2 files changed, 208 insertions, 0 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
new file mode 100644
index 00000000..dc7f620b
--- /dev/null
+++ b/hosts/vidhar/default.nix
@@ -0,0 +1,100 @@
+{ flake, pkgs, lib, ... }:
+{
+  imports = with flake.nixosModules.systemProfiles; [
+    openssh rebuild-machines
+  ];
+  config = {
+    nixpkgs = {
+      system = "x86_64-linux";
+    };
+    networking.hostId = "1e7ddd78";
+    environment.etc."machine-id".text = "1e7ddd784c525bba2a03d7c160c5da4e";
+    boot = {
+      loader.grub = {
+        enable = true;
+        version = 2;
+        device = "/dev/disk/by-id/usb-Intenso_Slim_Line_22010091300228-0:0";
+      };
+      kernelPackages = pkgs.linuxPackages_latest;
+      tmpOnTmpfs = true;
+      supportedFilesystems = [ "zfs" ];
+      zfs = {
+        enableUnstable = true;
+      };
+    };
+    fileSystems = {
+      "/" = {
+        fsType = "tmpfs";
+        options = [ "mode=0755" ];
+      };
+    };
+    networking = {
+      hostName = "vidhar";
+      domain = "asgard.yggdrasil";
+      search = [ "asgard.yggdrasil" "yggdrasil" ];
+      useDHCP = false;
+      useNetworkd = true;
+      interfaces."eno1".useDHCP = true;
+      firewall = {
+        enable = true;
+        allowPing = true;
+        allowedTCPPorts = [
+          22 # ssh
+        ];
+        allowedUDPPortRanges = [
+          { from = 60000; to = 61000; } # mosh
+        ];
+      };
+    };
+    services.timesyncd.enable = false;
+    services.chrony = {
+      enable = true;
+      servers = [];
+      extraConfig = ''
+        pool time.cloudflare.com iburst nts
+        pool nts.ntp.se iburst nts
+        server nts.sth1.ntp.se iburst nts
+        server nts.sth2.ntp.se iburst nts
+        server ptbtime1.ptb.de iburst nts
+        server ptbtime2.ptb.de iburst nts
+        server ptbtime3.ptb.de iburst nts
+        makestep 0.1 3
+        cmdport 0
+      '';
+    };
+    services.openssh = {
+      enable = true;
+      passwordAuthentication = false;
+      challengeResponseAuthentication = false;
+      extraConfig = ''
+        AllowGroups ssh
+      '';
+    };
+    users.groups."ssh" = {
+      members = ["root"];
+    };
+    security.sudo.extraConfig = ''
+      Defaults lecture = never
+    '';
+    nix.gc = {
+      automatic = true;
+      options = "--delete-older-than 30d";
+    };
+  };
+}
diff --git a/hosts/vidhar/zfs.nix b/hosts/vidhar/zfs.nix
new file mode 100644
index 00000000..3beef836
--- /dev/null
+++ b/hosts/vidhar/zfs.nix
@@ -0,0 +1,108 @@
+{ pkgs, config, ... }:
+let
+  snapshotNames = ["frequent" "hourly" "daily" "monthly" "yearly"];
+  snapshotCount = {
+    frequent = 24;
+    hourly = 24;
+    daily = 30;
+    monthly = 12;
+    yearly = 5;
+  };
+  snapshotTimerConfig = {
+    frequent = { OnCalendar = "*:0/5 UTC"; Persistent = true; };
+    hourly = { OnCalendar = "hourly UTC"; Persistent = true; };
+    daily = { OnCalendar = "daily UTC"; Persistent = true; };
+    monthly = { OnCalendar = "monthly UTC"; Persistent = true; };
+    yearly = { OnCalendar = "yearly UTC"; Persistent = true; };
+  };
+  snapshotDescr = {
+    frequent = "few minutes";
+    hourly = "hour";
+    daily = "day";
+    monthly = "month";
+    yearly = "year";
+  };
+  zfs = config.boot.zfs.package;
+  autosnapPackage = pkgs.zfstools.override { inherit zfs; };
+in {
+  config = {
+    fileSystems = {
+      "/boot" =
+        { device = "boot";
+          fsType = "zfs";
+        };
+      "/nix" =
+        { device = "ssd-raid0/local/nix";
+          fsType = "zfs";
