genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-03-27 09:27:44 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add nixnas1 to flake

Browse source
This commit is contained in:
Gene Liverman 2024-11-26 21:34:36 -05:00 committed by Gene Liverman
parent 571a5f0203
commit e0fe58c2c7
8 changed files with 403 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

126
modules/hosts/nixos/nixnas1/default.nix Normal file
View file

@ -0,0 +1,126 @@
{ pkgs, username, ... }: {
imports = [
./disk-config.nix
./hardware-configuration.nix
../../../system/common/linux/restic.nix
];
system.stateVersion = "24.05";
# Use the GRUB 2 boot loader.
boot = {
loader.grub = {
enable = true;
zfsSupport = true;
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
mirroredBoots = [
{
devices = ["/dev/disk/by-uuid/02A5-6FCC"];
path = "/boot";
}
{
devices = ["/dev/disk/by-uuid/02F1-B12D"];
path = "/boot-fallback";
}
];
};
supportedFilesystems = ["zfs"];
zfs = {
extraPools = [ "storage" ];
forceImportRoot = false;
};
};
environment.systemPackages = with pkgs; [
net-snmp
];
networking = {
# Open ports in the firewall.
firewall.allowedTCPPorts = [
22 # ssh
];
hostId = "da074317"; # head -c4 /dev/urandom | od -A none -t x4
hostName = "nixnas1";
networkmanager.enable = false;
useNetworkd = true;
};
programs.mtr.enable = true;
services = {
fwupd.enable = true;
lldpd.enable = true;
resolved.enable = true;
restic.backups.daily.paths = [
# "/storage/foo"
];
zfs.autoScrub.enable = true;
};
sops = {
age.keyFile = /home/${username}/.config/sops/age/keys.txt;
defaultSopsFile = ./secrets.yaml;
secrets = {
local_git_config = {
owner = "${username}";
path = "/home/${username}/.gitconfig-local";
};
local_private_env = {
owner = "${username}";
path = "/home/${username}/.private-env";
};
};
};
sound.enable = false;
systemd.network = {
enable = true;
netdevs = {
"10-bond0" = {
netdevConfig = {
Kind = "bond";
Name = "bond0";
};
bondConfig = {
Mode = "802.3ad";
TransmitHashPolicy = "layer2+3";
};
};
};
networks = {
"30-eno1" = {
matchConfig.Name = "eno1";
networkConfig.Bond = "bond0";
};
"30-enp3s0" = {
matchConfig.Name = "enp3s0";
networkConfig.Bond = "bond0";
};
"40-bond0" = {
matchConfig.Name = "bond0";
linkConfig = {
RequiredForOnline = "carrier";
};
networkConfig = {
DHCP = "yes";
# accept Router Advertisements for Stateless IPv6 Autoconfiguraton (SLAAC)
IPv6AcceptRA = true;
};
};
};
};
users.users.${username} = {
isNormalUser = true;
description = "Gene Liverman";
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIp42X5DZ713+bgbOO+GXROufUFdxWo7NjJbGQ285x3N gene.liverman@ltnglobal.com"
];
};
}

127
modules/hosts/nixos/nixnas1/disk-config.nix Normal file
View file

@ -0,0 +1,127 @@
{ lib, ... }:
{
disko.devices = {
disk = {
sdc = {
device = "/dev/disk/by-id/ata-SATA_SSD_H2101081000455";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "BOOT";
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
}; # end sdc
sdd = {
device = "/dev/disk/by-id/ata-SATA_SSD_D2109088000361";
type = "disk";
content = {
type = "gpt";
partitions = {
boot-fallback = {
name = "BOOT-FALLBACK";
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot-fallback";
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
}; # end sdd
sda = {
device = "/dev/disk/by-id/ata-TEAM_T2532TB_TPBF2401240030200343";
type = "disk";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zstorage";
};
};
};
};
}; # end sda
sdb = {
device = "/dev/disk/by-id/ata-TEAM_T2532TB_TPBF2401240030201870";
type = "disk";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zstorage";
};
};
};
};
}; # end sdb
};
zpool = {
zroot = {
type = "zpool";
mode = "mirror";
# mountpoint = "none";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank";
options = {
ashift = "12";
autotrim = "on";
compatibility = "grub2";
};
rootFsOptions = {
mountpoint = "none";
atime = "off";
acltype = "posixacl";
xattr = "sa";
};
datasets = {
"root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
};
"root/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
};
"root/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
};
};
}; # end zroot
};
};
}

57
modules/hosts/nixos/nixnas1/hardware-configuration.nix Normal file
View file

@ -0,0 +1,57 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ "nvme" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "zroot/root";
fsType = "zfs";
};
fileSystems."/nix" =
{ device = "zroot/root/nix";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "zroot/root/home";
fsType = "zfs";
};
fileSystems."/boot" =
# { device = "/dev/disk/by-uuid/02A5-6FCC";
{ device = "/dev/disk/by-partlabel/disk-sdc-BOOT";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/boot-fallback" =
# { device = "/dev/disk/by-uuid/02F1-B12D";
{ device = "/dev/disk/by-partlabel/disk-sdd-BOOT-FALLBACK";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

22
modules/hosts/nixos/nixnas1/secrets.yaml Normal file
View file

@ -0,0 +1,22 @@
local_git_config: ENC[AES256_GCM,data:ToPd/elv3VOuiSQtF/lBvpOwebQLTk986uc/jyYaKx8fepw9VaPPU5E=,iv:clW+JU4HtPo/Kwa95DxLSm71EL+TnBlvmLxUR6GOTEY=,tag:I7cnY580Tb5osur7pfSKTA==,type:str]
local_private_env: ENC[AES256_GCM,data:xeZv93xCk98UjvAUfjB1eEI9DL9Talpj00oB6zxOYSGnICprIDAzXdV86I5h6H+NgM/q20AsZ8ijpomQiFff,iv:iuhI0sKi0x3Ckw4bNxJAL4T6UzzdkJEMo6VMXl/X3sc=,tag:fHIDWL4Mmn42e2FUoaO/oQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1g4h5a4f5xfle2a6np8te342pphs3mcuan60emz2zp87nrwjzl5yquhr5vl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDbTNUaUJDWHliYVJoTStU
ZjFlRjExYitrN3BDMWZWUnpTb204aUNRUWxVClZIWlJQeUlrdFhOYXRaQzRFUmNT
aTYyKzlZR1JFVkUwQkQyVGV0Mys2NjAKLS0tIEhBNWk5NDFoRnJUVUpnMDl2RlRS
bnA3M3dVdWNEVVFVYVF6R2xvQ2s4WTgKl8KsbY8lLraUZmZFlbKS50I+hemSa3lI
irdGQWBGL5aaeKFT9bOta9z+1YdMAsXxvAWOM/PZ2hwXTd6CCUpKtg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-27T06:15:28Z"
mac: ENC[AES256_GCM,data:d3pkBfhvNpbxKla3Ki0Bcv2KMu0/S818d75e2uwgVXsVMJdiPNIjF1NyleB+6i4LAFnVvYdkVXdIzctWITQrQv/Bq0sQzlZx/EuioYzD9Z7c2SCrf2PWPnorm+1uc23rN8pc9uxCrOqf8P94qxJRieiLOoCQMJDQrAk/bn5NglU=,iv:C6b7z6tg295Peoh1rj+uG4t62AOxJjMf/SQN0DJDdeY=,tag:LneADYRHFVHSqN7PmiE/5w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1