From 234c7390e46d1f0e116822e171aa7815d97488c1 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 17 Jun 2021 21:20:19 +0200 Subject: vidhar: initial --- hosts/vidhar/default.nix | 100 +++++++++++++++++++++++++++++++++++++++++++ hosts/vidhar/zfs.nix | 108 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 208 insertions(+) create mode 100644 hosts/vidhar/default.nix create mode 100644 hosts/vidhar/zfs.nix (limited to 'hosts') diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix new file mode 100644 index 00000000..dc7f620b --- /dev/null +++ b/hosts/vidhar/default.nix @@ -0,0 +1,100 @@ +{ flake, pkgs, lib, ... }: +{ + imports = with flake.nixosModules.systemProfiles; [ + openssh rebuild-machines + ]; + + config = { + nixpkgs = { + system = "x86_64-linux"; + }; + + networking.hostId = "1e7ddd78"; + environment.etc."machine-id".text = "1e7ddd784c525bba2a03d7c160c5da4e"; + + boot = { + loader.grub = { + enable = true; + version = 2; + device = "/dev/disk/by-id/usb-Intenso_Slim_Line_22010091300228-0:0"; + }; + + kernelPackages = pkgs.linuxPackages_latest; + + tmpOnTmpfs = true; + + supportedFilesystems = [ "zfs" ]; + zfs = { + enableUnstable = true; + }; + }; + + fileSystems = { + "/" = { + fsType = "tmpfs"; + options = [ "mode=0755" ]; + }; + }; + + networking = { + hostName = "vidhar"; + domain = "asgard.yggdrasil"; + search = [ "asgard.yggdrasil" "yggdrasil" ]; + + useDHCP = false; + useNetworkd = true; + + interfaces."eno1".useDHCP = true; + + firewall = { + enable = true; + allowPing = true; + allowedTCPPorts = [ + 22 # ssh + ]; + allowedUDPPortRanges = [ + { from = 60000; to = 61000; } # mosh + ]; + }; + }; + services.timesyncd.enable = false; + services.chrony = { + enable = true; + servers = []; + extraConfig = '' + pool time.cloudflare.com iburst nts + pool nts.ntp.se iburst nts + server nts.sth1.ntp.se iburst nts + server nts.sth2.ntp.se iburst nts + server ptbtime1.ptb.de iburst nts + server ptbtime2.ptb.de iburst nts + server ptbtime3.ptb.de iburst nts + + makestep 0.1 3 + + cmdport 0 + ''; + }; + + services.openssh = { + enable = true; + passwordAuthentication = false; + challengeResponseAuthentication = false; + extraConfig = '' + AllowGroups ssh + ''; + }; + users.groups."ssh" = { + members = ["root"]; + }; + + security.sudo.extraConfig = '' + Defaults lecture = never + ''; + + nix.gc = { + automatic = true; + options = "--delete-older-than 30d"; + }; + }; +} diff --git a/hosts/vidhar/zfs.nix b/hosts/vidhar/zfs.nix new file mode 100644 index 00000000..3beef836 --- /dev/null +++ b/hosts/vidhar/zfs.nix @@ -0,0 +1,108 @@ +{ pkgs, config, ... }: +let + snapshotNames = ["frequent" "hourly" "daily" "monthly" "yearly"]; + snapshotCount = { + frequent = 24; + hourly = 24; + daily = 30; + monthly = 12; + yearly = 5; + }; + snapshotTimerConfig = { + frequent = { OnCalendar = "*:0/5 UTC"; Persistent = true; }; + hourly = { OnCalendar = "hourly UTC"; Persistent = true; }; + daily = { OnCalendar = "daily UTC"; Persistent = true; }; + monthly = { OnCalendar = "monthly UTC"; Persistent = true; }; + yearly = { OnCalendar = "yearly UTC"; Persistent = true; }; + }; + snapshotDescr = { + frequent = "few minutes"; + hourly = "hour"; + daily = "day"; + monthly = "month"; + yearly = "year"; + }; + + zfs = config.boot.zfs.package; + + autosnapPackage = pkgs.zfstools.override { inherit zfs; }; +in { + config = { + fileSystems = { + "/boot" = + { device = "boot"; + fsType = "zfs"; + }; + + "/nix" = + { device = "ssd-raid0/local/nix"; + fsType = "zfs"; + }; + + "/root" = + { device = "ssd-raid1/safe/home-root"; + fsType = "zfs"; + neededForBoot = true; + }; + + "/var/lib/systemd" = + { device = "ssd-raid1/local/var-lib-systemd"; + fsType = "zfs"; + neededForBoot = true; + }; + + "/var/lib/nixos" = + { device = "ssd-raid1/local/var-lib-nixos"; + fsType = "zfs"; + neededForBoot = true; + }; + + "/var/log" = + { device = "ssd-raid1/local/var-log"; + fsType = "zfs"; + }; + + "/home" = + { device = "hdd-raid6/safe/home"; + fsType = "zfs"; + }; + }; + + systemd.services = + let mkSnapService = snapName: { + name = "zfs-snapshot-${snapName}"; + value = { + description = "ZFS auto-snapshot every ${snapshotDescr.${snapName}}"; + after = [ "zfs-import.target" ]; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${autosnapPackage}/bin/zfs-auto-snapshot -k -p -u ${snapName} ${toString snapshotCount.${snapName}}"; + }; + restartIfChanged = false; + + preStart = '' + ${zfs}/bin/zfs set com.sun:auto-snapshot=true hdd-raid6/safe + ${zfs}/bin/zfs set com.sun:auto-snapshot=true ssd-raid1/safe + ${zfs}/bin/zfs set com.sun:auto-snapshot=true boot + ''; + }; + }; + in builtins.listToAttrs (map mkSnapService snapshotNames); + + systemd.timers = + let mkSnapTimer = snapName: { + name = "zfs-snapshot-${snapName}"; + value = { + wantedBy = [ "timers.target" ]; + timerConfig = snapshotTimerConfig.${snapName}; + }; + }; + in builtins.listToAttrs (map mkSnapTimer snapshotNames); + + services.zfs.trim.enable = false; + services.zfs.autoScrub = { + enable = true; + interval = "Sun *-*-1..7 04:00:00"; + }; + }; +} -- cgit v1.2.3