+        };
+      "/root" =
+        { device = "ssd-raid1/safe/home-root";
+          fsType = "zfs";
+          neededForBoot = true;
+        };
+      "/var/lib/systemd" =
+        { device = "ssd-raid1/local/var-lib-systemd";
+          fsType = "zfs";
+          neededForBoot = true;
+        };
+      
+      "/var/lib/nixos" =
+        { device = "ssd-raid1/local/var-lib-nixos";
+          fsType = "zfs";
+          neededForBoot = true;
+        };
+      "/var/log" =
+        { device = "ssd-raid1/local/var-log";
+          fsType = "zfs";
+        };
+      "/home" =
+        { device = "hdd-raid6/safe/home";
+          fsType = "zfs";
+        };
+    };
+    systemd.services =
+      let mkSnapService = snapName: {
+            name = "zfs-snapshot-${snapName}";
+            value = {
+              description = "ZFS auto-snapshot every ${snapshotDescr.${snapName}}";
+              after = [ "zfs-import.target" ];
+              serviceConfig = {
+                Type = "oneshot";
+                ExecStart = "${autosnapPackage}/bin/zfs-auto-snapshot -k -p -u ${snapName} ${toString snapshotCount.${snapName}}";
+              };
+              restartIfChanged = false;
+              preStart = ''
+                ${zfs}/bin/zfs set com.sun:auto-snapshot=true hdd-raid6/safe
+                ${zfs}/bin/zfs set com.sun:auto-snapshot=true ssd-raid1/safe
+                ${zfs}/bin/zfs set com.sun:auto-snapshot=true boot
+              '';
+            };
+          };
+      in builtins.listToAttrs (map mkSnapService snapshotNames);
+    systemd.timers =
+      let mkSnapTimer = snapName: {
+            name = "zfs-snapshot-${snapName}";
+            value = {
+              wantedBy = [ "timers.target" ];
+              timerConfig = snapshotTimerConfig.${snapName};
+            };
+          };
+      in builtins.listToAttrs (map mkSnapTimer snapshotNames);
+    services.zfs.trim.enable = false;
+    services.zfs.autoScrub = {
+      enable = true;
+      interval = "Sun *-*-1..7 04:00:00";
+    };
+  };
+}

diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix new file mode 100644 index 00000000..dc7f620b --- /dev/null +++ b/hosts/vidhar/default.nix
@@ -0,0 +1,100 @@
	1	{ flake, pkgs, lib, ... }:
	2	{
	3	imports = with flake.nixosModules.systemProfiles; [
	4	openssh rebuild-machines
	5	];
	6
	7	config = {
	8	nixpkgs = {
	9	system = "x86_64-linux";
	10	};
	11
	12	networking.hostId = "1e7ddd78";
	13	environment.etc."machine-id".text = "1e7ddd784c525bba2a03d7c160c5da4e";
	14
	15	boot = {
	16	loader.grub = {
	17	enable = true;
	18	version = 2;
	19	device = "/dev/disk/by-id/usb-Intenso_Slim_Line_22010091300228-0:0";
	20	};
	21
	22	kernelPackages = pkgs.linuxPackages_latest;
	23
	24	tmpOnTmpfs = true;
	25
	26	supportedFilesystems = [ "zfs" ];
	27	zfs = {
	28	enableUnstable = true;
	29	};
	30	};
	31
	32	fileSystems = {
	33	"/" = {
	34	fsType = "tmpfs";
	35	options = [ "mode=0755" ];
	36	};
	37	};
	38
	39	networking = {
	40	hostName = "vidhar";
	41	domain = "asgard.yggdrasil";
	42	search = [ "asgard.yggdrasil" "yggdrasil" ];
	43
	44	useDHCP = false;
	45	useNetworkd = true;
	46
	47	interfaces."eno1".useDHCP = true;
	48
	49	firewall = {
	50	enable = true;
	51	allowPing = true;
	52	allowedTCPPorts = [
	53	22 # ssh
	54	];
	55	allowedUDPPortRanges = [
	56	{ from = 60000; to = 61000; } # mosh
	57	];
	58	};
	59	};
	60	services.timesyncd.enable = false;
	61	services.chrony = {
	62	enable = true;
	63	servers = [];
	64	extraConfig = ''
	65	pool time.cloudflare.com iburst nts
