.ntp.se iburst nts
	69	server ptbtime1.ptb.de iburst nts
	70	server ptbtime2.ptb.de iburst nts
	71	server ptbtime3.ptb.de iburst nts
	72
	73	makestep 0.1 3
	74
	75	cmdport 0
	76	'';
	77	};
	78
	79	services.openssh = {
	80	enable = true;
	81	passwordAuthentication = false;
	82	challengeResponseAuthentication = false;
	83	extraConfig = ''
	84	AllowGroups ssh
	85	'';
	86	};
	87	users.groups."ssh" = {
	88	members = ["root"];
	89	};
	90
	91	security.sudo.extraConfig = ''
	92	Defaults lecture = never
	93	'';
	94
	95	nix.gc = {
	96	automatic = true;
	97	options = "--delete-older-than 30d";
	98	};
	99	};
	100	}


diff --git a/hosts/vidhar/zfs.nix b/hosts/vidhar/zfs.nix new file mode 100644 index 00000000..3beef836 --- /dev/null +++ b/hosts/vidhar/zfs.nix
@@ -0,0 +1,108 @@
	1	{ pkgs, config, ... }:
	2	let
	3	snapshotNames = ["frequent" "hourly" "daily" "monthly" "yearly"];
	4	snapshotCount = {
	5	frequent = 24;
	6	hourly = 24;
	7	daily = 30;
	8	monthly = 12;
	9	yearly = 5;
	10	};
	11	snapshotTimerConfig = {
	12	frequent = { OnCalendar = "*:0/5 UTC"; Persistent = true; };
	13	hourly = { OnCalendar = "hourly UTC"; Persistent = true; };
	14	daily = { OnCalendar = "daily UTC"; Persistent = true; };
	15	monthly = { OnCalendar = "monthly UTC"; Persistent = true; };
	16	yearly = { OnCalendar = "yearly UTC"; Persistent = true; };
	17	};
	18	snapshotDescr = {
	19	frequent = "few minutes";
	20	hourly = "hour";
	21	daily = "day";
	22	monthly = "month";
	23	yearly = "year";
	24	};
	25
	26	zfs = config.boot.zfs.package;
	27
	28	autosnapPackage = pkgs.zfstools.override { inherit zfs; };
	29	in {
	30	config = {
	31	fileSystems = {
	32	"/boot" =
	33	{ device = "boot";
	34	fsType = "zfs";
	35	};
	36
	37	"/nix" =
	38	{ device = "ssd-raid0/local/nix";
	39	fsType = "zfs";
	40	};
	41
	42	"/root" =
	43	{ device = "ssd-raid1/safe/home-root";
	44	fsType = "zfs";
	45	neededForBoot = true;
	46	};
	47
	48	"/var/lib/systemd" =
	49	{ device = "ssd-raid1/local/var-lib-systemd";
	50	fsType = "zfs";
	51	neededForBoot = true;
	52	};
	53
	54	"/var/lib/nixos" =
	55	{ device = "ssd-raid1/local/var-lib-nixos";
	56	fsType = "zfs";
	57	neededForBoot = true;
	58	};
	59
	60	"/var/log" =
	61	{ device = "ssd-raid1/local/var-log";
	62	fsType = "zfs";
	63	};
	64
	65	"/home" =
	66	{ device = "hdd-raid6/safe/home";
	67	fsType = "zfs";
	68	};
	69	};
	70
	71	systemd.services =
	72	let mkSnapService = snapName: {
	73	name = "zfs-snapshot-${snapName}";
	74	value = {
	75	description = "ZFS auto-snapshot every ${snapshotDescr.${snapName}}";
	76	after = [ "zfs-import.target" ];
	77	serviceConfig = {
	78	Type = "oneshot";
	79	ExecStart = "${autosnapPackage}/bin/zfs-auto-snapshot -k -p -u ${snapName} ${toString snapshotCount.${snapName}}";
	80	};
	81	restartIfChanged = false;
	82
	83	preStart = ''
	84	${zfs}/bin/zfs set com.sun:auto-snapshot=true hdd-raid6/safe
	85	${zfs}/bin/zfs set com.sun:auto-snapshot=true ssd-raid1/safe
	86	${zfs}/bin/zfs set com.sun:auto-snapshot=true boot
	87	'';
	88	};
	89	};
	90	in builtins.listToAttrs (map mkSnapService snapshotNames);
	91
	92	systemd.timers =
	93	let mkSnapTimer = snapName: {
	94	name = "zfs-snapshot-${snapName}";
	95	value = {
	96	wantedBy = [ "timers.target" ];
	97	timerConfig = snapshotTimerConfig.${snapName};
	98	};
	99	};
	100	in builtins.listToAttrs (map mkSnapTimer snapshotNames);
	101
	102	services.zfs.trim.enable = false;
	103	services.zfs.autoScrub = {
	104	enable = true;
	105	interval = "Sun --1..7 04:00:00";
	106	};
	107	};
	108	}