From 63adb41f1a060c21a68143eb9e86c2790ef66f36 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 8 Aug 2024 10:45:09 +0200 Subject: ... --- hosts/sif/default.nix | 31 ++++++++++++++++- hosts/sif/hw.nix | 57 +++----------------------------- hosts/surtr/bifrost/default.nix | 10 ++---- hosts/surtr/default.nix | 1 + hosts/surtr/vpn/default.nix | 30 +++++------------ hosts/vidhar/default.nix | 1 + hosts/vidhar/network/bifrost/default.nix | 46 ++++++++++---------------- hosts/vidhar/network/default.nix | 31 +++++++++-------- 8 files changed, 80 insertions(+), 127 deletions(-) (limited to 'hosts') diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index 3525015d..5ed4e05e 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix @@ -16,6 +16,7 @@ in { tmpfs-root bcachefs initrd-all-crypto-modules default-locale openssh rebuild-machines networkmanager flakeInputs.nixos-hardware.nixosModules.lenovo-thinkpad-p1 + flakeInputs.impermanence.nixosModules.impermanence ]; config = { @@ -555,7 +556,10 @@ in { # sound.enable = true; nix = { - settings.auto-optimise-store = true; + settings = { + auto-optimise-store = true; + max-jobs = 4; + }; daemonCPUSchedPolicy = "idle"; daemonIOSchedClass = "idle"; @@ -569,6 +573,11 @@ in { speedFactor = 4; }; }; + systemd.services."nix-daemon" = { + serviceConfig = { + CPUQuota = "400%"; + }; + }; environment.etc."X11/xorg.conf.d/50-wacom.conf".source = lib.mkForce ./wacom.conf; @@ -661,6 +670,26 @@ in { in [ gtk-portal ]; }; + environment.persistence."/.bcachefs" = { + hideMounts = true; + directories = [ + "/nix" + "/root" + "/var/log" + "/var/lib/sops-nix" + "/var/lib/nixos" + "/var/lib/systemd" + "/home" + "/var/lib/chrony" + "/var/lib/fprint" + "/var/lib/bluetooth" + "/etc/NetworkManager/system-connections" + ]; + files = [ + "/etc/localtime" + ]; + }; + system.stateVersion = "24.11"; }; } diff --git a/hosts/sif/hw.nix b/hosts/sif/hw.nix index 077d25a6..fc20ef7c 100644 --- a/hosts/sif/hw.nix +++ b/hosts/sif/hw.nix @@ -12,59 +12,11 @@ fsType = "bcachefs"; neededForBoot = true; }; - "/nix" = - { device = "/.bcachefs/nix"; - fsType = "none"; - options = [ "bind" ]; # "x-systemd.after=bcachefs.service" "x-systemd.requires=bcachefs.service" "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ]; - }; - "/root" = - { device = "/.bcachefs/root"; - fsType = "none"; - options = [ "bind" ]; # "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ]; - }; - "/var/log" = - { device = "/.bcachefs/var/log"; - fsType = "none"; - options = [ "bind" ]; # "x-systemd.after=bcachefs.service" "x-systemd.requires=bcachefs.service" "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ]; - }; - "/var/lib/sops-nix" = - { device = "/.bcachefs/var/lib/sops-nix"; - fsType = "none"; - options = [ "bind" ]; # "x-systemd.after=bcachefs.service" "x-systemd.requires=bcachefs.service" "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ]; - neededForBoot = true; - }; - "/var/lib/nixos" = - { device = "/.bcachefs/var/lib/nixos"; - fsType = "none"; - options = [ "bind" ]; # "x-systemd.after=bcachefs.service" "x-systemd.requires=bcachefs.service" "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ]; - }; - "/var/lib/chrony" = - { device = "/.bcachefs/var/lib/chrony"; - fsType = "none"; - options = [ "bind" ]; # "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ]; - }; - "/var/lib/fprint" = - { device = "/.bcachefs/var/lib/fprint"; - fsType = "none"; - options = [ "bind" ]; # "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ]; - }; - "/var/lib/systemd" = - { device = "/.bcachefs/var/lib/systemd"; - fsType = "none"; - options = [ "bind" ]; # "x-systemd.after=bcachefs.service" "x-systemd.requires=bcachefs.service" "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ]; - neededForBoot = true; - }; - "/home" = - { device = "/.bcachefs/home"; - fsType = "none"; - options = [ "bind" ]; # "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ]; - }; - "/etc/NetworkManager/system-connections" = - { device = "/.bcachefs/etc/NetworkManager/system-connections"; - fsType = "none"; - options = [ "bind" ]; # "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ]; - }; + "/var/lib/sops-nix".neededForBoot = true; + "/var/lib/systemd".neededForBoot = true; }; + system.etc.overlay.enable = false; + systemd.sysusers.enable = false; # boot.initrd.supportedFilesystems.bcachefs = true; # boot.initrd.systemd.units."dev-sif-nvm0:-dev-sif-nvm1.device".enable = false; @@ -91,7 +43,6 @@ # }; # }; - nix.settings.max-jobs = 12; # High-DPI console console.font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz"; diff --git a/hosts/surtr/bifrost/default.nix b/hosts/surtr/bifrost/default.nix index 20cd5892..fbfde757 100644 --- a/hosts/surtr/bifrost/default.nix +++ b/hosts/surtr/bifrost/default.nix @@ -18,10 +18,8 @@ in { ListenPort = 51822; }; wireguardPeers = [ - { wireguardPeerConfig = { - AllowedIPs = [ "2a03:4000:52:ada:4:1::/96" ]; - PublicKey = trim (readFile ../../vidhar/network/bifrost/vidhar.pub); - }; + { AllowedIPs = [ "2a03:4000:52:ada:4:1::/96" ]; + PublicKey = trim (readFile ../../vidhar/network/bifrost/vidhar.pub); } ]; }; @@ -34,9 +32,7 @@ in { }; address = ["2a03:4000:52:ada:4::/96"]; routes = [ - { routeConfig = { - Destination = "2a03:4000:52:ada:4::/80"; - }; + { Destination = "2a03:4000:52:ada:4::/80"; } ]; linkConfig = { diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix index e6ca0c64..ceb035cb 100644 --- a/hosts/surtr/default.nix +++ b/hosts/surtr/default.nix @@ -165,6 +165,7 @@ with lib; algorithm = "zstd"; }; + systemd.sysusers.enable = false; system.stateVersion = "20.09"; }; } diff --git a/hosts/surtr/vpn/default.nix b/hosts/surtr/vpn/default.nix index 74a9fb22..61a9d544 100644 --- a/hosts/surtr/vpn/default.nix +++ b/hosts/surtr/vpn/default.nix @@ -63,10 +63,8 @@ in { ListenPort = 51820; }; wireguardPeers = imap1 (i: { name, ip ? i }: { - wireguardPeerConfig = { - AllowedIPs = ["${prefix6}:${toString ip}::/96" "${prefix4}.${toString ip}/32"]; - PublicKey = trim (readFile (./. + "/${name}.pub")); - }; + AllowedIPs = ["${prefix6}:${toString ip}::/96" "${prefix4}.${toString ip}/32"]; + PublicKey = trim (readFile (./. + "/${name}.pub")); }) [ { name = "geri"; } { name = "sif"; } ]; }; }; @@ -86,19 +84,13 @@ in { MulticastDNS = false; }; routes = [ - { routeConfig = { - Destination = "202.61.240.1"; - }; + { Destination = "202.61.240.1"; } - { routeConfig = { - Destination = "0.0.0.0/0"; - Gateway = "202.61.240.1"; - }; + { Destination = "0.0.0.0/0"; + Gateway = "202.61.240.1"; } - { routeConfig = { - Destination = "::/0"; - Gateway = "fe80::1"; - }; + { Destination = "::/0"; + Gateway = "fe80::1"; } ]; extraConfig = '' @@ -114,13 +106,9 @@ in { }; address = ["${prefix6}::/96" "${prefix4}.0/32"]; routes = [ - { routeConfig = { - Destination = "${prefix6}::/80"; - }; + { Destination = "${prefix6}::/80"; } - { routeConfig = { - Destination = "${prefix4}.0/24"; - }; + { Destination = "${prefix4}.0/24"; } ]; linkConfig = { diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index ea200f5c..440829bb 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix @@ -377,6 +377,7 @@ with lib; environment.systemPackages = with pkgs; [iotop vmtouch]; + systemd.sysusers.enable = false; system.stateVersion = "21.05"; }; } diff --git a/hosts/vidhar/network/bifrost/default.nix b/hosts/vidhar/network/bifrost/default.nix index ec354f81..59550481 100644 --- a/hosts/vidhar/network/bifrost/default.nix +++ b/hosts/vidhar/network/bifrost/default.nix @@ -18,12 +18,10 @@ in { ListenPort = 51822; }; wireguardPeers = [ - { wireguardPeerConfig = { - AllowedIPs = [ "::/0" ]; - PublicKey = trim (readFile ../../../surtr/bifrost/surtr.pub); - PersistentKeepalive = 5; - Endpoint = "2a03:4000:52:ada:::51822"; - }; + { AllowedIPs = [ "::/0" ]; + PublicKey = trim (readFile ../../../surtr/bifrost/surtr.pub); + PersistentKeepalive = 5; + Endpoint = "2a03:4000:52:ada:::51822"; } ]; }; @@ -36,35 +34,25 @@ in { }; address = ["2a03:4000:52:ada:4:1::/96"]; routes = [ - { routeConfig = { - Destination = "2a03:4000:52:ada:4::/80"; - }; + { Destination = "2a03:4000:52:ada:4::/80"; } - { routeConfig = { - Gateway = "2a03:4000:52:ada:4::"; - GatewayOnLink = true; - Table = "bifrost"; - }; + { Gateway = "2a03:4000:52:ada:4::"; + GatewayOnLink = true; + Table = "bifrost"; } - { routeConfig = { - Destination = "2a03:4000:52:ada:4::/80"; - GatewayOnLink = true; - Table = "bifrost"; - }; + { Destination = "2a03:4000:52:ada:4::/80"; + GatewayOnLink = true; + Table = "bifrost"; } - { routeConfig = { - Destination = "2a03:4000:52:ada:4:1::/96"; - GatewayOnLink = true; - Table = "bifrost"; - }; + { Destination = "2a03:4000:52:ada:4:1::/96"; + GatewayOnLink = true; + Table = "bifrost"; } ]; routingPolicyRules = [ - { routingPolicyRuleConfig = { - Table = "bifrost"; - From = "2a03:4000:52:ada:4:1::/96"; - Priority = 1; - }; + { Table = "bifrost"; + From = "2a03:4000:52:ada:4:1::/96"; + Priority = 1; } ]; linkConfig = { diff --git a/hosts/vidhar/network/default.nix b/hosts/vidhar/network/default.nix index e961c17e..4a792851 100644 --- a/hosts/vidhar/network/default.nix +++ b/hosts/vidhar/network/default.nix @@ -89,22 +89,21 @@ with lib; }; }; - services.nfs.server = { - enable = true; - createMountPoints = true; - - statdPort = 4000; - lockdPort = 4001; - mountdPort = 4002; - - extraNfsdConfig = '' - vers3=off - ''; - - exports = '' - /srv/nfs 10.141.0.0/24(ro,async,root_squash,fsid=0) 2a03:4000:52:ada:1::/80(ro,async,root_squash,fsid=0) - /srv/nfs/nix-store 10.141.0.0/24(ro,async,root_squash) 2a03:4000:52:ada:1::/80(ro,async,root_squash) - ''; + services.nfs = { + server = { + enable = true; + createMountPoints = true; + + statdPort = 4000; + lockdPort = 4001; + mountdPort = 4002; + + exports = '' + /srv/nfs 10.141.0.0/24(ro,async,root_squash,fsid=0) 2a03:4000:52:ada:1::/80(ro,async,root_squash,fsid=0) + /srv/nfs/nix-store 10.141.0.0/24(ro,async,root_squash) 2a03:4000:52:ada:1::/80(ro,async,root_squash) + ''; + }; + settings.nfsd.vers3 = false; }; fileSystems = { -- cgit v1.2.3