diff options
Diffstat (limited to 'hosts/vidhar/default.nix')
| -rw-r--r-- | hosts/vidhar/default.nix | 39 |
1 files changed, 33 insertions, 6 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index 121cc9df..3f5d17d5 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix | |||
| @@ -1,4 +1,7 @@ | |||
| 1 | { hostName, flake, config, pkgs, lib, ... }: | 1 | { hostName, flake, config, pkgs, lib, ... }: |
| 2 | |||
| 3 | with lib; | ||
| 4 | |||
| 2 | { | 5 | { |
| 3 | imports = with flake.nixosModules.systemProfiles; [ | 6 | imports = with flake.nixosModules.systemProfiles; [ |
| 4 | ./zfs.nix ./network ./samba.nix ./dns ./prometheus ./borg | 7 | ./zfs.nix ./network ./samba.nix ./dns ./prometheus ./borg |
| @@ -39,7 +42,7 @@ | |||
| 39 | luks.devices = { | 42 | luks.devices = { |
| 40 | nvm0 = { device = "/dev/disk/by-label/${hostName}-nvm0"; bypassWorkqueues = true; }; | 43 | nvm0 = { device = "/dev/disk/by-label/${hostName}-nvm0"; bypassWorkqueues = true; }; |
| 41 | nvm1 = { device = "/dev/disk/by-label/${hostName}-nvm1"; bypassWorkqueues = true; }; | 44 | nvm1 = { device = "/dev/disk/by-label/${hostName}-nvm1"; bypassWorkqueues = true; }; |
| 42 | 45 | ||
| 43 | hdd0.device = "/dev/disk/by-label/${hostName}-hdd0"; | 46 | hdd0.device = "/dev/disk/by-label/${hostName}-hdd0"; |
| 44 | hdd1.device = "/dev/disk/by-label/${hostName}-hdd1"; | 47 | hdd1.device = "/dev/disk/by-label/${hostName}-hdd1"; |
| 45 | hdd2.device = "/dev/disk/by-label/${hostName}-hdd2"; | 48 | hdd2.device = "/dev/disk/by-label/${hostName}-hdd2"; |
| @@ -58,7 +61,7 @@ | |||
| 58 | options = [ "mode=0755" ]; | 61 | options = [ "mode=0755" ]; |
| 59 | }; | 62 | }; |
| 60 | }; | 63 | }; |
| 61 | 64 | ||
| 62 | services.timesyncd.enable = false; | 65 | services.timesyncd.enable = false; |
| 63 | services.chrony = { | 66 | services.chrony = { |
| 64 | enable = true; | 67 | enable = true; |
| @@ -132,6 +135,7 @@ | |||
| 132 | access_log syslog:server=unix:/dev/log main; | 135 | access_log syslog:server=unix:/dev/log main; |
| 133 | error_log syslog:server=unix:/dev/log info; | 136 | error_log syslog:server=unix:/dev/log info; |
| 134 | 137 | ||
| 138 | client_body_buffer_size 16m; | ||
| 135 | client_body_temp_path /run/nginx-client-bodies; | 139 | client_body_temp_path /run/nginx-client-bodies; |
| 136 | ''; | 140 | ''; |
| 137 | upstreams.grafana = { | 141 | upstreams.grafana = { |
| @@ -173,12 +177,12 @@ | |||
| 173 | sopsFile = ./selfsigned.key; | 177 | sopsFile = ./selfsigned.key; |
| 174 | }; | 178 | }; |
| 175 | systemd.services.nginx = { | 179 | systemd.services.nginx = { |
| 176 | preStart = lib.mkForce config.services.nginx.preStart; | 180 | preStart = mkForce config.services.nginx.preStart; |
| 177 | serviceConfig = { | 181 | serviceConfig = { |
| 178 | ExecReload = lib.mkForce "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; | 182 | ExecReload = mkForce "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; |
| 179 | LoadCredential = [ "selfsigned.key:${config.sops.secrets."selfsigned.key".path}" ]; | 183 | LoadCredential = [ "selfsigned.key:${config.sops.secrets."selfsigned.key".path}" ]; |
| 180 | 184 | ||
| 181 | RuntimeDirectory = lib.mkForce [ "nginx" "nginx-client-bodies" ]; | 185 | RuntimeDirectory = mkForce [ "nginx" "nginx-client-bodies" ]; |
| 182 | RuntimeDirectoryMode = "0750"; | 186 | RuntimeDirectoryMode = "0750"; |
| 183 | }; | 187 | }; |
| 184 | }; | 188 | }; |
| @@ -232,7 +236,7 @@ | |||
| 232 | }; | 236 | }; |
| 233 | }; | 237 | }; |
| 234 | systemd.services.loki.preStart = let | 238 | systemd.services.loki.preStart = let |
| 235 | rulesYaml = lib.generators.toYAML {} { | 239 | rulesYaml = generators.toYAML {} { |
| 236 | groups = [ | 240 | groups = [ |
| 237 | { name = "power-failures"; | 241 | { name = "power-failures"; |
| 238 | rules = [ | 242 | rules = [ |
| @@ -311,6 +315,29 @@ | |||
| 311 | timers.wants = ["systemd-tmpfiles-clean.timer"]; | 315 | timers.wants = ["systemd-tmpfiles-clean.timer"]; |
| 312 | }; | 316 | }; |
| 313 | 317 | ||
| 318 | services.smartd = { | ||
| 319 | enable = true; | ||
| 320 | autodetect = false; | ||
| 321 | defaults.monitored = "-a -o on -s (S/../.././02|L/../../7/04)"; | ||
| 322 | devices = map (dev: { device = "/dev/disk/by-path/${dev}"; }) [ | ||
| 323 | "pci-0000:00:1f.2-ata-1" | ||
| 324 | "pci-0000:00:1f.2-ata-3" | ||
| 325 | "pci-0000:00:1f.2-ata-4" | ||
| 326 | "pci-0000:00:1f.2-ata-5" | ||
| 327 | "pci-0000:00:1f.2-ata-6" | ||
| 328 | "pci-0000:02:00.0-nvme-1" | ||
| 329 | "pci-0000:05:00.0-sas-phy0-lun-0" | ||
| 330 | "pci-0000:05:00.0-sas-phy1-lun-0" | ||
| 331 | "pci-0000:06:00.0-nvme-1" | ||
| 332 | ]; | ||
| 333 | notifications = { | ||
| 334 | test = false; | ||
| 335 | mail.enable = false; | ||
| 336 | x11.enable = false; | ||
| 337 | wall.enable = false; | ||
| 338 | }; | ||
| 339 | }; | ||
| 340 | |||
| 314 | environment.systemPackages = with pkgs; [iotop vmtouch]; | 341 | environment.systemPackages = with pkgs; [iotop vmtouch]; |
| 315 | 342 | ||
| 316 | system.stateVersion = "21.05"; | 343 | system.stateVersion = "21.05"; |