	66	pool nts.ntp.se iburst nts
	67	server nts.sth1.ntp.se iburst nts
	68	server nts.sth2.ntp.se iburst nts
	69	server ptbtime1.ptb.de iburst nts
	70	server ptbtime2.ptb.de iburst nts
	71	server ptbtime3.ptb.de iburst nts
	72
	73	makestep 0.1 3
	74
	75	cmdport 0
	76	'';
	77	};
	78
	79	services.openssh = {
	80	enable = true;
	81	passwordAuthentication = false;
	82	challengeResponseAuthentication = false;
	83	extraConfig = ''
	84	AllowGroups ssh
	85	'';
	86	};
	87	users.groups."ssh" = {
	88	members = ["root"];
	89	};
	90
	91	security.sudo.extraConfig = ''
	92	Defaults lecture = never
	93	'';
	94
	95	nix.gc = {
	96	automatic = true;
	97	options = "--delete-older-than 30d";
	98	};
	99	};
	100	}


diff --git a/hosts/vidhar/zfs.nix b/hosts/vidhar/zfs.nix new file mode 100644 index 00000000..3beef836 --- /dev/null +++ b/hosts/vidhar/zfs.nix
@@ -0,0 +1,108 @@
	1	{ pkgs, config, ... }:
	2	let
	3	snapshotNames = ["frequent" "hourly" "daily" "monthly" "yearly"];
	4	snapshotCount = {
	5	frequent = 24;
	6	hourly = 24;
	7	daily = 30;
	8	monthly = 12;
	9	yearly = 5;
	10	};
	11	snapshotTimerConfig = {
	12	frequent = { OnCalendar = "*:0/5 UTC"; Persistent = true; };
	13	hourly = { OnCalendar = "hourly UTC"; Persistent = true; };
	14	daily = { OnCalendar = "daily UTC"; Persistent = true; };
	15	monthly = { OnCalendar = "monthly UTC"; Persistent = true; };
	16	yearly = { OnCalendar = "yearly UTC"; Persistent = true; };
	17	};
	18	snapshotDescr = {
	19	frequent = "few minutes";
	20	hourly = "hour";
	21	daily = "day";
	22	monthly = "month";
	23	yearly = "year";
	24	};
	25
	26	zfs = config.boot.zfs.package;
	27
	28	autosnapPackage = pkgs.zfstools.override { inherit zfs; };
	29	in {
	30	config = {
	31	fileSystems = {
	32	"/boot" =
	33	{ device = "boot";
	34	fsType = "zfs";
	35	};
	36
	37	"/nix" =
	38	{ device = "ssd-raid0/local/nix";
	39	fsType = "zfs";
	40	};
	41
	42	"/root" =
	43	{ device = "ssd-raid1/safe/home-root";
	44	fsType = "zfs";
	45	neededForBoot = true;
	46	};
	47
	48	"/var/lib/systemd" =
	49	{ device = "ssd-raid1/local/var-lib-systemd";
	50	fsType = "zfs";
	51	neededForBoot = true;
	52	};
	53
	54	"/var/lib/nixos" =
	55	{ device = "ssd-raid1/local/var-lib-nixos";
	56	fsType = "zfs";
	57	neededForBoot = true;
	58	};
	59
	60	"/var/log" =
	61	{ device = "ssd-raid1/local/var-log";
	62	fsType = "zfs";
	63	};
	64
	65	"/home" =
	66	{ device = "hdd-raid6/safe/home";
	67	fsType = "zfs";
	68	};
	69	};
	70
	71	systemd.services =
	72	let mkSnapService = snapName: {
	73	name = "zfs-snapshot-${snapName}";
	74	value = {
	75	description = "ZFS auto-snapshot every ${snapshotDescr.${snapName}}";
	76	after = [ "zfs-import.target" ];
	77	serviceConfig = {
	78	Type = "oneshot";
	79	ExecStart = "${autosnapPackage}/bin/zfs-auto-snapshot -k -p -u ${snapName} ${toString snapshotCount.${snapName}}";
	80	};
	81	restartIfChanged = false;
	82
	83	preStart = ''
	84	${zfs}/bin/zfs set com.sun:auto-snapshot=true hdd-raid6/safe
	85	${zfs}/bin/zfs set com.sun:auto-snapshot=true ssd-raid1/safe
	86	${zfs}/bin/zfs set com.sun:auto-snapshot=true boot
	87	'';
	88	};
	89	};
	90	in builtins.listToAttrs (map mkSnapService snapshotNames);
	91
	92	systemd.timers =
	93	let mkSnapTimer = snapName: {
	94	name = "zfs-snapshot-${snapName}";
	95	value = {
	96	wantedBy = [ "timers.target" ];
	97	timerConfig = snapshotTimerConfig.${snapName};
	98	};
	99	};
	100	in builtins.listToAttrs (map mkSnapTimer snapshotNames);
	101
	102	services.zfs.trim.enable = false;
	103	services.zfs.autoScrub = {
	104	enable = true;
	105	interval = "Sun --1..7 04:00:00";
	106	};
	107	};
	108	}