2020-04-26 15:37:26 +00:00
|
|
|
|
# Edit this configuration file to define what should be installed on
|
|
|
|
|
# your system. Help is available in the configuration.nix(5) man page
|
|
|
|
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
|
|
|
|
|
2020-04-27 18:50:29 +00:00
|
|
|
|
{ pkgs, ... }:
|
2020-04-26 15:37:26 +00:00
|
|
|
|
|
2020-04-28 18:12:30 +00:00
|
|
|
|
let vars = import ./lib/vars.nix;
|
2020-04-28 13:22:01 +00:00
|
|
|
|
|
|
|
|
|
in {
|
2020-04-26 15:37:26 +00:00
|
|
|
|
imports = [
|
|
|
|
|
# Hardware configuration.
|
|
|
|
|
./hardware-configuration.nix
|
2020-04-26 15:42:29 +00:00
|
|
|
|
|
|
|
|
|
# Base system configuration.
|
2020-04-26 15:59:10 +00:00
|
|
|
|
./lib/nix.nix
|
2020-04-26 15:50:56 +00:00
|
|
|
|
./lib/system.nix
|
2020-04-26 15:42:29 +00:00
|
|
|
|
./lib/users.nix
|
2020-04-26 18:42:41 +00:00
|
|
|
|
./lib/node_exporter.nix
|
2020-04-26 20:01:05 +00:00
|
|
|
|
|
|
|
|
|
# Service configuration.
|
|
|
|
|
./prometheus.nix
|
2020-04-26 15:37:26 +00:00
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
networking = {
|
|
|
|
|
# Host name and ID.
|
|
|
|
|
hostName = "servnerr-3";
|
|
|
|
|
hostId = "efdd2a1b";
|
|
|
|
|
|
|
|
|
|
# No local firewall.
|
|
|
|
|
firewall.enable = false;
|
|
|
|
|
|
|
|
|
|
# Set up a bridge interface for VMs which is tagged into a lab VLAN.
|
|
|
|
|
bridges.br0.interfaces = [ "enp6s0" ];
|
|
|
|
|
|
|
|
|
|
# Use DHCP for all interfaces, but force the deprecated global setting off.
|
|
|
|
|
useDHCP = false;
|
|
|
|
|
interfaces = {
|
|
|
|
|
enp5s0.useDHCP = true;
|
|
|
|
|
br0.useDHCP = false;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
boot = {
|
|
|
|
|
# Use the systemd-boot EFI boot loader.
|
|
|
|
|
loader = {
|
|
|
|
|
systemd-boot.enable = true;
|
|
|
|
|
efi.canTouchEfiVariables = true;
|
|
|
|
|
};
|
|
|
|
|
|
2020-04-26 17:52:05 +00:00
|
|
|
|
# Enable ZFS.
|
2020-04-26 15:37:26 +00:00
|
|
|
|
supportedFilesystems = [ "zfs" ];
|
2020-04-26 17:52:05 +00:00
|
|
|
|
|
2020-05-18 01:06:22 +00:00
|
|
|
|
# Latest Linux kernel for better hwmon support.
|
|
|
|
|
kernelPackages = pkgs.linuxPackages_latest;
|
|
|
|
|
kernelModules = [ "drivetemp" ];
|
|
|
|
|
|
2020-04-26 17:52:05 +00:00
|
|
|
|
kernelParams = [
|
|
|
|
|
# Enable serial console.
|
|
|
|
|
"console=ttyS0,115200n8"
|
|
|
|
|
# 24GiB ZFS ARC.
|
|
|
|
|
"zfs.zfs_arc_max=25769803776"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Start getty over serial console.
|
|
|
|
|
systemd.services."serial-getty@ttyS0" = {
|
|
|
|
|
enable = true;
|
2020-04-26 18:14:17 +00:00
|
|
|
|
# Make sure agetty spawns at boot and always restarts whenever it
|
|
|
|
|
# exits due to user logout.
|
2020-04-26 17:52:05 +00:00
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
2020-04-26 18:37:39 +00:00
|
|
|
|
serviceConfig = { Restart = "always"; };
|
2020-04-26 15:37:26 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Allow the use of Plex.
|
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
|
|
2020-05-09 01:44:10 +00:00
|
|
|
|
# Scale down CPU frequency when load is low.
|
|
|
|
|
powerManagement.cpuFreqGovernor = "ondemand";
|
|
|
|
|
|
2020-04-26 15:55:40 +00:00
|
|
|
|
# Packages specific to this machine. The base package set is defined in
|
|
|
|
|
# lib/system.nix.
|
|
|
|
|
environment.systemPackages = with pkgs; [ zfs ];
|
2020-04-26 15:37:26 +00:00
|
|
|
|
|
|
|
|
|
services = {
|
2020-04-27 17:23:49 +00:00
|
|
|
|
apcupsd.enable = true;
|
|
|
|
|
|
2020-04-26 15:37:26 +00:00
|
|
|
|
grafana = {
|
|
|
|
|
enable = true;
|
|
|
|
|
# Bind to all interfaces.
|
|
|
|
|
addr = "";
|
|
|
|
|
};
|
|
|
|
|
|
2020-04-26 20:50:58 +00:00
|
|
|
|
# Export ZFS pool via NFS to trusted LAN.
|
|
|
|
|
nfs.server = {
|
|
|
|
|
enable = true;
|
2020-04-28 13:22:01 +00:00
|
|
|
|
exports = with vars.interfaces.lan0; ''
|
2020-04-30 20:01:11 +00:00
|
|
|
|
/primary 192.168.1.0/24(rw,sync,no_subtree_check,crossmnt) fd9e:1a04:f01d::/64(rw,sync,no_subtree_check,crossmnt)
|
2020-04-26 20:50:58 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2020-04-26 15:37:26 +00:00
|
|
|
|
# Enable the OpenSSH daemon.
|
|
|
|
|
openssh = {
|
|
|
|
|
enable = true;
|
|
|
|
|
passwordAuthentication = false;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
plex.enable = true;
|
2020-04-27 17:28:32 +00:00
|
|
|
|
|
|
|
|
|
zfs.autoScrub.enable = true;
|
2020-04-26 15:37:26 +00:00
|
|
|
|
};
|
|
|
|
|
|
2020-04-26 20:45:55 +00:00
|
|
|
|
virtualisation.libvirtd.enable = true;
|
|
|
|
|
|
2020-04-26 15:42:29 +00:00
|
|
|
|
# root SSH key for remote builds.
|
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = [
|
2020-04-28 02:11:28 +00:00
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP3+HUx05h15g95ID/lWbU5uvF6TLr2XESmthQjU7qvR NixOS distributed build"
|
2020-04-26 15:42:29 +00:00
|
|
|
|
];
|
2020-04-26 15:37:26 +00:00
|
|
|
|
}
|